On Sun, Jun 02, 2024 at 10:56:35AM -0500, Orie Steele wrote:
> I've suggested a change to JOSE HPKE to align it with COSE HPKE:
>
> https://github.com/tireddy2/JOSE_HPKE/pull/26
> <https://github.com/tireddy2/JOSE_HPKE/pull/26/files>
>
> If there is consensus to make this change, I can update my prototype and
> regenerate examples for the draft, and the cookbook:
Sure, it is better.
However, there is this text in RFC 7516, section 5.1.:
4. When Key Wrapping, Key Encryption, or Key Agreement with Key
Wrapping are employed, encrypt the CEK to the recipient and let
the result be the JWE Encrypted Key.
Which seems to say that the whole output should go into JWE Encrypted
Key. The algorithm can not be Key Agreement with Key Wrapping, because
then step 3 would come to play, and it wants "the key agreement
algorithm to compute the value of the agreed upon key" (something that
requires exporters in HPKE).
There is of course two outputs. Naive concatenation would work, because
length of enc is determined by KEM (it is even listed in IANA registry),
which is determined by alg.
As for the other mode, JWE as of currently defined does not allow it.
What the draft currently does with it is flat out Undefined Behavior.
-Ilari
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
