W3C home > Mailing lists > Public > public-xmlsec@w3.org > July 2009

Re: Definition of KDF3

From: Magnus Nyström <magnus@rsa.com>
Date: Mon, 13 Jul 2009 15:50:05 +0200 (W. Europe Daylight Time)
To: Kelvin Yiu <kelviny@exchange.microsoft.com>
cc: XMLSec WG Public List <public-xmlsec@w3.org>
Message-ID: <Pine.WNT.4.64.0907131547200.1896@W-JNISBETTEST-1.tablus.com>
Hi Kelvin,

Do you have access to X9.44-2007? KDF2 and KDF3 are in there too. Note 
also the text in X9.44:

> KDF2 and KDF3 are key derivation functions based on a hash function (see 
> Section 8.5). The lengths of the shared secret value and the other 
> information in KDF2 are both variable.
> NOTE: KDF2 is equivalent to the function of the same name defined in 
> IEEE Std 1363-2004 [50], the "key derivation function based on 
> concatenation" in ANS X9.42 [4] and the key derivation function in ANS 
> X9.63 [8]. KDF3 is aligned with the requirements in clause 5.8 of NIST 
> Special Publication 800-56 [78]. The only difference between KDF2 and 
> KDF3 is the order of the components to be hashed.  KDF2 calculates T as: 
> T || Hash (Z || D || otherInfo) while KDF3 calculates T as : T || Hash 
> (D || Z || otherInfo).

-- Magnus

On Mon, 6 Jul 2009, Kelvin Yiu wrote:

> Magnus,
> Brian and I found a description for KDF3 (on a site that reference 
> ISO-18033-2) where the definition is different than the KDF specified in 
> SP800-56A. The site does have a link to a near final draft of ISO 
> 18033-2, but that draft does not include any mention of KDF3.
> Since I don't have access to the final version ISO-18033-2 and cannot 
> find an official definition for KDF3, can you provide the official 
> definition for KDF3? I just wanted to make sure we are not confusing 
> implementers by using the name KDF3 in XMLEnc.
Received on Monday, 13 July 2009 13:50:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:55:11 UTC