> On Jun 12, 2024, at 7:02 AM, Ilari Liusvaara <[email protected]> wrote: > > On Wed, Jun 12, 2024 at 06:31:23PM +0530, tirumal reddy wrote: >> On Wed, 12 Jun 2024 at 13:14, Ilari Liusvaara <[email protected]> >> wrote: >> >>> When working on figuring out how to patch the encryption and decryption >>> procedures for this mode, I noticed that if the direct encryption >>> operation step produces headers, the resulting JWE can not be serialized >>> with compact encoding. RFC7516 prohibits bulk encryption stop from >>> producing headers (only allowing it to produce JWE Ciphertext and >>> Authentication Tag outputs). >>> >>> This arises because the produced headers must be unprotected (due to >>> hard cyclic dependency), and compact serialization not allowing >>> unprotected headers. The RFC7516 prohibition on headers means all >>> bulk encryption algorithms can work in compact serialization. >>> >> >> The cyclic dependency can be prevented by invoking the SetupBaseS to get >> the HPKE context and HPKE enc. The HPKE context is then used to invoke the >> Seal function with "aad" and "pt" as parameters. The "ek'' parameter can be >> within the JWE protected header. > > The aad is input to the algorithm direct encryption operation used by > the mode, so this does not break the cycle. >
Hello, if I understand the cycle correctly, the problem is that the ek is in the header which is also encrypted. If so, in my setup the ek is accessible after setting up the context and it can be added to the header before calling seal (which used the aad). This is not the single shot api though, so I may have missed that in the original cycle message. I also do not think that the single shot should be a requirement. It doesnt matter to me if I have 2 lines of code or 6 to encrypt and decrypt. -matt > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
