An action item I took on at the interim working group meeting was to produce a draft showing how key wrapping can be accomplished with AES GCM for JWE. This draft is now available as http://tools.ietf.org/html/draft-jones-jose-aes-gcm-key-wrap-00. The specification is also available in HTML format at http://self-issued.info/docs/draft-jones-jose-aes-gcm-key-wrap-00.html.
The core technical content is all in Section 3, which I’ve included in its entirety below because it’s so short. 3. Key Encryption with AES GCM This section defines the specifics of encrypting a JWE Content Encryption Key (CEK) with Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) [AES]<http://self-issued.info/docs/draft-jones-jose-aes-gcm-key-wrap-00.html#AES> [NIST.800‑38D]<http://self-issued.info/docs/draft-jones-jose-aes-gcm-key-wrap-00.html#NIST.800-38D> using 128 or 256 bit keys. The alg header parameter values A128GCMKW or A256GCMKW are respectively used in this case. Use of an Initialization Vector of size 96 bits is REQUIRED with this algorithm. The Additional Authenticated Data value used is the empty octet string. The requested size of the Authentication Tag output MUST be 128 bits, regardless of the key size. Let JWE Encrypted Key value be the concatenation of the Initialization Vector value, the Ciphertext output, and the Authentication Tag output. During key decryption, the JWE Encrypted Key value is split into three inputs to the AES GCM decryption algorithm: the first 96 bits are the Initialization Vector value, the last 128 bits are the Authentication Tag value, and the remaining bits in between are the Ciphertext value. -- Mike P.S. Richard, unlike what I described in our private conversation, this specification uses no additional header parameter values. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, June 13, 2013 5:53 PM To: Mike Jones; Mike Jones Subject: New Version Notification for draft-jones-jose-aes-gcm-key-wrap-00.txt A new version of I-D, draft-jones-jose-aes-gcm-key-wrap-00.txt has been successfully submitted by Michael B. Jones and posted to the IETF repository. Filename: draft-jones-jose-aes-gcm-key-wrap Revision: 00 Title: Key Wrapping with AES GCM for JWE Creation date: 2013-06-13 Group: Individual Submission Number of pages: 5 URL: http://www.ietf.org/internet-drafts/draft-jones-jose-aes-gcm-key-wrap-00.txt Status: http://datatracker.ietf.org/doc/draft-jones-jose-aes-gcm-key-wrap Htmlized: http://tools.ietf.org/html/draft-jones-jose-aes-gcm-key-wrap-00 Abstract: This specification defines how to encrypt (wrap) keys with the AES GCM algorithm for JSON Web Encryption (JWE) objects. The IETF Secretariat
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
