- From: <Axel.Nennker@telekom.de>
- Date: Mon, 29 Oct 2012 14:03:08 +0100
- To: <Michael.Jones@microsoft.com>, <jose@ietf.org>
- CC: <public-webcrypto@w3.org>
- Message-ID: <CE8995AB5D178F44A2154F5C9A97CAF40252198DCF55@HE111541.emea1.cds.t-internal.com>
As one can see from this table the KDF is unsupported on all platforms (except one).
http://self-issued.info/presentations/Platform_Support_for_JWA-04_Crypto_Algorithms.xlsx
JWE
kdf
CS256
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
JWE
kdf
CS384
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
JWE
kdf
CS512
Concat Key Derivation Function (KDF)
NO
Win7
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
NO
Isn't this an indication that we should look at alternatives?
e.g.: we could generate the integrity protection key randomly instead of deriving it from the content encryption key.
This would add some more bytes (e.g. about 32) to the jwt but is very easy to implement on all platforms.
One way to do it would be to generate enough bytes "Bytes" in "JWE Encrypted Key" for encryption and integrity.
The CEK is then "Bytes[0 .. cekLength-1]" and the CIK "Bytes[cekLength .. cekLength+cikLength-1]"
Axel
[On some platforms (Firefox/NSS) it might even be nearly impossible to implement (without extending the platform's functions) because the build-in digest function is always reset when finalize (doFinal) is called. The spec of the Concat-KDF says that bytes are generated in a loop but the digest is NOT reset in the loop.]
From: jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] On Behalf Of Mike Jones
Sent: Monday, October 29, 2012 7:28 AM
To: jose@ietf.org
Subject: [jose] Platform Support for JWA Crypto Algorithms
FYI, I posted the table describing support for the JWA algorithms in common Web development platforms that we discussed at IETF 84. See http://self-issued.info/?p=884.
-- Mike
Received on Monday, 29 October 2012 13:03:45 UTC