-----Original Message----- From: Antonio Sanso [mailto:[email protected]] Sent: Wednesday, May 20, 2015 1:38 AM To: Jim Schaad Cc: [email protected] Subject: Re: [jose] RSAES OAEP and AES GCM usage scenario
hi Jim, thanks for you answer. Some note inline On May 20, 2015, at 1:13 AM, Jim Schaad <[email protected]> wrote: > As a general rule, if you are wrapping the CEK in another layer, then > a new CEK is going to be generated every time. so, if this is the case also for [0] and the CEK is new every time is really necessary to have a different IV every time? [JLS] Strictly speaking it is probably not absolutely necessary. In practice this is a better way to make sure that the CEK/IV is unique since you do not have to keep state around about how things are done. It leads to fewer errors. > This would not be the case if you > were using the "direct" recipient algorithm. what do you mean with direct recipient ? Is there any pointer i can look at :) ? [JLS] look at alg="dir" regards antonio > > Jim > > > -----Original Message----- > From: jose [mailto:[email protected]] On Behalf Of Antonio Sanso > Sent: Tuesday, May 19, 2015 5:59 AM > To: [email protected] > Subject: [jose] RSAES OAEP and AES GCM usage scenario > > hi *, > > in [0] there is an example of JWE with RSAES OAEP and AES GCM. > One of the first steps says "Generate a 256 bit random Content > Encryption Key (CEK)." > My question is,in a real use case scenario would you expect that a new > CEK is generated for every single JWE message? > > thanks > > antonio > > > [0] > https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40#app > endix- > A.1 > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
