Re: baseKey argument to createKeyDeriver from Ryan Sleevi on 2012-10-29 (public-webcrypto@w3.org from October 2012)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 29 Oct 2012 03:28:16 -0700
To: Mark Watson <watsonm@netflix.com>
Cc: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-ID: <CACvaWvbQHqCDOJa-gKkcPtcKpKMhqy3OH_v6=4fzpnP7ggkMvA@mail.gmail.com>

On Thu, Oct 25, 2012 at 12:20 PM, Mark Watson <watsonm@netflix.com> wrote:
> We've been having a few discussions about this here at the office.
>
> Why is baseKey singled out amongst the various inputs to a key derivation
> operation to be specified as a function parameter, vs being specified in the
> algorithm parameters. It seems in all examples something more than the
> baseKey is needed:
>
> ECDH needs the curve and peer's public value (as well as the private key
> from the first phase) (The curve is missing right now).

The curve is an intrinsic attribute of the user's private key
(according to the generate params), ergo it can carry over to any
further operations that use that private key.

See http://www.w3.org/2012/webcrypto/WebCryptoAPI/#dfn-EcKeyGenParams

>
> Diffie-Hellman needs the prime, generator, and peer's public value (as well
> as the private key from the first phase) (The prime and generator are
> missing right now).

Same with ECC, the users' private key has the prime and generator
associated with it - they were inputs to generate the key.

See http://www.w3.org/2012/webcrypto/WebCryptoAPI/#dfn-DhKeyGenParams

>
> PBKDF2 needs salt, iterations, prf and password (currently all of these are
> specified in the AlgorithmParameters, so there is nothing to go in the
> baseKey, but baseKey is not an optional parameter.)

This is broadly ISSUE-36 striking again. Is PBKDF2 a derivation
operation (using an opaque byte string 'password' as the key to derive
from), or is it a generation operation (where, instead of an RNG, it
uses a user-agent supplied UI element and/or application-supplied
password to generate)

>
> Concat would need iterations and possibly other things.
>
> Even if we separate the inputs into algorithm and operation parameters (as
> per ISSUE-12 [1]), the operation parameters are not necessarily just a Key
> object.
>
> What was the intention ?
>
> …Mark
>
> [1] http://www.w3.org/2012/webcrypto/track/issues/12
>
>
>
>

Received on Monday, 29 October 2012 10:28:43 UTC