On Mon, Aug 22, 2022 at 10:25:20AM +0000, Hannes Tschofenig wrote: > Hi all, > > In a discussion with Russ the following issue surfaced. > > https://datatracker.ietf.org/doc/html/draft-ietf-cose-hpke-02 > specifies a one-layer and a two-layer structure. The two-layer > structure a sender to transmit ciphertext to multiple recipients > while only encrypting the plaintext once with a content encryption > key (CEK). > > Layer 0 contains the plaintext encrypted with the CEK. > > Layer 1 contains the encrypted CEK, which is a random value of > suitable length encrypted using HPKE. > > The question is: Should we utilize AES-KW to wrap the CEK' by > using HPKE to produce the Key Encryption Key?
You mean using HPKE exporter mode to produce KEK, which then encrypts the CEK using AES-KW? Or something else? And what would the usecase be? Using AES-192 or CCM mode? All the other COSE bulk encryptions seem to be in HPKE. And if this is about using HPKE exporter for KEK, I am not seeing any nice way to map it to two-layer structure. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
