RE: Password Based Encryption for RSA Keys from Dournaee, Blake on 2001-10-24 (xml-encryption@w3.org from October 2001)

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Wed, 24 Oct 2001 12:32:25 -0700
To: "'reagle@w3.org'" <reagle@w3.org>
Cc: "'xml-encryption@w3.org'" <xml-encryption@w3.org>
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D202A1B5E5@exrsa01.rsa.com>

Joseph,

In my opinion, I believe that it is a mistake to leave out something as
important as PBE for private keys.

For example, here we have these great XML Signature and Encryption standards
that are virtually ASN.1 free, yet there is no easy way to keep a private
key safe without going back to ASN.1.

For example, consider the creation of some abitrary encrypted data that is
encrypted and packaged using XML Encryption and sent to a recipient. The
recipient can use XML tools to pull apart the document and get to the
<EncryptedData> elemement(s), yet the actual *decryption key* (private key,
in the case of RSA) will likely be stored locally as a PKCS#12 message or a
PKCS#8 blob. Because there is no XML substitute for keeping a decryption key
safe and usable, an ASN.1 parser will be required in the end anyhow. At this
point, there is little sense to use XML Encryption when one can just use
PKCS#7 and re-use the ASN.1 engine and throw out the XML tools.

Blake Dournaee
Toolkit Applications Engineer
RSA Security

"The only thing I know is that I know nothing" - Socrates

-----Original Message-----
From: Joseph Reagle [mailto:reagle@w3.org]
Sent: Wednesday, October 24, 2001 12:17 PM
To: Dournaee, Blake; xml-encryption@w3.org
Subject: Re: Password Based Encryption for RSA Keys

There used to be a "password key derivation" requirement. There was some 
confusion about it (which Jim clarified [1]) but there has yet to be a 
champion for the requirement with a compelling proposal for its 
specification.

On Thursday 18 October 2001 16:27, Dournaee, Blake wrote:
> It seems to me that XML Encryption does not have a facility to encrypt
> RSA/DSA Private Keys using password-based encryption. E.g. There is no
> replacement for what is currently a PKCS#8 "EncryptedPrivateKeyInfo"
> structure (to use the ASN.1 terminology)
>
> Currently, there is no XML representation of such an encrypted construct,
> which is very odd because this form of encrypted data is especially
> "user-friendly" because it is unlocked with a password.
>
> Any ideas on this? Or perhaps it was decided against for some good
> reason?

-- 
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Wednesday, 24 October 2001 15:36:12 UTC