[Openid-specs-ab] [openid/connect] SHA-256 to get AES KeyWrap key? (issue #828)

Brian Campbell issues-reply at bitbucket.org
Thu Mar 28 13:50:47 UTC 2013

New issue 828: SHA-256 to get AES KeyWrap key?

Brian Campbell:

I know this is a PITA but the use of left truncated SHA-256 hash to get the symmetric encryption key isn't particularity cryptographically agile.   

It is sufficient for what's currently defined (A128KW & A256KW) but the text below couldn't accommodate algorithms needing keys larger that 256bits and seems like it precludes anything but AES based key wrapping.  I dunno, maybe that's okay. But I felt like I should raise it.

"Symmetric Encryption
    The symmetric encryption key is derived from the client_secret value by using a left truncated SHA-256 hash of the bytes of the UTF-8 representation of the client_secret. The SHA-256 value MUST be left truncated to the appropriate bit length for the AES KeyWrap algorithm used, for instance, to 128 bits for A128KW. "


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list