[COSE] HPKE: Ephemeral public key encoding

Mon, 25 Apr 2022 09:13:35 -0700 

Hi Ilari,

> 6) The encoding of the encapsulated key produced by HPKE seems to be
> under-specified.
>
> HPKE gives octet string as encapsulted key. This apparently is placed
> into the ephremeral public key field in unprotected header. However,
> RFC8152 specifies this field to be cose_key, and it is not at all
> clear how to encode the octet string as cose_key. Especially what to
> fill as the kty field, which is mandatory in cose_key.
>
> Searching for existing RFC8152 construct to abuse, there is the
> "Symmetric" kty. Then the encapsulated key would look like:
>
> -1: {
>             /* kty => Symmetric */
>             1:4,
>             /* The raw encapsulated ciphertext. */
>             
> -1:h'04ca591f4b1139c1c325be3265a6ce4dcc79a5895e9ef12a0726406bc72282697c8d12f18230208ebaa769f903917d59284526fd65a27ab5898913af10ed334398'
> }

You raise a couple of good questions in your remark:


  1.  Is the unprotected header the right place to put the ephemeral public key?
  2.  What kty field should be used in the ephemeral public key structure?
  3.  What is the encoding of the public key exported by HPKE?

Add 1) We used the unprotected header because this is also currently done for 
similar uses in the COSE RFC. See, for example, Appendix C.3.1.

Add 2) Regarding the kty field the IANA registry contains a number of "COSE Key 
Types" in https://www.iana.org/assignments/cose/cose.xhtml. For use with 
elliptic curve keys EC2 (2) appears appropriate.

Add 3) HPKE does not define a wire format. The COSE-HPKE draft defines a wire 
format. Hence, there is no conflict in terms of encoding.
It appears to make sense to re-use the already existing encoding provided in 
the COSE spec.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to