Think in terms of encrypting a JWK directly not an intermediate key. > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Manger, James H > Sent: Monday, March 18, 2013 5:17 PM > To: [email protected]; [email protected] > Subject: Re: [jose] #14: Support longer wrapped keys than OAEP allows > > Richard, > > How do you get a 788-bit key length? > > draft-mcgrew-aead-aes-cbc-hmac-sha2 defines 5 combinations of AES- > 128/192/256 and SHA-1/256/384/512. The total key lengths range from 256 > bits to 512 bits. > > Keys for two of the algorithms (AEAD_AES_128_CBC_HMAC_SHA_256 and > AEAD_AES_128_CBC_HMAC_SHA1) fit within OAEP with a 1024-bit RSA key. > > Keys for all of the algorithms fit within OAEP with a 2048-bit RSA key. JWA > already says RSA key sizes MUST be at least 2048 bits. > > This already looks sufficient. > > -- > James Manger > > > > From: [email protected] [mailto:[email protected]] On Behalf > > Of Richard Barnes > > Sent: Tuesday, 19 March 2013 10:25 AM > > Subject: [jose] WebCrypto feedback on key wrapping > > > > 2. Mark Watson (Netflix) noted that if we use RSA directly to encrypt wrapped > key objects, then we would need something other than OAEP in order to carry > arbitrary-length payloads. I agreed, and suggested that something like RSA- > KEM would be necessary. Ryan Sleevi (Google) and Vijay observed that KEM is > troublesome due to the lack of support by native crypto libraries. > > > > Point number 2 likely applies for some scenarios of JWE, especially if we > adopt the McGrew approach. For example, if using HMAC-SHA1 and AES with > a 256-bit key, the total key length is 788 bits, which is too long to be encrypted > with OAEP under a 1,024-bit RSA key. I'm not sure how to resolve it. The best > idea I've got is to allow wrapped keys to nest, so that you can wrap a key inside > of another wrapped key. > > > > --Richard > > > >> ---------- > >> Sent: Tuesday, 19 March 2013 10:23 AM > >> Subject: [jose] #14: Support longer wrapped keys than OAEP allows > >> > >> #14: Support longer wrapped keys than OAEP allows > >> > >> The use of RSA-OAEP for key wrapping imposes a limit on the length > >> of the key package being wrapped. With SHA1, this length is N-320, > >> where N is the length of the RSA modulus. Especially with larger > >> hash functions, and especially for wrapping private keys, the size > >> of key packages will be larger than this bound. We should > >> incorporate a mechanism to accommodate these situations. > >> > >> > >> Ticket URL: <http://trac.tools.ietf.org/wg/jose/trac/ticket/14> > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
