thanks a lot John, On Mar 28, 2014, at 5:09 PM, John Bradley <[email protected]<mailto:[email protected]>> wrote:
This reference may be useful to you. http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2 The part of the spec you need is http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24#page-23 We originally used a KDF as you mention. In order to simplify the alg and align with draft-mcgrew-aead-aes-cbc-hmac-sha2. K is the concatenation of the AES key and teh HMAC Key. question, are the examples in the spec already updated to use the new mechanism? There are some obsolete references in the JWE spec. E.g. in [2] says: as described where this algorithm is defined in Sections 4.8<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#section-4.8> and 4.8.3<http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#section-4.8.3> of JWA, These sections seems to point to on old version of the spec (Section 4.8.3 doesn’t even exist anymore in JWA) regards antonio [2] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-B John B. On Mar 28, 2014, at 11:19 AM, Antonio Sanso <[email protected]<mailto:[email protected]>> wrote: hi *, in the JWT specification [0] there is an example of a JWE that use A128CBC-HS256 for content encrpyption. Now I am not a cryptographer my self but IIUC the same CEK is used for encrypting with AES and authentication HMAC. AFAIK is better to use two different keys for those 2 different primitives (this will not obviously apply to AES_GCM). Unless I am missing something... :) regards antonio [0] http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-19#appendix-A.1 [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-24#appendix-A.2 _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
