[Openid-specs-ab] JWE AES KeyWrap Example

Mike Jones Michael.Jones at microsoft.com
Fri Sep 14 00:02:56 UTC 2012


Thanks, Edmund!

________________________________
From: Edmund Jay
Sent: 9/13/2012 1:45 PM
To: openid-connect-interop at googlegroups.com
Cc: Axel Nennker; Brian Campbell; Emmanuel Raviart; openid-specs-ab at lists.openid.net; Mike Jones
Subject: Re: JWE AES KeyWrap Example

Axel,

The keywrap algorithm takes n 64 bit blocks of plaintext and outputs (n+1) 64 bit blocks of ciphertext.
In this case, the CMK is 128 bits which is 2x64 bit blocks (or 16 bytes) . The ciphertext is therefore 3 x 64 bit blocks or (24 bytes).
When unwrapped, the first 8 bytes of the decrypted text should be [a6, a6, a6, a6, a6, a6, a6, a6]. It's used as an integrity check.


Mike,

I have the same results.

-- Edmund



________________________________
From: Axel Nennker <ignisvulpis at googlemail.com>
To: openid-connect-interop at googlegroups.com
Cc: Edmund Jay <ejay at mgi1.com>; Axel Nennker <Axel.Nennker at telekom.de>; Brian Campbell <bcampbell at pingidentity.com>; Emmanuel Raviart <emmanuel at raviart.com>; "openid-specs-ab at lists.openid.net" <openid-specs-ab at lists.openid.net>; Michael B. Jones <Michael.Jones at microsoft.com>
Sent: Thu, September 13, 2012 10:37:25 AM
Subject: Re: JWE AES KeyWrap Example

The length of Encrypted Key
[164, 255, 251, 1, 64, 200, 65, 200, 34, 197, 81, 143, 43, 211, 240, 38,
 191, 161, 181, 117, 119, 68, 44, 80]
is 24 bytes or 192 bits. Why?

Axel

2012/9/13 Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
Could one or more of you please check the attached AES KeyWrap example that I plan to add to the JWE spec?  It uses "alg":"A128KW" and "enc":"A128GCM".  Both algorithms produce repeatable results, and so the example should be fully reproducible.

Like the previous updated examples, the format of the JWE is:
               header.encryptedKey.initializationVector.ciphertext.integrityValue
and the Additional Associated Data value for the GCM calculation is computed as:
               securedInput = encodedHeader + "." + encodedEncryptedKey + "." + encodedInitializationVector;

                                                            Thanks,
                                                            -- Mike



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120914/bb0ac246/attachment.html>


More information about the Openid-specs-ab mailing list