XML Encryption and Derived Keys: Suggestion For a Minor Addition - PowerPoint PPT Presentation

About This Presentation
Title:

XML Encryption and Derived Keys: Suggestion For a Minor Addition

Description:

WS-I also recommends forward cross-referencing in this case ... attribute name='Id' type='ID' use='optional'/ attribute name='Type' type='anyURI' use='optional' ... – PowerPoint PPT presentation

Number of Views:45
Avg rating:3.0/5.0
Slides: 7
Provided by: Magnus83
Learn more at: https://lists.w3.org
Category:

less

Transcript and Presenter's Notes

Title: XML Encryption and Derived Keys: Suggestion For a Minor Addition


1
XML Encryption and Derived Keys Suggestion For a
Minor Addition
  • Magnus Nyström
  • RSA

2
Background
  • RSA Laboratories PKCS 5 deals with
    password-based cryptography
  • I.e., how to derive keys from shared secrets such
    as passwords
  • These keys are then used for encryption or
    message authentication
  • PKCS 5 syntax originally in ASN.1
  • Natural for use with S/MIME, etc.
  • XML syntax published in 2007
  • http//www.rsa.com/rsalabs/node.asp?id2127

3
PKCS 5 XML Syntax (snippet)
  • ltxscomplexType name"PBES2ParameterType"gtltxsseq
    uencegt ltxselement name"KeyDerivationFunc
    type"AlgorithmIdentifierType"/gt ltxselement
    name"EncryptionScheme type"xencEncryptionMe
    thodType"/gtlt/xssequencegtlt/xscomplexTypegt
  • For use in xencEncryptionMethod
  • ltxencEncryptionMethod Algorithm
    rsa.com./pkcs-5pbes2) ltpkcs-5PBES2-paramsgt
    ltKeyDerivationFunc Algorithmhttp//www.r
    sasecurity.com/.../pkcs-5pbkdf2gt
    lt/KeyDerivationFuncgt ltEncryptionScheme
    Algorithmhttp//www.w3.org/2001/04/xmlencaes12
    8-cbcgt lt/EncryptionSchemegtlt/pkcs-5PBES2-par
    amsgtlt/xencEncryptionMethodgt

4
Whats Missing?
  • An ability to inform a recipient that she should
    use a key derived from a known pass-phrase (or
    other shared secret) for multiple encrypted data
    (or authenticated data) instances
  • A single encrypted (authenticated) data works
    with current approach (PBES2/PBMAC1)
  • WS-I also recommends forward cross-referencing in
    this case
  • It was felt this should be an extension to XML
    Enc rather than PKCS
  • Too generic Derived Key
  • The current gap causes some issues e.g. in IETF
    KEYPROV that leverages PKCS 5
  • Had to define their own Derived Key key type

5
One (out of many!) Possible Way to Do It
  • Modeled after ltxencEncryptedKeyTypegt
  • ltelement name"DerivedKey type"xmlsecDerivedKey
    Type"/gt
  • ltcomplexType name"DerivedKeyType"gt
    ltsequencegt ltelement name"KeyDerivationMethod
    " type"xmlsecKeyDerivationMethodType"
    minOccurs"0"/gt ltelement ref"xencReferenceL
    ist" minOccurs"0"/gt ltelement
    name"CarriedKeyName" type"string"
    minOccurs"0"/gt lt/sequencegt ltattribute
    name"Id" type"ID" use"optional"/gt
    ltattribute name"Type" type"anyURI"
    use"optional"/gtlt/complexTypegt

6
Summary
  • There are use cases for a Derived Key key type
  • They are not currently covered by XML Enc (or by
    PKCS 5)
  • XML Security Group could be natural place to
    introduce this
  • Would like to contribute in this area of work
  • Happy to take on editing responsibility in this
    regard
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "XML Encryption and Derived Keys: Suggestion For a Minor Addition" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!