On Wed, Jun 12, 2024 at 10:22:03AM -0700, Matt Chanda wrote: > > > On Jun 12, 2024, at 7:02 AM, Ilari Liusvaara <[email protected]> > > wrote: > > > > The aad is input to the algorithm direct encryption operation used by > > the mode, so this does not break the cycle. > > > > Hello, if I understand the cycle correctly, the problem is that the ek > is in the header which is also encrypted.
Authenticated, not encrypted. > If so, in my setup the ek is accessible after setting up the context > and it can be added to the header before calling seal (which used > the aad). The problem is that the protected headers are input to the whole operation, and thus can not be modifed. Splitting the operation into two (to allow modifying protected headers) would greatly increase complexity. There is much simpler solution: The two modes are very different anyway (different operations), so stick the direct HPKE enc into JWE EK. > This is not the single shot api though, so I may have missed that > in the original cycle message. One can not get around the problem with multi-shot API. > I also do not think that the single shot should be a requirement. > It doesnt matter to me if I have 2 lines of code or 6 to encrypt > and decrypt. The difference is much more than some small number of lines of extra code. -Ilari _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
