ECDSA. Was: Using CONCAT and ECDH

On 2014-10-09 23:16, Richard Barnes wrote:
> You could, according to the spec, but AFAIK, there's no current support for Concat in implementations.  Thus my suggestion to polyfill for now.

I couldn't find any support for ECDSA either so I guess I have to wait now...

Anyway, I like the API very much but the spec. is (IMO) not suitable for application developers.
But it is quite possible that I'm simply too dumb to get it :-)

Thanx,
Anders

>
> --Richard
>
> On Wed, Oct 8, 2014 at 11:13 AM, Mark Watson <watsonm@netflix.com <mailto:watsonm@netflix.com>> wrote:
>
>     Surely you should change this:
>
>     crypto.subtle.deriveKey(__derive_alg, key_pair.privateKey, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key)
>
>     to this:
>
>     crypto.subtle.deriveKey(__derive_alg, key_pair.privateKey, {name: 'CONCAT'}, false, ['deriveKey']).then (function(concat_key)
>
>     var concat_params = { name: 'CONCAT', hash: 'SHA-1', algorithmId: ..., partyUInfo: ..., partyVInfo: ... };
>     crypto.subtle.deriveKey(concat_params, concat_key, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key)
>
>     ?
>
>     ...Mark
>
>     On Wed, Oct 8, 2014 at 7:45 AM, Richard Barnes <rlb@ipv.sx <mailto:rlb@ipv.sx>> wrote:
>
>         On Wed, Oct 8, 2014 at 10:36 AM, Ryan Sleevi <sleevi@google.com <mailto:sleevi@google.com>> wrote:
>
>
>             On Oct 8, 2014 10:22 AM, "Anders Rundgren" <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>              >
>              > Dear List;
>              > I'm not particularly up-to-speed on the WebCrypto API but I at least got this working fairly quickly:
>              >
>              > // Generate ephemeral ECDH key-pair
>              > var gen_alg = {name: 'ECDH', namedCurve: selected_card.bank_encryption_key.crv};
>              > crypto.subtle.generateKey(gen_alg, false, ['deriveKey']).then (function(key_pair) {
>              >
>              > // Import static ECDH key
>              > crypto.subtle.importKey('jwk', selected_card.bank_encryption_key, {name: 'ECDH'}, false, ['deriveKey']).then (function(public_key) {
>              >
>              > // Derive key using ECDH
>              > var derive_alg = {name: 'ECDH', public: public_key};
>              > crypto.subtle.deriveKey(derive_alg, key_pair.privateKey, {name: 'AES-CBC', length: 256}, false, ['encrypt']).then (function(aes_key) {
>              >
>              > // Encrypt using derived key
>              > var encryption_algorithm = { name: 'AES-CBC',  iv: window.crypto.getRandomValues(new Uint8Array(16))};
>              > crypto.subtle.encrypt(encryption_algorithm, aes_key, signed_auth_data).then (function(encrypted_auth_data) {
>              >
>              > Naturally I wanted to use a KDF as well but then it got a bit less obvious how to do.
>              > There is no support for deriveKey and CONCAT?
>              >
>              > So the proper solution is to deriveBits() and then import() the raw secret for usage with symmetric encryption algorithms?
>              >
>              > Pardon me if I'm totally off, WebCrypto is quite different to JCA/JCE which is my primary tool...
>              >
>              > Cheers
>              > Anders
>              >
>              >
>
>             "Derive bits" is the description of the internal algorithm used to support both the deriveKey and deriveBits API surface.
>
>             So you can use deriveKey
>
>         However, Anders is correct that there's no support for Concat right now (AFAIK).  You should be able to polyfill with digest, though, if you really need it.  You'll just have to export the secret from ECDH (or just use deriveBits).
>
>         --Richard
>
>
>

Received on Friday, 10 October 2014 03:05:07 UTC