Re: Separate method for key agreement?

On Tue, Apr 2, 2013 at 1:57 AM, Vijay Bharadwaj <
Vijay.Bharadwaj@microsoft.com> wrote:

> Windows CAPI is unique in its handling of DH. It is not a great example to
> emulate.
>
> CNG is a better example. As I understand it, the proposal below combines
> the secret agreement and key derivation steps (which are distinct in CNG)
> into a single step. This seems like a good idea - CNG has to use a secret
> handle to allow the caller to link these two steps without exposing the raw
> secret, but this would be harder to do neatly in JS. Am I understanding the
> proposal correctly?
>

Vijay,

I'm not sure why you say this would be harder to do neatly in JS? The
current proposal uses a secret handle to link the two steps as well.

However, it also extends to agreement schemes that support > 2 steps.


>
> -----Original Message-----
> From: Wan-Teh Chang [mailto:wtc@google.com]
> Sent: Monday, April 1, 2013 5:45 PM
> To: Ryan Sleevi
> Cc: Richard Barnes; public-webcrypto@w3.org Group
> Subject: Re: Separate method for key agreement?
>
> On Mon, Apr 1, 2013 at 12:25 PM, Ryan Sleevi <sleevi@google.com> wrote:
> >
> > I'm not sure I'd agree here. Do you also see separate functions for
> > ECDH agreement?
>
> No.  The function that Richard proposed can handle both DH and ECDH:
>
> """
> KeyOperation agreeKey(Key privateKey,
>                       Key publicKey,
>                       AlgorithmIdentifier? derivedKeyType,
>                       bool extractable = false,
>                       KeyUsage[] keyUsages = []); """
>
> Richard's proposal is consistent with Windows CNG:
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa833130(v=vs.85).aspx
>
> Note: Windows CAPI does Diffie-Hellman in a non-obvious manner (using
> CryptImportKey), so Widows CAPI is not worth being consistent with:
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa381969(v=vs.85).aspx
>
> Wan-Teh
>
>