W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2001

Dey Derivation Functions for DH key agreement

From: Yongge Wang <ywang@certicom.com>
Date: Tue, 31 Jul 2001 10:45:24 -0400
To: xml-encryption@w3.org
cc: "Simon Blake-Wilson" <sblakewilson@certicom.com>
Message-ID: <85256A9A.00510388.00@smtpmail.certicom.com>
I might missed some discussions on this issue. The following comments
are for the "WG Working Draft 26 June 2001".

In Section 5.5: Key Agreement, there are two functions:

Keying Material = KM(1) | KM(2) | ...
KM(counter)=DigestAlg(EncryptionAlg | ZZ | counter | Nonce | KeySize)

In ANSI X9.42, ANSI X9.63, and IETF S/MIME, the first function  "Keying Material
= KM(1) | KM(2) | ..."
is the same. However, the second function "KM(counter)" is a little different
from the ANSI and IETF
one: KM(counter) = H(ZZ||counter||SharedInfo)
This difference is enough to produce incompatibility with ANSI/IETF standards
and currently available
API packages.

Is it possible to change the order of the input to KM so that it will look like:

KM(counter) = DigestAlg( ZZ | counter | EncryptionAlg | Nonce | KeySize)

Then one can encapsulate "EncryptionAlg | Nonce | KeySize" as the SharedInfo and
pass it
to the API package.

Received on Tuesday, 31 July 2001 10:45:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:00 UTC