XML Encryption, XML Signature, and Derived Keys: Suggestion For a Minor Addition |
Magnus Nystršm | |
RSA |
Background |
RSA Laboratories PKCS #5 deals with Òpassword-based cryptographyÓ | ||
I.e., how to derive keys from shared secrets such as passwords | ||
These keys are then used for encryption or message authentication | ||
PKCS #5 syntax originally in ASN.1 | ||
Natural for use with S/MIME, etc. | ||
XML syntax published in 2007 | ||
http://www.rsa.com/rsalabs/node.asp?id=2127 | ||
PKCS #5 XML Syntax (snippet) |
<xs:complexType
name="PBES2ParameterType"> <xs:sequence> <xs:element name="KeyDerivationFuncÒ type="AlgorithmIdentifierType"/> <xs:element name="EncryptionSchemeÒ type="xenc:EncryptionMethodType"/> </xs:sequence> </xs:complexType> |
||
For use in xenc:EncryptionMethod | ||
<xenc:EncryptionMethod Algorithm = rsa.comÉ./pkcs-5#pbes2) <pkcs-5:PBES2-params> <KeyDerivationFunc Algorithm=Òhttp://www.rsasecurity.com/.../pkcs-5#pbkdf2Ó> É </KeyDerivationFunc> <EncryptionScheme Algorithm=Òhttp://www.w3.org/2001/04/xmlenc#aes128-cbcÓ> </EncryptionScheme> </pkcs-5:PBES2-params></xenc:EncryptionMethod> |
WhatÕs Missing? |
An ability to inform a recipient that she should use a key derived from a known pass-phrase (or other shared secret) for multiple encrypted data (or authenticated data) instances | ||
A single encrypted (authenticated) data works with current approach (PBES2/PBMAC1) | ||
WS-I also recommends forward cross-referencing in this case | ||
It was felt this should be an extension to XML Enc/ XML Dsig rather than PKCS | ||
Too generic – Derived Key | ||
The current gap causes some issues – e.g. in IETF KEYPROV that leverages PKCS #5 | ||
Had to define their own Derived Key key type |
One (out of many!) Possible Way to Do It |
Modeled after <xenc:EncryptedKeyType> | |
<element name="DerivedKeyÒ type="xmlsec:DerivedKeyType"/> | |
<complexType
name="DerivedKeyType"> <sequence> <element name="KeyDerivationMethod" type="xmlsec:KeyDerivationMethodType" minOccurs="0"/> <element ref="xenc:ReferenceList" minOccurs="0"/> <element name="CarriedKeyName" type="string" minOccurs="0"/> </sequence> <attribute name="Id" type="ID" use="optional"/> <attribute name="Type" type="anyURI" use="optional"/> </complexType> |
Summary |
There are use cases for a ÒDerived KeyÓ key type | |
They are not currently covered by XML Enc, XML Dsig (or by PKCS #5) | |
XML Security Group could be natural place to introduce this | |
Would like to contribute in this area of work | |
Happy to take on editing responsibility in this regard |