proposal for AES-128/192/256-pad Symmetric Key Wrap in XML Encryption 1.1 from Frederick.Hirsch@nokia.com on 2012-08-27 (public-xmlsec@w3.org from August 2012)

From: <Frederick.Hirsch@nokia.com>
Date: Mon, 27 Aug 2012 18:04:04 +0000
To: <public-xmlsec@w3.org>
CC: <Frederick.Hirsch@nokia.com>
Message-ID: <DCD7E0DE-15D0-4646-9C5D-1C103A3968A5@nokia.com>

It looks like we will not achieve interop for  "AES KeyWrap with Padding" in the XML Encryption 1.1 specification [1]

Proposal:

(1) Create a new XML Encryption 1.1 Appendix A and move the references section to be Appendix B. Add the following for Appendix A:

Appendix A: AES KeyWrap with Padding

This section is informative.

This informative section outlines the definition of AES KeyWrap with padding and reserves identifiers for the associated algorithms.
This material was not tested for interoperability and there are no requirements for its implementation.

(2) Move contents of section 5.7.3 AE KeyWrap with padding  to Appendix A (without the section heading, remove the "(Optional)" following each identifier):

5.7.3 AES KeyWrap with Padding

Identifiers and Requirements:
http://www.w3.org/2009/xmlenc11#kw-aes-128-pad (optional)
http://www.w3.org/2009/xmlenc11#kw-aes-192-pad (optional)
http://www.w3.org/2009/xmlenc11#kw-aes-256-pad (optional)

These identifiers are used for symmetric key wrapping using the AES key wrap with padding algorithm with a 128, 192, and 256 bit AES key encrypting key, respectively. Implementation of AES key wrap with padding is defined in [AES-WRAP-PAD<http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#bib-AES-WRAP-PAD>]. The algorithm is defined for inputs between 9 and 2^32 octets. Unlike the unpadded AES Key Wrap algorithm, the input length is not constrained to multiples of 64 bits (8 octets).

Note that the wrapped key will be distinct from the one generated by the unpadded AES Key Wrap algorithm, even if the input length is a multiple of 64 bits.

(3) Remove the following from the "Symmetric Key Wrap" section of the 5.1.1 table of algorithms [2]


  *   optional AES-128-pad KeyWrap
http://www.w3.org/2009/xmlenc11#kw-aes-128-pad
  *   optional AES-192-pad KeyWrap
http://www.w3.org/2009/xmlenc11#kw-aes-192-pad
  *   optional AES-256-pad KeyWrap
http://www.w3.org/2009/xmlenc11#kw-aes-256-pad

(4) Change section 9.2 (AES Key Wrap) section of XML Security Algorithm Cross Reference [3] to reference Appendix A for AES Key Wrap 128|192|256 and add note that the definition of these algorithms is informational in XML Encryption 1.1.

Please indicate on the list if these changes are acceptable or if you have suggestions or comment.

regards, Frederick

Frederick Hirsch
Nokia

[1] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#sec-kw-aes-with-pad

[2] http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core-11/Overview.src.html#sec-Table-of-Algorithms

[3] http://www.w3.org/2008/xmlsec/Drafts/xmlsec-algorithms/Overview.src.html#aeskeywrap

Received on Monday, 27 August 2012 18:04:35 UTC