- From: Thomas Roessler <tlr@w3.org>
- Date: Mon, 23 Feb 2009 19:53:07 +0100
- To: XMLSec WG Public List <public-xmlsec@w3.org>
When we last talked about the padded AES key wrap proposed by Housley and Dworkin, the question came up whether or not that algorithm gives the same values as its unpadded cousin, for the key lengths that are supported by both. The spec: http://tools.ietf.org/html/draft-housley-aes-key-wrap-with-pad-00 ... makes clear that the values will be different, due to a different choice of an alternate initial value; see section 3. I suggest that we include a reference to this algorithm (with algorithm URI) in the FPWD for Encryption, as an optional algorithm. (I have some thoughts about optional vs mandatory, but think it's too late to do anything about them till we publish the FPWD.) Specifically, I propose adding: > 5.6.4 AES Key Wrap with Padding > > Identifiers and Requirements > http://www.w3.org/2009/xmlenc11#kw-aes-128-pad (OPTIONAL) > http://www.w3.org/2009/xmlenc11#kw-aes-192-pad (OPTIONAL) > http://www.w3.org/2009/xmlenc11#kw-aes-256-pad (OPTIONAL) > > These identifiers are used for symmetric key wrapping using the AES > key wrap with padding algorithm with a 128, 192, and 256 bit AES key > encrypting key, respectively. > > Implementation of AES key wrap with padding is defined in [draft- > housley]. The algorithm is defined for inputs between 9 and 2^32 > octets. Unlike the unpadded AES Key Wrap algorithm, the input > length is not constrained to multiples of 64 bits (8 octets). > > Note that the wrapped key will be distinct from the one generated by > the unpadded AES Key Wrap algorithm, even if the input length is a > multiple of 64 bits. Bibliography entry: > [draft-housley] Advanced Encryption Standard (AES) Key Wrap > Algorithm with Padding. R. Housley, M. Dworkin. Internet-Draft (Work > in Progress), 29 January 2009. http://tools.ietf.org/html/draft-housley-aes-key-wrap-with-pad-00 Regards, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Monday, 23 February 2009 18:53:19 UTC