[Openid-specs-ab] Core: is "dir" an allowed alg for Symmetric Encryption?

Mike Jones Michael.Jones at microsoft.com
Thu Dec 19 07:37:14 UTC 2013


This is addressed in the third release candidates.  See the Symmetric Encryption text in http://openid.net/specs/openid-connect-core-1_0-16.html#Encryption.

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Mike Jones
Sent: Wednesday, December 18, 2013 8:36 PM
To: Brian Campbell; <openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] Core: is "dir" an allowed alg for Symmetric Encryption?

Aah - the problem with "dir" is that it talks about "the appropriate bit length for the AES key wrapping algorithm used", correct?  This could be fixed by saying "the appropriate bit length for the AES key wrapping algorithm or direct encryption algorithm used"

There is a problem for keys over 256 bits.  The simple fix is to replace the "greater than 256 bits sentence" with something like:
If a key between 257 and 384 bits is needed, SHA-384 is used instead of SHA-256.  If a key between 385 and 512 bits is needed, SHA-512 is used instead of SHA-256.  If a key wrapping key with greater than 512 bits is needed, a different method of deriving the key from the client_secret would have to be defined by an extension.

Are people good with this addition?  It doesn't break anything, and it allows the use of more algorithms, which we may be glad we enabled at some point in the future.

                                                            -- Mike

From: openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Brian Campbell
Sent: Wednesday, December 18, 2013 3:29 PM
To: <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>
Subject: [Openid-specs-ab] Core: is "dir" an allowed alg for Symmetric Encryption?

Is "dir" an allowed alg for Symmetric Encryption? The text below from Core 10.2 kind of suggests it isn't. And doesn't provide a means of getting an appropriately sized key for dir with A192CBC-HS384 or A256CBC-HS512. I don't think this limitation was intended so wanted to raise the question.

Symmetric Encryption
The symmetric encryption key is derived from the client_secret value by using a left truncated SHA-256 hash of the octets of the UTF-8 representation of the client_secret. The SHA-256 value MUST be left truncated to the appropriate bit length for the AES key wrapping algorithm used, for instance, to 128 bits for A128KW. If a key wrapping key with greater than 256 bits is needed, a different method of deriving the key from the client_secret would have to be defined by an extension. Symmetric encryption MUST NOT be used by public (non-confidential) Clients because of their inability to keep secrets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131219/9d62cee5/attachment-0001.html>


More information about the Openid-specs-ab mailing list