Re: Supplemental list of Password-Based Encryption Algorithms from merlin on 2002-06-26 (xml-encryption@w3.org from June 2002)

From: merlin <merlin@baltimore.ie>
Date: Wed, 26 Jun 2002 14:26:10 +0100
To: "Tom Gindin" <tgindin@us.ibm.com>
Cc: xml-encryption@w3.org, dee3@torque.pothole.com, reagle@w3.org
Message-Id: <20020626132610.352094433E@yog-sothoth.ie.baltimore.com>
Hi Tom,

Some quick comments:

Names such as ...xmldsig-more#pbes2-tripledes-cbc,
#pbe-sha1-tripledes-cbc (or whatever) would be more in line
with our other algorithm URIs. The text would then define their
correspondence with PKCS#12 pbeWithSHAAnd3-KeyTripleDes-CBC,
etc.

The namespace for any defined elements would probably be
just ...xmldsig-more#.

What would your opinion be of simply defining algorithms from
PKCS#12, which are Unicode-aware, and dropping RC2 unless it
is adopted as a standard cipher algorithm in xmldsig-more#? If
the intention is that we can encapsulate legacy ciphertext,
then I would assume we'd need to support all the algorithms,
which would seem troublesome.

  #pbe-sha1-arcfour = PKCS#12 pbeWithSHAAnd<n>BitRC4
? #pbe-sha1-rc2-cbc = PKCS#12 pbeWithSHAAnd<n>BitRC2-CBC
  #pbe-sha1-tripledes-cbc = PKCS#12 pbeWithSHAAnd3-KeyTripleDES-CBC

REQUIRED parameters, in this order:

  ( <KeySize>number</KeySize> - for arcfour, rc2 )
  <Salt>base64</Salt>
  <Iterations>number</Iterations>

Thanks for putting this together,

Merlin

r/tgindin@us.ibm.com/2002.06.26/08:03:42
>
>
>      The following is my suggestion for a new subsection of
>draft-eastlake-xmldsig-uri.  It is in RTF format ((See attached file:
>URISec.rtf)), but the ASCII text is attached at the bottom of this note.
>Several features of the draft may need further work or may need to be
>changed.  First, there is some question as to the URI space from which the
>identifiers should be assigned.  I have provisionally defined a new
>subspace which is specific to this use - "2002/06/xmlenc-pbe#".  If it is
>felt that the URI's need to match those in the rest of this draft, which
>are mainly for signatures, that string can be changed to
>"2001/04/xmldsig-more#PBE" wherever it appears in this section.  Second, I
>don't know how to define the name space under which the proposed
>"InitVector" element will be defined, and I would appreciate someone
>correcting its definition.  Here's the RTF format:
>      On a minor issue somewhat related to this draft, the identifier for
>the ARCFOUR encryption algorithm seems to have a typo in it, with
>"xmldsgi-more" in place of "xmldsig-more".  Can this be corrected?
>
>            Tom Gindin
>
>2.7   Password-Based Encryption Algorithms
>
>2.7.1 PKCS#5-based password-based encryption algorithms
>
>      The algorithms specified in this section derive keys (and IV's for
>      block ciphers) for their symmetric algorithms using the PBES2 scheme
>      specified in section 6.2 of PKCS#5[a] with the PBKDF2 key derivation
>      technique specified in section A.2 of PKCS#5[a].  Part of their name
>      contains the symmetric encryption algorithm used.  Each of the
>      algorithms specified in this section requires a single parameter,
>      containing the value of the initialization vector, which should be
>      specified using a newly defined element subordinate to
>      EncryptionMethodType, to be known as "InitVector", whose type is
>      base64Binary.  For variable key length algorithms such as RC2, the
>      KeySize element must be used to specify the length of the key.
>   Identifiers:
>       http://www.w3.org/2002/06/xmlenc-pbe#P5DESEDE3_CBC
>       http://www.w3.org/2002/06/xmlenc-pbe#P5RC2_CBC
>
>   An example of use is
>
><EncryptionMethod
>              Algorithm
>="http://www.w3.org/2002/06/xmlenc-pbe#P5DESEDE3_CBC">
><??:InitVector">ABCDEFGHIJK="</??:InitVector>
></EncryptionMethod>
>
>
>2.7.2 PKCS#12-based password-based encryption algorithms
>
>      The algorithms specified in this section derive keys (and IV's for
>      block ciphers) for their symmetric algorithms using the techniques
>      specified in section B of PKCS#12 [b].  Part of their name contains
>      the symmetric encryption algorithm used. For variable key length
>      algorithms such as RC2 or RC4, the KeySize element must be used to
>      specify the length of the key.
>
>Identifiers:
>       http://www.w3.org/2002/06/xmlenc-pbe#P12SHA_3KeyDES_CBC
>       http://www.w3.org/2002/06/xmlenc-pbe#P12SHA_RC2_CBC
>       http://www.w3.org/2002/06/xmlenc-pbe#P12SHA_RC4_CBC
>
>
>      References:
>
>
>      [a] RSA Laboratories, PKCS #5 v2.0: Password-Based Cryptography
>      Standard, Mar. 1999.
>      [b] RSA Laboratories, PKCS #12 v1.0: Personal Information Exchange
>      Syntax, Jun. 1999.
>
>
Received on Wednesday, 26 June 2002 09:26:47 UTC