On Thu, Apr 13, 2023 at 09:22:44AM +0300, Ilari Liusvaara wrote:
> Well, if one wanted to add capability advertisment for HPKE. What one
> could do is to add a new optional _common_ key parameter that contains
> lists for the supported KEMs, KDFs and AEADs. In kty=HPKE, the KEM used
> in the key is implicitly considered supported.
>
> - Multiple KEMs are allowed, because there can be more than one possible
> KEM for given key (e.g., P256 vs. CP256).
> - Implementations can not be assumed to be able to convert raw HPKE
> keys, so those are assumed to be usable uncoverted.
Some examples might be useful:
1) P-256 key, KEMs 8 (CP-256?) and 16 (P-256), SHA-256, AES:
{
"kty":"EC",
"crv":"P-256",
"hpkeadv":[[8,16],[1],[1,2]], //2 KEMs.
"x":"ay...jt",
"y":"xu...67"
}
2) X448 key, SHA-512, AES256 or Chacha:
{
"kty":"OKP",
"crv":"X448",
"hpkeadv":[[33],[3],[2,3]],
"x":"hr...8z"
}
3) Post-quantum, SHA-256, Chacha:
{
"kty":"HPKE",
"kem":48,
"hpkeadv":[[],[1],[3]], //Kem 48 is implicit.
"pub":"ur...6r"
}
Then if one wanted to limit key to HPKE in JOSE, I think it would be
techincally possible to define a new "use". E.g.,
{
"kty":"EC",
"crv":"P-256",
"use":"HPKE",
"hpkeadv":[[8,16],[1],[1,2]],
"x":"ay...jt",
"y":"xu...67"
}
COSE does not have "use", but HPKE is single algorithm, so one could
use "alg" for the same purpose.
-Ilari
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
