> > >> If so, in my setup the ek is accessible after setting up the context >> and it can be added to the header before calling seal (which used >> the aad). > > The problem is that the protected headers are input to the whole > operation, and thus can not be modifed. Splitting the operation into > two (to allow modifying protected headers) would greatly increase > complexity.
I think I’m starting to understand what you are saying. If you are not modifying the header as part of the encryption process, does that mean you also set the epk before calling your encryption when using EC DH? I suspect the answer is yes. If so, that is where we are different. I explicitly do not allow the caller to pick the epk. I do this to ensure that the epk is not recycled or replayed, and to ensure that the private key for the epk is correctly discarded. You are probably handing the same controls but at a layer above the encryption. (Which is ok too). Since I consider the epk as part of the encryption, it doesn’t matter to me if a different algorithm uses an ek header instead of the epk. -matt Sent from my iPad > On Jun 12, 2024, at 1:35 PM, Ilari Liusvaara <[email protected]> wrote: > On Wed, Jun 12, 2024 at 12:42:40PM -0500, Orie Steele wrote: >> Thanks Matt, >> >> That's also how my implementations work as well (for both JOSE and COSE >> HPKE): > > Is that implementation written from scratch just to test out HPKE in > JOSE and COSE? > > If so, be careful: It is very easy to come up with stuff that seems > good in dedicated test implementation (where one can just cut corners), > but plays hell with existing implementations, or even with new > implementations that support other stuff as well. > > The reason I made my HPKE in COSE test code support encrypting to > any other-type recipient was to catch some of such problems (I found > none). > > > > > -Ilari > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
