Key wrapping and padding from Mark Watson on 2013-12-19 (public-webcrypto@w3.org from December 2013)

From: Mark Watson <watsonm@netflix.com>
Date: Thu, 19 Dec 2013 08:57:12 -0800
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdA6C-y3LGTfBripXyp6=58=MtSS59MnHYRCk53J6V0C1g@mail.gmail.com>

All,

We have defined our "wrap" operation to be the concatenation of export and
encrypt. However, we have both:
- export formats that are arbitrary length (e.g. JWK, SPKI)
- encryption methods which accept only specific lengths (e.g. AES Key Wrap
which is RFC3394)

So we have a problem. I can see 3 solutions:

(a) disallow wrapping for these combinations of key format and encryption
algorithm (unwrap can still be supported - it's just the wrappers
responsibility to ensure the payload is an appropriate length)
(b) specify padding schemes on the key format side - i.e. specify how to
construct a JWK which is always a multiple of 8 bytes for AES-KW (this is
easy)
(c) specify padding schemes on the encryption algorithm side - i.e. specify
how to turn the restricted-length enc alg into a arbitrary length enc alg

Comments ? Preferences ?

...Mark

Received on Thursday, 19 December 2013 16:57:43 UTC