I think you can do whatever you want here. RFC 9052 doesn’t define anything for this.
In addition to what Hannes suggests, you could use a standard COSE_Encrypt0 where it’s payload is the key you which to encrypt from the COSE_Key. Then take the other members of the COSE_Key and put them in a special custom-defined header parameter in the COSE_Encrypt0. You could use an off-the-shelf COSE_Encrypt0 implementation as long as it allowed custom header parameters. Or reverse it and define some new parameters for a COSE_Key that replace the ones that hold the key. The new ones have a COSE_Encrypt0 in them. Again, you can mostly use off-the-shelf COSE components to implement this. Also, I tried to think of parallels for this in the ASN.1, PKCS and PEM world. Probably PKCS 12 is the closest. Probably someday we should make a CBOR-based equivalent to PKCS 12. Just ideas — don’t claim to have thought this through deeply. LL > On Feb 20, 2023, at 5:40 AM, Rønningstad, Øyvind > <[email protected]> wrote: > > Hi, I was looking at the spec, trying to find the best way to represent an > encrypted key with COSE. So, let’s say I want to store or transmit a > symmetric key in a COSE_Key structure, but I want the key to be encrypted. In > a way, I want key wrapping without the payload. > > I could always wrap my COSE_Key in a COSE_Encrypt or COSE_Encrypt0, but that > also encrypts the metadata, which makes it more inconvenient to scan a > collection of keys to find the correct one to use. Ideally, I’d like to wrap > just the Key Value (“k”, with label -1) from the COSE_Key in a COSE_Encrypt0 > in-place, but the spec doesn’t seem to give room for that: “k: This contains > the value of the key.” > > Can I instead use a COSE_recipient or a COSE_Encrypt(0) structure in place of > the COSE_Key, and place the different COSE_Key parameters (except k) into the > protected header or unprotected header? How should I structure it if so? > > What is the recommendation from the COSE WG? Did I miss something in the spec > about this? > > Best Regards, Øyvind Rønningstad > > _______________________________________________ > COSE mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/cose > <https://www.ietf.org/mailman/listinfo/cose>
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
