W3C home > Mailing lists > Public > public-xmlsec@w3.org > September 2011

RE: How does one specify the Salt/Nonce for ConcatKDF key derivation in XML encryption 1.1

From: Magnus Nystrom <mnystrom@microsoft.com>
Date: Wed, 28 Sep 2011 03:43:50 +0000
To: "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
Message-ID: <D744D68428430B4F9C81DE8A4D59506812177509@TK5EX14MBXW603.wingroup.windeploy.ntdev.microsoft.com>
Hi Pratik,
In the case of static-static D-H, the nonce shall be part of the PartyUInfo element (see NIST 800-56A: "NonceU shall be in the PartyUInfo subfield of OtherInfo"). As we state in the document that these attributes are defined in 800-56A, I don't think there's a need to make an update here.

Best,
-- Magnus

> > Resent-From: <public-xmlsec@w3.org>
> > From: ext Pratik Datta <pratik.datta@oracle.com>
> > Date: September 19, 2011 4:18:01 PM EDT
> > To: <public-xmlsec@w3.org>
> > Subject: How does one specify the Salt/Nonce for ConcatKDF key
> > derivation in XML encryption 1.1
> >
> > I noticed that the Legacy key derivation function has a <KA-Nonce> element,
> PBKDF2  has a <Salt> element, but there is nothing equivalent of this for
> ConcatKDF.
> > Is the salt supposed to be part of PartyUInfo , PartyVInfo ?
> >
> >
> > The SP800-56A  says this:
> > ------
> > 3.2 PartyUInfo: A bit string containing public information that is
> > required by the application using this KDF to be contributed by party
> > U to the key derivation process. At a minimum, PartyUInfo shall
> > include IDU, the identifier of party U. See the notes below.
> >
> > 3.3 PartyVInfo: A bit string containing public information that is
> > required by the application using this KDF to be contributed by party
> > V to the key derivation process. At a minimum, PartyVInfo shall
> > include IDV, the identifier of party V. See the notes below.
> > -----
> >
> > I am not very clear from this text whether PartyUInfo is supposed include
> some random value.
> >
> > Without the salt, the derived key will turn out to be same every time.
> >
> >
> > Pratik
> >
> 
Received on Wednesday, 28 September 2011 03:44:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 28 September 2011 03:44:20 GMT