How does one specify the Salt/Nonce for ConcatKDF key derivation in XML encryption 1.1 from Pratik Datta on 2011-09-19 (public-xmlsec@w3.org from September 2011)

From: Pratik Datta <pratik.datta@oracle.com>
Date: Mon, 19 Sep 2011 13:18:01 -0700 (PDT)
To: public-xmlsec@w3.org
Message-ID: <e4c8c9f8-4dcd-40b2-8730-c9e94ff196b9@default>

I noticed that the Legacy key derivation function has a <KA-Nonce> element, PBKDF2  has a <Salt> element, but there is nothing equivalent of this for ConcatKDF.
Is the salt supposed to be part of PartyUInfo , PartyVInfo ? 


The SP800-56A  says this:
------
3.2 PartyUInfo: A bit string containing public information that is required by the
application using this KDF to be contributed by party U to the key derivation
process. At a minimum, PartyUInfo shall include IDU, the identifier of party U. See
the notes below.

3.3 PartyVInfo: A bit string containing public information that is required by the
application using this KDF to be contributed by party V to the key derivation
process. At a minimum, PartyVInfo shall include IDV, the identifier of party V. See
the notes below.
-----

I am not very clear from this text whether PartyUInfo is supposed include some random value.

Without the salt, the derived key will turn out to be same every time.


Pratik

Received on Monday, 19 September 2011 20:19:52 UTC