> > Is it ok to convey the encapsulated key outside of the protected header?
> It can not be in protected header, as that would cause cyclic dependency. Ah..., yes, you are right. my apologies for the confusion. In my implementation and also in the sample program below, of course, the hpke_sender_info is indeed included in NOT the protected header BUT the unprotected header. https://github.com/dajiaji/python-cwt#cose-hpke-encrypt0 The absolute minimum is alg. Agree. Additionally, if I may add, for the "alg" parameter, it is sufficient to have enough information to call the COSE-HPKE process. Specifically, specifying "HPKE-v1-Base" is enough for that purpose. Best, Daisuke 2023年7月6日(木) 17:31 Ilari Liusvaara <[email protected]>: > On Wed, Jul 05, 2023 at 03:54:30PM -0500, Orie Steele wrote: > > > > Is it ok to convey the encapsulated key outside of the protected header? > > It can not be in protected header, as that would cause cyclic > dependency. > > (Ciphertext is output by single-shot encrypt call, but that call also > requires the protected header.) > > (Now one could break that with multishot API, but COSE-HPKE does not > assume that API is available.) > > > Is it ok to omit both `hkc` and `alg` in the case that `kid` is > > enough to discover a JWK or COSE key that specifies the same > > information? > > > > Seems like the answer is yes, based on the binding being redundant. > > It is not possible to omit "alg" nor sender_info, due to COSE > requirements. > > If the triple was communicated in some other way, sender_info could be > a bstr. > > However, any x25519/x448/p256/p384/p521 key that does not assert alg > restriction could be used with COSE-HPKE, and those keys do not come > with extra data on how to use those in COSE-HPKE. > > > > Assuming all algorithms used are communicated out of band, what is the > > minimum information required in the protected header? > > The absolute minimum is alg. > > And then in unprotected headers, one MUST have sender_info and > SHOULD have kid. > > > Here is part of (commented) diagnostic dump of recipient structure from > my COSE-HPKE prototype (pretty minimal): > > [ > //Protected header: alg: -1 (HPKEv1-BASE) > h'A10120', > //Unprotected header. > { > //KID. > 4: h'E60B34A4C19A19A0', > //HPKE Sender info. > -4: [ > //X25519 with SHA-256 KEM > 32, > //SHA-256 KDF > 1, > //Chacha20-Poly1305 > 3, > //Ciphertext. > > h'DD5A7E5573C485496E00C2406F1F5B71DF2D913DFB2CF1794F5F826C73DFFB25' > ] > }, > //Encrypted content encryption key. > > h'F75001F6E076A11C8D9458BC270DEAEB217C48AA943B110A1CA3FEE9BCF24BEABB934EAC0F1A6DA6E17FE6D4959ABC36' > ] > > > > > -Ilari > > _______________________________________________ > COSE mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/cose >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
