[Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Edmund Jay ejay at mgi1.com
Mon Aug 12 17:49:01 UTC 2013


Hi Mike,

I used OpenSSL for the ECDH part and my own KDF.


-- Edmund


________________________________
 From: Mike Jones <Michael.Jones at microsoft.com>
To: "Axel.Nennker at telekom.de" <Axel.Nennker at telekom.de>; "bcampbell at pingidentity.com" <bcampbell at pingidentity.com> 
Cc: "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>; "ejay at mgi1.com" <ejay at mgi1.com> 
Sent: Monday, August 12, 2013 8:59 AM
Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)
 

Thanks guys.  What libraries are all of you using?  Axel - are you using just Java or BouncyCastle?   Brian?  Edmund?  I'd like to verify that there are implementations with two different libraries getting the same results.

                Thanks,
                -- Mike

-----Original Message-----
From: Axel.Nennker at telekom.de [mailto:Axel.Nennker at telekom.de] 
Sent: Monday, August 12, 2013 7:11 AM
To: bcampbell at pingidentity.com; Mike Jones
Cc: openid-specs-ab at lists.openid.net; ejay at mgi1.com
Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

I get the same data in my Java implementation.

ECDH-ED KeyAgreement: agreed key=nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
ECDH-ED KeyAgreement: otherInfo=QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
ECDH-ED KeyAgreement: key=usEpwFIC_qrmBExntFwxMA

Axel

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Brian Campbell
Sent: Sunday, August 11, 2013 4:23 PM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net List; Edmund Jay
Subject: Re: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)

Ugh... sorry, I had a mistake in one of the debug outputs in that example. I was printing out the other info bytes where it should have been the counter.

It was just a mistake in what was being passed to a debug statement.
The actual calculation isn't changed/

So,

[ConcatKeyDerivationFunction]  counter: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2
IAAACA

should have been:

[ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ


So the, hopefully now correct, complete output is (also attached at text file):

[ECDH w/ JWA -14 KDF example] Receiver JWK:
{"kty":"EC",
"crv":"P-256",
"x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
"y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
"d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
}
[ECDH w/ JWA -14 KDF example] Ephemeral JWK:
{"kty":"EC",
"crv":"P-256",
"x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",
"y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",
"d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"
}
[ECDH w/ JWA -14 KDF example] Output of sender's ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
196](32bytes/256bits) | base64url encoded:
nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ECDH w/ JWA -14 KDF example] Output of receiver ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,
196](32bytes/256bits) | base64url encoded:
nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ECDH w/ JWA -14 KDF example] keydatalen: 128 [ECDH w/ JWA -14 KDF example] algorithmId: A128GCM [ECDH w/ JWA -14 KDF example] apu: QWxpY2U | decoded: Alice [ECDH w/ JWA -14 KDF example] apv: Qm9i | decoded: Bob [ConcatKeyDerivationFunction] Hash Algorithm: SHA-256 with hashlen: 256 bits [ConcatKeyDerivationFunction] KDF:
[ConcatKeyDerivationFunction]   z: [158, 86, 217, 29, 129, 113, 53,
211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ConcatKeyDerivationFunction]   keydatalen: 128
[ConcatKeyDerivationFunction]   algorithmId: [65, 49, 50, 56, 71, 67,
77](7bytes/56bits) | base64url encoded: QTEyOEdDTQ
[ConcatKeyDerivationFunction]   partyUInfo: [0, 0, 0, 5, 65, 108, 105,
99, 101](9bytes/72bits) | base64url encoded: AAAABUFsaWNl
[ConcatKeyDerivationFunction]   suppPubInfo: [0, 0, 0,
128](4bytes/32bits) | base64url encoded: AAAAgA
[ConcatKeyDerivationFunction]   suppPrivInfo: [](0bytes/0bits) |
base64url encoded:
[ConcatKeyDerivationFunction] reps: 1
[ConcatKeyDerivationFunction] otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
[ConcatKeyDerivationFunction] rep 1 hashing [ConcatKeyDerivationFunction]  counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ [ConcatKeyDerivationFunction]  z: [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)
| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ
[ConcatKeyDerivationFunction]  otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,
128](27bytes/216bits) | base64url encoded:
QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA
[ConcatKeyDerivationFunction]  k(1): [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6, 218](32bytes/256bits) | base64url
encoded: usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
[ConcatKeyDerivationFunction] derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6,
218](32bytes/256bits) | base64url encoded:
usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto
[ConcatKeyDerivationFunction] first 128 bits of derived key material:
[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ConcatKeyDerivationFunction] final derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,
48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ECDH w/ JWA -14 KDF example] Derived Key from KDF:[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130812/b9b17708/attachment.html>


More information about the Openid-specs-ab mailing list