This reference may be useful to you. http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2
The part of the spec you need is http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24#page-23 We originally used a KDF as you mention. In order to simplify the alg and align with draft-mcgrew-aead-aes-cbc-hmac-sha2. K is the concatenation of the AES key and teh HMAC Key. John B. On Mar 28, 2014, at 11:19 AM, Antonio Sanso <[email protected]> wrote: > hi *, > > in the JWT specification [0] there is an example of a JWE that use > A128CBC-HS256 for content encrpyption. > Now I am not a cryptographer my self but IIUC the same CEK is used for > encrypting with AES and authentication HMAC. > > AFAIK is better to use two different keys for those 2 different primitives > (this will not obviously apply to AES_GCM). > > Unless I am missing something... :) > > regards > > antonio > > [0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1 > [1] > http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2 > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
