ACTION-290: Key encapsulation in XML encryption

All,

This is in response to ACTION-290 that I took during the f2f last week.

When looking at this, the basic requirement would seem to be allowing use 
of key encapsulation when transporting encryption keys. A design goal 
should probably also be to allow re-use of the existing EncryptedKeyType.

One possibility is to define a new URI "KEM-KTS" (Key Encapsulation Method 
- Key Transport Scheme) for use as the "Algorithm" value in 
xenc:EncryptionMethod. Then, using the extensibility of the 
EncryptionMethodType, one could define a KeyEncapsulationMethodType that 
would define the necessary parameters:

- KeyDerivationMethod (re-using what is defined in Derived Key)
- KeyLength (possibly the "KeySize" element of EncryptionMethodType may be
   re-used)
- KeyWrapMethod (the algorithm used to wrap the actual content-encryption
   key using the derived key)
- Other (extensibility point)

KeyInfo would in the case of RSA contain the recipient's public key 
and in the case of ECC, it would contain a value of type AgreementMethod 
that in turn would contain the two ECDH params.

Here's a possible schema:

<element name="KeyEncapsulationMethod" type="kem:KeyEncapsulationMethodType"/>
<complexType name="KeyEncapsulationMethodType">
   <sequence>
     <element ref="dkey:KeyDerivationMethod"/>
     <element ref="kem:KeyWrapMethod"/>
     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
   </sequence>
   <attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>

<element name="KeyWrapMethod" type="kem:KeyWrapMethodType"/>
<complexType name="KeyWrapMethodType">
   <sequence>
     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
   </sequence>
   <attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>

Comments?

-- Magnus

Received on Monday, 18 May 2009 21:58:55 UTC