- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Fri, 22 Mar 2013 14:22:07 -0400
- To: Manu Sporny <msporny@digitalbazaar.com>
- CC: Web Payments <public-webpayments@w3.org>
On 03/22/2013 10:31 AM, Manu Sporny wrote: > Short answer: Yes, PaySwarm and Web Keys can support ECDSA (and can > support any future PEM-based format without requiring a change to the > Web Keys or PaySwarm specs). Note: There are a number of active > patents around ECDSA, which is why we steered clear of it. -- manu I don't know that this is strictly true. There may be a small change required to support ECDSA keys. The reason for that is that I don't believe ECDSA supports encryption (it is a digital signature algorithm only, just like DSA, AFAIR). Asymmetric elliptic curve cryptography requires the use of something like ECIES (http://en.wikipedia.org/wiki/Integrated_Encryption_Scheme) which appears to use Elliptic Curve parameters that are different from the signature algorithm. The PaySwarm protocol is currently simplified by reusing public keys for encryption and verification (Note: only transient messages are encrypted in the protocol, so no key escrow is necessary). For example, when a PaySwarm Authority processes a listing for a buyer, it verifies the signature using the public key that signed the listing, then it encrypts the receipt for the related purchase using the same public key so that it can be transmitted securely to the vendor (even over an otherwise clear channel, as only the vendor can decrypt it). My guess is that, in order to support ECDSA (or similar) keys, we'd have to introduce another parameter to indicate the key that should be used to perform encryption in these cases. It's fairly trivial to add this to the protocol (as just a different parameter for another signature/encryption scheme), however, it is currently unnecessary with RSA. -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Friday, 22 March 2013 18:22:10 UTC