> On 13 Jun 2024, at 13:27, Ilari Liusvaara <[email protected]> wrote:
>
> On Thu, Jun 13, 2024 at 01:47:25PM +0530, tirumal reddy wrote:
>>> On Wed, 12 Jun 2024 at 20:03, Ilari Liusvaara <[email protected]>
>>> wrote:
>>>
>>> The two modes do not even invoke the same algorithm operations in JOSE,
>>> so I don't think it is complicated to put the encrypted key into JWE
>>> Encrypted Key when performing direct HPKE.
>>>
>>
>> If traditional asymmetric algorithms are used (e.g., ECDH-ES), the public
>> key in "epk" is placed in the JWE protected header.
>
> That is not correct.
>
> If there are multiple recipients, then "epk" is *required* to be
> unprotected.
[snip]
Is this true? One of the advantages of ECIES for multiple recipients is that
you can safely reuse a single ephemeral keypair for all recipients [1]. This is
another case in which HPKE is a bad fit for JOSE, as it forces a fresh
ephemeral keypair for each recipient.
[1]: https://faculty.cc.gatech.edu/~aboldyre/papers/bbks.pdf
— Neil
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
