<html><body><div style="color:#000; background-color:#fff; font-family:tahoma, new york, times, serif;font-size:10pt"><div><span>Hi Mike,</span></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal; "><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal; "><span>I used OpenSSL for the ECDH part and my own KDF.</span></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal; "><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: tahoma, 'new york', times, serif; background-color: transparent; font-style: normal; "><span><br></span></div><div style="color: rgb(0, 0, 0); font-size: 13px; font-family: tahoma, 'new york',
times, serif; background-color: transparent; font-style: normal; "><span>-- Edmund</span></div><div><br></div> <div style="font-family: tahoma, 'new york', times, serif; font-size: 10pt; "> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "> <div dir="ltr"> <hr size="1"> <font size="2" face="Arial"> <b><span style="font-weight:bold;">From:</span></b> Mike Jones <Michael.Jones@microsoft.com><br> <b><span style="font-weight: bold;">To:</span></b> "Axel.Nennker@telekom.de" <Axel.Nennker@telekom.de>; "bcampbell@pingidentity.com" <bcampbell@pingidentity.com> <br><b><span style="font-weight: bold;">Cc:</span></b> "openid-specs-ab@lists.openid.net" <openid-specs-ab@lists.openid.net>; "ejay@mgi1.com" <ejay@mgi1.com> <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, August 12, 2013 8:59 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> RE: [Openid-specs-ab]
ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)<br> </font> </div> <div class="y_msg_container"><br>
Thanks guys. What libraries are all of you using? Axel - are you using just Java or BouncyCastle? Brian? Edmund? I'd like to verify that there are implementations with two different libraries getting the same results.<br><br> Thanks,<br> -- Mike<br><br>-----Original Message-----<br>From: <a ymailto="mailto:Axel.Nennker@telekom.de" href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a> [mailto:<a ymailto="mailto:Axel.Nennker@telekom.de" href="mailto:Axel.Nennker@telekom.de">Axel.Nennker@telekom.de</a>] <br>Sent: Monday, August 12, 2013 7:11 AM<br>To: <a ymailto="mailto:bcampbell@pingidentity.com" href="mailto:bcampbell@pingidentity.com">bcampbell@pingidentity.com</a>; Mike Jones<br>Cc: <a ymailto="mailto:openid-specs-ab@lists.openid.net"
href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a>; <a ymailto="mailto:ejay@mgi1.com" href="mailto:ejay@mgi1.com">ejay@mgi1.com</a><br>Subject: RE: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)<br><br>I get the same data in my Java implementation.<br><br>ECDH-ED KeyAgreement: agreed key=nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ<br>ECDH-ED KeyAgreement: otherInfo=QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA<br>ECDH-ED KeyAgreement: key=usEpwFIC_qrmBExntFwxMA<br><br>Axel<br><br>-----Original Message-----<br>From: <a ymailto="mailto:openid-specs-ab-bounces@lists.openid.net" href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a> [mailto:<a ymailto="mailto:openid-specs-ab-bounces@lists.openid.net" href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>] On Behalf Of Brian Campbell<br>Sent: Sunday, August 11, 2013 4:23
PM<br>To: Mike Jones<br>Cc: <a ymailto="mailto:openid-specs-ab@lists.openid.net" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a> List; Edmund Jay<br>Subject: Re: [Openid-specs-ab] ECDH+KDF example (was Re: Spec Call note 5-Aug-2013)<br><br>Ugh... sorry, I had a mistake in one of the debug outputs in that example. I was printing out the other info bytes where it should have been the counter.<br><br>It was just a mistake in what was being passed to a debug statement.<br>The actual calculation isn't changed/<br><br>So,<br><br>[ConcatKeyDerivationFunction] counter: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,<br>128](27bytes/216bits) | base64url encoded:<br>QTEyOEdDTQAAAAVBbGljZQAAAANCb2<br>IAAACA<br><br>should have been:<br><br>[ConcatKeyDerivationFunction] counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ<br><br><br>So the, hopefully now
