Using CONCAT and ECDH from Anders Rundgren on 2014-10-08 (public-webcrypto-comments@w3.org from October 2014)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Wed, 08 Oct 2014 16:20:57 +0200
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <54354849.2090701@gmail.com>

Dear List;
I'm not particularly up-to-speed on the WebCrypto API but I at least got this working fairly quickly:

// Generate ephemeral ECDH key-pair
var gen_alg = {name: 'ECDH', namedCurve: selected_card.bank_encryption_key.crv};
crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then (function(key_pair) {

// Import static ECDH key
crypto.subtle.importKey('jwk', selected_card.bank_encryption_key, {name: 'ECDH'}, false, ['deriveKey']).then (function(public_key) {

// Derive key using ECDH
var derive_alg = {name: 'ECDH', public: public_key};
crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {

// Encrypt using derived key
var encryption_algorithm = { name: 'AES-CBC',  iv: window.crypto.getRandomValues(new Uint8Array(16))};
crypto.subtle.encrypt(encryption_algorithm, aes_key, signed_auth_data).then (function(encrypted_auth_data) {

Naturally I wanted to use a KDF as well but then it got a bit less obvious how to do.
There is no support for deriveKey and CONCAT?

So the proper solution is to deriveBits() and then import() the raw secret for usage with symmetric encryption algorithms?

Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE which is my primary tool...

Cheers
Anders

Received on Wednesday, 8 October 2014 14:21:31 UTC