No, Concat often isn't natively supported, but it's very easy to implement 
given implementations of SHA-256 and SHA-512, as shown in 
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.4 
and 
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-06#appendix-A.5.

When the table was discussed at the WebCrypto F2F, it was pointed out that a 
shortcoming of the current table is that it doesn't indicate which of the "NO" 
values are effectively show-stoppers and which are easy to build 
implementations of, and so not a problem in practice.  As shown in the 
appendices, I believe that Concat is in the latter category.  Given the ease of 
implementation, it's certainly not worth adding space to the JWEs to work 
around.

                                                            -- Mike

From: [email protected] [mailto:[email protected]]
Sent: Monday, October 29, 2012 6:03 AM
To: Mike Jones; [email protected]
Cc: [email protected]
Subject: RE: Platform Support for JWA Crypto Algorithms

As one can see from this table the KDF is unsupported on all platforms (except 
one).
http://self-issued.info/presentations/Platform_Support_for_JWA-04_Crypto_Algorithms.xlsx

JWE

kdf

CS256

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS384

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO

JWE

kdf

CS512

Concat Key Derivation Function (KDF)

NO

Win7





NO

NO

NO

NO

NO

NO

NO

NO



NO

NO

NO


Isn't this an indication that we should look at alternatives?

e.g.: we could generate the integrity protection key randomly instead of 
deriving it from the content encryption key.
This would add some more bytes (e.g. about 32) to the jwt but is very easy to 
implement on all platforms.


One way to do it would be to generate enough bytes "Bytes" in "JWE Encrypted 
Key" for encryption and integrity.
The CEK is then "Bytes[0 .. cekLength-1]" and the CIK "Bytes[cekLength .. 
cekLength+cikLength-1]"


Axel

[On some platforms (Firefox/NSS) it might even be nearly impossible to 
implement (without extending the platform's functions) because the build-in 
digest function is always reset when finalize (doFinal) is called. The spec of 
the Concat-KDF says that bytes are generated in a loop but the digest is NOT 
reset in the loop.]


From: [email protected]<mailto:[email protected]> 
[mailto:[email protected]] On Behalf Of Mike Jones
Sent: Monday, October 29, 2012 7:28 AM
To: [email protected]<mailto:[email protected]>
Subject: [jose] Platform Support for JWA Crypto Algorithms

FYI, I posted the table describing support for the JWA algorithms in common Web 
development platforms that we discussed at IETF 84.  See 
http://self-issued.info/?p=884.

                                                            -- Mike

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to