But in this case I don't think that I need an encrypted key value because I am using direct.
From: Mike Jones [mailto:[email protected]] Sent: Tuesday, July 23, 2013 8:29 AM To: Jim Schaad; 'Richard Barnes' Cc: [email protected] Subject: RE: [jose] Question on enc location For the first, no - it's missing the required "recipients" element. For the second, no - the "recipients" value is missing the required "encrypted_key" value. Answering Richard's comment - I expect that in most cases people will put elements such as "enc" that are common between all recipients in either the "protected" or "unprotected" top-level headers, but this isn't a requirement. In the worst case, should a sender use different "enc" values for different recipients, the result will be that the JWE will fail to decrypt for all the recipients in which the "enc" value is incorrect. -- Mike From: Jim Schaad [mailto:[email protected]] Sent: Tuesday, July 23, 2013 5:23 AM To: 'Richard Barnes'; Mike Jones Cc: [email protected] Subject: RE: [jose] Question on enc location As a follow up. Is this legal? { Header: <alg:"direct", enc:"AES-GCM"}, IV: ., tag:., payload:. } Or is the line Recipients:[{}], Required? From: Richard Barnes [mailto:[email protected]] Sent: Tuesday, July 23, 2013 5:04 AM To: Mike Jones Cc: Jim Schaad; [email protected] Subject: Re: [jose] Question on enc location In which case, it seems like it should be in the top level header, to avoid having it repeated every time. In general, it seems like there are "content" parameters (e.g., enc, zip, cty) that should go at the top level, and "key" parameters that should be per-recipient (e.g., alg, epk, salt). It would be helpful to implementors to be clear about what goes where. On Monday, July 22, 2013, Mike Jones wrote: No - just that the "enc" field for all recipients be the same. From: [email protected] <javascript:_e(%7b%7d,%20'cvml',%20'[email protected]');> [mailto:[email protected] <javascript:_e(%7b%7d,%20'cvml',%20'[email protected]');> ] On Behalf Of Jim Schaad Sent: Monday, July 22, 2013 4:33 PM To: [email protected] <javascript:_e(%7b%7d,%20'cvml',%20'[email protected]');> Subject: [jose] Question on enc location Is there supposed to be a requirement in the JWE specification that the enc field be in the common protected (or unprotected) header and no in the individual recipient header information? Jim
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
