Here is what I found in trying to process:
1. You got the tag wrong – it should be 96 not 97 (right in the bytes, wrong in the pretty print) 2. I had a small problem because COSE does require all of the RSA private keys be present in a COSE key which is what I use and you only provided d. I successfully decrypted the message and from a visual check it looks like you have all of the parameters in the correct location. I should be updating my set of examples by the end of the week with more examples for OAEP as well as some PSS examples. Jim From: COSE <[email protected]> On Behalf Of Laurence Lundblade Sent: Tuesday, June 5, 2018 1:48 PM To: cose <[email protected]> Subject: [COSE] Confirmation / interop for COSE Encrypt with RSA OEAP and AES GCM We’re trying to follow RFC 8152 + RFC 8230 to do COSE Encryption with RSA OEAP and AES GCM. Basically we have an RSA-based X.509 certificate hierarchy that we’ve been using with CMS to do blob encryption and want to move to COSE. RFC 8230 has no example like the ones in 8152 for EC-based encryption. We also haven’t found any other code to interop with. We’re looking for some confirmation / interop that we got it right. Below is an example we’ve produced (this can be used for an example in an RFC if desired). What we find not very clear is what the actual bytes encrypted by the RSA OEAP operation should be. In the example below it is the raw CEK and as far we can tell this is correct. We’re NOT creating a Enc_structure for the input to the RSA operation (we are for the input to AES GCM). We think RSA OEAP is an instance of Key Transport as mentioned in section 12.3 in RFC 81512 and thus there are no protected headers in the recipient structure. RSA OEAP has no way to authenticate the protected headers so there are none. Would appreciate confirmation that this is all correct and/or some SW to interop with. Thanks! LL The payload encrypted is the 7 byte string “payload”. d8 60 84 43 a1 01 03 a1 05 4c a5 72 c6 a0 a8 37 7d 1f 05 82 25 d4 57 94 1b 7b 1f 83 c1 af 52 5b f1 b8 b8 bb f3 cf 1c a6 b7 05 8f eb c9 1d 81 83 40 a2 01 38 28 04 45 6b 65 79 49 44 59 01 00 9b 54 74 8a 11 07 a0 ee e7 8f 93 3b 48 46 e8 98 7f b9 97 45 1f fd 14 80 3f 1b b2 b5 fc c3 44 72 5d 0e 31 13 8d cf 3c 6c 0f db ef 83 61 84 c3 cf 15 86 55 9c 53 1b 69 1f 74 eb 0e ce 7a 47 47 1b 5d 41 11 97 43 02 86 44 bb e5 e1 0d 60 ad 44 c7 55 0a d5 7d f4 30 9f e4 05 e9 52 1d 67 0d d6 52 31 8a bb 6e 15 5e 35 fa 53 b9 89 d2 9a 1e 2a 15 c3 87 75 24 0d d0 82 ef b3 6d 08 f1 c5 77 e0 30 5c 78 f5 81 d5 c8 44 44 83 8f f8 9c 53 52 72 a5 e9 85 c8 9e 8f fe 4f 1d 77 83 e2 b8 7c 7e ab 36 12 73 89 5d 61 90 6a 6f 2c da 02 17 72 66 ad ed 88 6b e7 56 f9 f7 7e 31 3c 50 d8 d1 15 7b f8 42 fc 09 da 6f 40 35 fc cd 8d 12 63 02 5f 3b 53 49 21 aa db 55 38 1b ab 17 ea 21 5b 73 d2 50 5d 71 7f 79 0a d7 ba 0c da 75 f8 2d ca 8c 8a c2 79 78 a8 ea 28 bb f7 81 1e 74 c0 d1 55 64 da d8 aa ad 97( [ / protected / h'A10103' / { \ alg \ 1:3 \ AES-GCM mode w/ 256-bit key, 128-bit tag \ } / , / unprotected / { / iv / 5:h'A572C6A0A8377D1F058225D4' }, / ciphertext / h'941B7B1F83C1AF525BF1B8B8BBF3CF1CA6B7058FEBC91D', / recipients / [ [ / protected / h'', / unprotected / { / alg / 1:-41 / RSAES-OAEP w/ SHA-256 /, / kid / 4:'keyID' }, / ciphertext / h'9B54748A1107A0EEE78F933B4846E8987FB997451FFD14803F1BB2B5FCC34472 5D0E31138DCF3C6C0FDBEF836184C3CF1586559C531B691F74EB0ECE7A47471B 5D41119743028644BBE5E10D60AD44C7550AD57DF4309FE405E9521D670DD652 318ABB6E155E35FA53B989D29A1E2A15C38775240DD082EFB36D08F1C577E030 5C78F581D5C84444838FF89C535272A5E985C89E8FFE4F1D7783E2B87C7EAB36 1273895D61906A6F2CDA02177266ADED886BE756F9F77E313C50D8D1157BF842 FC09DA6F4035FCCD8D1263025F3B534921AADB55381BAB17EA215B73D2505D71 7F790AD7BA0CDA75F82DCA8C8AC27978A8EA28BBF7811E74C0D15564DAD8AAAD' ] ] ] ) RSA Key Material: key bits = 2048 n = h'ae45ed5601cec6b8cc05f803935c674ddbe0d75c4c09fd7951fc6b0caec313a8df39970c518bff ba5ed68f3f0d7f22a4029d413f1ae07e4ebe9e4177ce23e7f5404b569e4ee1bdcf3c1fb03ef113 802d4f855eb9b5134b5a7c8085adcae6fa2fa1417ec3763be171b0c62b760ede23c12ad92b9808 84c641f5a8fac26bdad4a03381a22fe1b754885094c82506d4019a535a286afeb271bb9ba592de 18dcf600c2aeeae56e02f7cf79fc14cf3bdc7cd84febbbf950ca90304b2219a7aa063aefa2c3c1 980e560cd64afe779585b6107657b957857efde6010988ab7de417fc88d8f384c4e6e72c3f943e 0c31c0c4a5cc36f879d8a3ac9d7d59860eaada6b83bb' p = h'' q = h'' e = h'000000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000000000000000000000 0000000000000000010001' d = h'056b04216fe5f354ac77250a4b6b0c8525a85c59b0bd80c56450a22d5f438e596a333aa875e291 dd43f48cb88b9d5fc0d499f9fcd1c397f9afc070cd9e398c8d19e61db7c7410a6b2675dfbf5d34 5b804d201add502d5ce2dfcb091ce9997bbebe57306f383e4d588103f036f7e85d1934d152a323 e4a8db451d6f4a5b1b0f102cc150e02feee2b88dea4ad4c1baccb24d84072d14e1d24a6771f740 8ee30564fb86d4393a34bcf0b788501d193303f13a2284b001f0f649eaf79328d4ac5c430ab441 4920a9460ed1b7bc40ec653e876d09abc509ae45b525190116a0c26101848298509c1c3bf3a483 e7274054e15e97075036e989f60932807b5257751e79'
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
