[Openid-specs-ab] Updated JWE encryption examples

Edmund Jay ejay at mgi1.com
Thu Sep 6 19:02:23 UTC 2012


Hi Mike,

It appears that I'm wrong about being able to get the same encrypted output as 
you for PKCS1 v1.5 RSA encryption.
When using the public key to do encryption, that are some pseudorandom bytes 
added to the padding.
I was able to get the CMK back from decrypting yours and mine encrypted values 
using the same private key.


So the examples are correct.


-- Edmund








________________________________
From: Mike Jones <Michael.Jones at microsoft.com>
To: "openid-connect-interop at googlegroups.com" 
<openid-connect-interop at googlegroups.com>; Emmanuel Raviart 
<emmanuel at raviart.com>; Brian Campbell <bcampbell at pingidentity.com>; Axel 
Nennker <Axel.Nennker at telekom.de>
Cc: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>
Sent: Wed, September 5, 2012 9:32:41 PM
Subject: RE: Updated JWE encryption examples

 
Were you able to get the same encrypted key value for the example at 
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-05#appendix-A.2?  
If so, then we should figure out why your encrypted key value is different for 
the new example.
 
                                                            -- Mike
 
From:openid-connect-interop at googlegroups.com 
[mailto:openid-connect-interop at googlegroups.com] On Behalf Of Edmund Jay
Sent: Wednesday, September 05, 2012 12:24 PM
To: openid-connect-interop at googlegroups.com; Emmanuel Raviart; Brian Campbell; 
Axel Nennker
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: Re: Updated JWE encryption examples
 
Hi Mike,

I've got the following results with your examples :

JWE.log :

I'm unable to get the same encrypted key using either the private or public part 
of the given key. However, I am able to decrypt your encrypted key with no 
problem. Since it's only using PCKS1-v1_5, I believe I should be able to get the 
same encrypted key value.

The CEK and CIK and ciphertext results are the same.

Using your encrypted key gives me the same results for the integrity value.


JWE2.log :

Due to the RSA-OAEP algorithm, I can only perform decryption on your encrypted 
key. The decrypted value matches your CMK.
Using your AAD, the I was able to successfully decrypt and verify your data.

-- Edmund





 

________________________________
 
From:Mike Jones <Michael.Jones at microsoft.com>
To: Edmund Jay <ejay at mgi1.com>; Emmanuel Raviart <emmanuel at raviart.com>; Brian 
Campbell <bcampbell at pingidentity.com>; Axel Nennker  <Axel.Nennker at telekom.de>
Cc: "openid-connect-interop at googlegroups.com" 
<openid-connect-interop at googlegroups.com>; "openid-specs-ab at lists.openid.net"  
<openid-specs-ab at lists.openid.net>
Sent: Tue, September 4, 2012 11:56:28 AM
Subject: Re: Updated JWE encryption examples
Have any of you tried decrypting these updated examples?  I plan on using them 
in the next release of the JWE spec, but would like confirmation that they’re 
correct.
 
                                                                Thanks again,
                                                                -- Mike
 
From:openid-connect-interop at googlegroups.com 
[mailto:openid-connect-interop at googlegroups.com] On Behalf Of Mike Jones
Sent: Wednesday, August 29, 2012 10:12 PM
To: Edmund Jay; Emmanuel Raviart; Brian Campbell; Axel Nennker
Cc: openid-connect-interop at googlegroups.com; openid-specs-ab at lists.openid.net
Subject: Updated JWE encryption examples
 
Here’s updated encryption examples incorporating the proposed JWE/JWA changes.  
In summary, changes in these computations are:
·        Updated the Concat KDF calculation, per yesterday’s e-mail
·        Consolidated the “enc”, “int”, and “kdf” parameters into a composite 
“enc” parameter, with new AES CBC “enc” values “A128CBC+HS256” and 
“A256CBC+HS512”
·        Moved initialization vector out of the header into its own 
dot-separated parameter value (to save space and to factor it out for the JSON 
Serialization), with the JWE representation becoming 
header.encryptedKey.initializationVector.ciphertext.integrityValue
 
The examples attached are:
·        JWE.log:  Will be used to create the new AES-CBC example in Section 3.2 
and Appendix A.2 of the JWE specification
·        JWE2.log:  Will be used to create the new AES-GCM example in Section 
3.1 and Appendix A.1 of the JWE specification
 
It would be great if any of you can verify that you can decrypt these results!
 
                                                            Thanks again,
                                                            -- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120906/fcfcb184/attachment.html>


More information about the Openid-specs-ab mailing list