I'm looking for a scheme that uses elliptic curves where the sender encrypts and the receiver decrypts. The receiver has given the sender some key material out of band in a one-time exchange that is secured by some other means. The sender can't decrypt with the key material given by the receiver.
I understand how to do this with RSA and CMS -- RSA OEAP to wrap an AES CEK, but not yet how to do it with EC and COSE. The integration of both integrity protection and data enveloping is nice, but it's mostly the data protection I'm after. I did look at 12.4, but ephemeral-static nor static-static seem right. 12.5 seems closer. Thanks! LL ________________________________ From: COSE <cose-boun...@ietf.org> on behalf of Jim Schaad <i...@augustcellars.com> Sent: Wednesday, November 22, 2017 10:13 PM To: Laurence Lundblade; 'cose' Subject: Re: [COSE] ECIES key transport? I am not sure what you mean by this, however from the brief description on Wikipedia I think you are looking for the Direct ECDH algorithm w/ the AEAD encryption algorithm (Section 12.4). Jim From: COSE [mailto:cose-boun...@ietf.org] On Behalf Of Laurence Lundblade Sent: Wednesday, November 22, 2017 1:59 PM To: cose <cose@ietf.org> Subject: [COSE] ECIES key transport? Has anyone done any work on ECIES key transport for COSE? LL
_______________________________________________ COSE mailing list COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose