- From: Magnus Nystrom <mnystrom@microsoft.com>
- Date: Wed, 28 Sep 2011 03:43:50 +0000
- To: "XMLSec WG Public List (public-xmlsec@w3.org)" <public-xmlsec@w3.org>
Hi Pratik, In the case of static-static D-H, the nonce shall be part of the PartyUInfo element (see NIST 800-56A: "NonceU shall be in the PartyUInfo subfield of OtherInfo"). As we state in the document that these attributes are defined in 800-56A, I don't think there's a need to make an update here. Best, -- Magnus > > Resent-From: <public-xmlsec@w3.org> > > From: ext Pratik Datta <pratik.datta@oracle.com> > > Date: September 19, 2011 4:18:01 PM EDT > > To: <public-xmlsec@w3.org> > > Subject: How does one specify the Salt/Nonce for ConcatKDF key > > derivation in XML encryption 1.1 > > > > I noticed that the Legacy key derivation function has a <KA-Nonce> element, > PBKDF2 has a <Salt> element, but there is nothing equivalent of this for > ConcatKDF. > > Is the salt supposed to be part of PartyUInfo , PartyVInfo ? > > > > > > The SP800-56A says this: > > ------ > > 3.2 PartyUInfo: A bit string containing public information that is > > required by the application using this KDF to be contributed by party > > U to the key derivation process. At a minimum, PartyUInfo shall > > include IDU, the identifier of party U. See the notes below. > > > > 3.3 PartyVInfo: A bit string containing public information that is > > required by the application using this KDF to be contributed by party > > V to the key derivation process. At a minimum, PartyVInfo shall > > include IDV, the identifier of party V. See the notes below. > > ----- > > > > I am not very clear from this text whether PartyUInfo is supposed include > some random value. > > > > Without the salt, the derived key will turn out to be same every time. > > > > > > Pratik > > >
Received on Wednesday, 28 September 2011 03:44:19 UTC