correct, complete output is (also attached at text file):<br><br>[ECDH w/ JWA -14 KDF example] Receiver JWK:<br>{"kty":"EC",<br> "crv":"P-256",<br> "x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",<br> "y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",<br> "d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"<br>}<br>[ECDH w/ JWA -14 KDF example] Ephemeral JWK:<br>{"kty":"EC",<br> "crv":"P-256",<br> "x":"weNJy2HscCSM6AEDTDg04biOvhFhyyWvOHQfeF_PxMQ",<br> "y":"e8lnCO-AlStT-NJVX-crhB7QRYhiix03illJOVAOyck",<br> "d":"VEmDZpDXXK8p8N0Cndsxs924q6nS1RXFASRl6BfUqdw"<br>}<br>[ECDH w/ JWA -14 KDF example] Output of sender's ECDH (z): [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,<br>196](32bytes/256bits) | base64url encoded:<br>nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ<br>[ECDH w/ JWA -14 KDF example] Output of receiver ECDH (z): [158, 86, 217, 29, 129, 113, 53,
211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144,<br>196](32bytes/256bits) | base64url encoded:<br>nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ<br>[ECDH w/ JWA -14 KDF example] keydatalen: 128 [ECDH w/ JWA -14 KDF example] algorithmId: A128GCM [ECDH w/ JWA -14 KDF example] apu: QWxpY2U | decoded: Alice [ECDH w/ JWA -14 KDF example] apv: Qm9i | decoded: Bob [ConcatKeyDerivationFunction] Hash Algorithm: SHA-256 with hashlen: 256 bits [ConcatKeyDerivationFunction] KDF:<br>[ConcatKeyDerivationFunction] z: [158, 86, 217, 29, 129, 113, 53,<br>211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128, 106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)<br>| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ<br>[ConcatKeyDerivationFunction] keydatalen: 128<br>[ConcatKeyDerivationFunction] algorithmId: [65, 49, 50, 56, 71,
67,<br>77](7bytes/56bits) | base64url encoded: QTEyOEdDTQ<br>[ConcatKeyDerivationFunction] partyUInfo: [0, 0, 0, 5, 65, 108, 105,<br>99, 101](9bytes/72bits) | base64url encoded: AAAABUFsaWNl<br>[ConcatKeyDerivationFunction] suppPubInfo: [0, 0, 0,<br>128](4bytes/32bits) | base64url encoded: AAAAgA<br>[ConcatKeyDerivationFunction] suppPrivInfo: [](0bytes/0bits) |<br>base64url encoded:<br>[ConcatKeyDerivationFunction] reps: 1<br>[ConcatKeyDerivationFunction] otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,<br>128](27bytes/216bits) | base64url encoded:<br>QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA<br>[ConcatKeyDerivationFunction] rep 1 hashing [ConcatKeyDerivationFunction] counter: [0, 0, 0, 1](4bytes/32bits) | base64url encoded: AAAAAQ [ConcatKeyDerivationFunction] z: [158, 86, 217, 29, 129, 113, 53, 211, 114, 131, 66, 131, 191, 132, 38, 156, 251, 49, 110, 163, 218, 128,
106, 72, 246, 218, 167, 121, 140, 254, 144, 196](32bytes/256bits)<br>| base64url encoded: nlbZHYFxNdNyg0KDv4QmnPsxbqPagGpI9tqneYz-kMQ<br>[ConcatKeyDerivationFunction] otherInfo: [65, 49, 50, 56, 71, 67, 77, 0, 0, 0, 5, 65, 108, 105, 99, 101, 0, 0, 0, 3, 66, 111, 98, 0, 0, 0,<br>128](27bytes/216bits) | base64url encoded:<br>QTEyOEdDTQAAAAVBbGljZQAAAANCb2IAAACA<br>[ConcatKeyDerivationFunction] k(1): [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6, 218](32bytes/256bits) | base64url<br>encoded: usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto<br>[ConcatKeyDerivationFunction] derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48, 92, 55, 131, 15, 80, 148, 215, 60, 65, 196, 187, 233, 163, 142, 6,<br>218](32bytes/256bits) | base64url encoded:<br>usEpwFIC_qrmBExntFwxMFw3gw9QlNc8QcS76aOOBto<br>[ConcatKeyDerivationFunction] first
128 bits of derived key material:<br>[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,<br>48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ConcatKeyDerivationFunction] final derived key material: [186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49,<br>48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA [ECDH w/ JWA -14 KDF example] Derived Key from KDF:[186, 193, 41, 192, 82, 2, 254, 170, 230, 4, 76, 103, 180, 92, 49, 48](16bytes/128bits) | base64url encoded: usEpwFIC_qrmBExntFwxMA<br><br><br><br></div> </div> </div> </div></body></html>