JOSE,
The Terminology section in JWE defines Key Encryption and Key Wrapping with
the only difference between the two being the type of key (asymmetric vs.
symmetric respectively) that is used to encrypt the CEK. Here's the text
from JWE ยง2 [1]:
"Key Encryption A Key Management Mode in which the Content Encryption
Key (CEK) value is encrypted to the intended recipient using an
asymmetric encryption algorithm.
Key Wrapping A Key Management Mode in which the Content Encryption
Key (CEK) value is encrypted to the intended recipient using a
symmetric key wrapping algorithm."
However, JWA seems inconsistent in its use of those terms when it talks
about about "Key Encryption" with AES GCM [2] and PBES [3], which are
symmetric and thus should be "Key Wrapping" based on the definitions above
from JWE. Or am I missing something here?
Are JWE's definitions of Key Encryption and Key Wrapping consistent with
how the world at large would use and understand the terms? I wasn't
familiar with the distinction myself. And a little web searching wasn't too
conclusive - it looks like XML ENC uses "Key Transport" [4] and "Symmetric
Key Wrap" [5] as does CMS [6] while Wikipedia (yeah, I went there) seems to
like "Key Encapsulation" [7] and "Key Wrap" [8].
Not that the terms really matter all that much but I've been having a hard
time naming things in my implementation and my confusion here isn't helping.
Thanks,
Brian
[1]
http://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-14#section-2
[2]
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-4.8
[3]
http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#section-4.9
[4] http://www.w3.org/TR/xmlenc-core/#sec-Alg-KeyTransport
[5] http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
[6] http://tools.ietf.org/html/rfc6033
[7] http://en.wikipedia.org/wiki/Key_encapsulation
[8] http://en.wikipedia.org/wiki/Key_Wrap
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
