On Thu, Sep 22, 2022 at 09:34:03PM +0900, AJITOMI Daisuke wrote: > Hi folks, > > Currently, during some discussions on "Use of HPKE with COSE''[1] in the > COSE WG, the topic of how to represent HPKE public keys has been > raised[2][3]. Specifically, it concerns whether encapsulated keys > (ephemeral **sender** public keys) for HPKE should be represented by > COSE_Key (binary version of JWK) or not and I am of the opinion that it > is not necessary to express them in COSE_Key.
Looking at JWE, it seems that JOSE and COSE are quite different and need different strategies. Here is how I would embed HPKE in JOSE: 1) Compact serialization: - Header MUST have enc set to "HPKE". - The Encrypted Key is concatenation of 2-octet big-endian AEAD ID and the encapsulated key from HPKE. - Initialization Vector MUST be empty. - Ciphertext is the raw ciphertext from encrypting the message using HPKE. - Authentication Tag MUST be empty. 2) JSON serialization recipients: - header MUST have alg set to "HPKE". - The encrypted_key is concatenation of 2-octet big-endian AEAD ID, encapsulated key from HPKE and the raw ciphertext from encrypting CEK using HPKE. All wrapped in base64url. Flattened JSON serialization may be either. One can tell which from the value of "enc" in common header. If it is "HPKE", it is 1), otherwise it is 2). > On the other hand, however, I'm thinking it would be better to have a > standardized way and format for publishing **recipient** public keys for > HPKE. In particular, I believe that if we can express them in very popular > JWK format and publish them via developer-friendly jwks_uri endpoints the > use of HPKE on the application layer will be facilitated. I would create a new HPKE kty and put the following inside: - kty: "HPKE". - kem: The integer KEM id. - kdf: The integer KDF id. - pub: The public key (base64url encoded octet string). - priv: The private key (base64url encoded octet string, private keys only). - aead: Integer hint for AEAD id (optional). > Would this topic be inside the scope of the new JOSE WG planned to be > re-chartered? There is also secdispatch... -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
