Proposed work item: DerivedKey from Magnus Nyström on 2007-12-04 (public-xmlsec-discuss@w3.org from December 2007)

From: Magnus Nyström <magnus@rsa.com>
Date: Tue, 4 Dec 2007 15:12:13 +0100 (W. Europe Standard Time)
To: public-xmlsec-discuss@w3.org
cc: tlr@w3.org
Message-ID: <Pine.WNT.4.62.0712041440200.5760@MAGNUSN-LAP.corp.emc.com>

All,

If there will be work done to revise the existing XML Digital Signature 
specification and the XML Encryption specification, I'd like to propose 
one additional work item: Introduction of a new <ds:KeyInfo> alternative 
called DerivedKey.

The use case for this is when you are authenticating or encrypting 
information based on a key derived from some other information and want to 
convey this information to the recipient of your message. One example is 
when doing passphrase-based cryptography. RSA Laboratories published an 
XML version of PKCS #5 earlier this year, and while the schema introduced 
in that amendment to PKCS #5 is sufficient to cover the basic case of an 
item encrypted with a passphrase-derived key, it does not in itself 
suffice when there are multiple items encrypted (or authenticated) with 
that key, since there is no straightforward way to refer to derived keys.
WS-I BSP also recommends forward cross-referencing when multiple items 
have been encrypted with a key, and exemplify with the EncryptedKey type 
and its <xenc:ReferenceList> element, so this is another reason for doing 
this.

In essence, this is about creating an equivalent to <xenc:EncryptedKey> 
but for derived key. A possible schema approach - clearly for discussion 
if this is considered interesting enough to qualify as a work item - is 
shown below, building on the existing EncryptedKeyType type. I have also 
included a simple example.

-- Magnus
--
<element name="DerivedKey" type="xmlsec:DerivedKeyType"/>
<complexType name="DerivedKeyType">
    <sequence>
      <element name="KeyDerivationMethod" 
type="xmlsec:KeyDerivationMethodType" minOccurs="0"/>
      <element ref="xenc:ReferenceList" minOccurs="0"/>
      <element name="CarriedKeyName" type="string" minOccurs="0"/>
    </sequence>
    <attribute name="Id" type="ID" use="optional"/>
    <attribute name="Type" type="anyURI" use="optional"/>
</complexType>

<complexType name="KeyDerivationMethodType">
    <sequence>
      <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
    </sequence>
    <attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>

<!-- In addition, an identifier is required for cross-referencing, -->
<!-- similar to http://www.w3.org/2001/04/xmlenc#EncryptedKey", e.g.: -->
<!-- http://xxxxxx/#DerivedKey -->
--

<xmlsec:DerivedKey
    xmlns:xmlsec="http://xxxxxx#"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

xmlns:pkcs-5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#"
    Id="Passphrase1">
    <xmlsec:KeyDerivationMethod 
Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5#pbkdf2">
      <pkcs-5:PBKDF2-params>
        <Salt>
          <Specified>Df3dRAhjGh8=</Specified>
        </Salt>
        <IterationCount>2000</IterationCount>
        <KeyLength>16</KeyLength>
        <PRF/>
      </pkcs-5:PBKDF2-params>
    </xmlsec:KeyDerivationMethod>
    <xenc:ReferenceList>
      <xenc:DataReference URI="#ED"/>
    </xenc:ReferenceList>
</xmlsec:DerivedKey>
--

Received on Wednesday, 5 December 2007 18:25:34 UTC