W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

Action-8 - Base set of mandatory algorithms

From: David Rogers <david.rogers@copperhorses.com>
Date: Mon, 16 Jul 2012 20:09:35 +0100
To: <public-webcrypto@w3.org>
Cc: <S.Durbha@cablelabs.com>
Message-ID: <000001cd6386$8a566e20$9f034a60$@copperhorses.com>
Hi all,


Please find below a proposal for the base set of mandatory algorithms on
behalf of Seetharama and myself. Our aim has been to baseline but also to at
least give us a 'fresh start'. We didn't think putting loads of legacy in
for the sake of it is going to be either good for the web or good for
security. That said, we've tried to be reasonably pragmatic in the list.
We've also tried to think about small device uses such as mobile. For
example, we have not included SHA-384 because the computational cost is
about the same as SHA-512 so it isn't worth putting it in as a base (for
example for mobile apps). As a reference, this is also mentioned in


"2.1.3.  SHA-384





   The SHA-384 algorithm [FIPS-180-2] takes no explicit parameters.  An

   example of a SHA-384 DigestAlgorithm element is:



      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />


   A SHA-384 digest is a 384 bit string.  The content of the DigestValue

   element shall be the base64 [RFC2405] encoding of this string viewed

   as a 48-octet stream.  Because it takes roughly the same amount of

   effort to compute a SHA-384 message digest as a SHA-512 digest and

   terseness is usually not a criteria in XML application, consideration

   should be given to the use of SHA-512 as an alternative.



Anyway, this is a start and I hope we can agree this list as a starting



Encryption Algorithms:




Encryption Modes:





Hash Functions:





HMAC with SHA-256

HMAC with SHA-512


Key Agreement

Diffie-Hellman (1024/1536/2048 bit keys)


Key Transport

AES-128 key wrap

AES-256 key wrap

RSAES (1024/1536/2048 bit keys)


Signature Schemes

DSA (1024/1536/2048 keys)

RSASSA (1024/1536/2048 bit keys) with SHA-256

RSASSA (1024/1536/2048 bit keys) with SHA-512


Key Derivation Functions

Concat KDF with SHA-256

Concat KDF with SHA-512









David Rogers


Copper Horse Solutions Limited


Web: http://www.copperhorsesolutions.com

Blog: http://blog.mobilephonesecurity.org

Twitter: http://twitter.com/drogersuk (@drogersuk)


Received on Monday, 16 July 2012 19:17:55 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC