| < draft-jones-jose-aes-gcm-key-wrap-00.txt | draft-jones-jose-aes-gcm-key-wrap-01.txt > | |||
|---|---|---|---|---|
| JOSE Working Group M. Jones | JOSE Working Group M. Jones | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Intended status: Standards Track June 13, 2013 | Intended status: Standards Track July 14, 2013 | |||
| Expires: December 15, 2013 | Expires: January 15, 2014 | |||
| Key Wrapping with AES GCM for JWE | Key Wrapping with AES GCM for JWE | |||
| draft-jones-jose-aes-gcm-key-wrap-00 | draft-jones-jose-aes-gcm-key-wrap-01 | |||
| Abstract | Abstract | |||
| This specification defines how to encrypt (wrap) keys with the AES | This specification defines how to encrypt (wrap) keys with the AES | |||
| GCM algorithm for JSON Web Encryption (JWE) objects. | GCM algorithm for JSON Web Encryption (JWE) objects. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 31 ¶ | skipping to change at page 1, line 31 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 15, 2013. | This Internet-Draft will expire on January 15, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 11 ¶ | skipping to change at page 2, line 11 ¶ | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | 1.1. Notational Conventions . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Key Encryption with AES GCM . . . . . . . . . . . . . . . . . . 3 | 3. Key Encryption with AES GCM . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Header Parameters Used for AES GCM Key Encryption . . . . . 4 | ||||
| 3.1.1. "iv" (Initialization Vector) Header Parameter . . . . . 4 | ||||
| 3.1.2. "tag" (Authentication Tag) Header Parameter . . . . . . 4 | ||||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4.1. JSON Web Signature and Encryption Algorithms | 4.1. JSON Web Signature and Encryption Algorithms | |||
| Registration . . . . . . . . . . . . . . . . . . . . . . . 4 | Registration . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 4.1.1. Registry Contents . . . . . . . . . . . . . . . . . . . 4 | 4.1.1. Registry Contents . . . . . . . . . . . . . . . . . . . 4 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 | 4.2. Registration of JWE Header Parameter Names . . . . . . . . 4 | |||
| 6. Normative References . . . . . . . . . . . . . . . . . . . . . 4 | 4.2.1. Registry Contents . . . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Document History . . . . . . . . . . . . . . . . . . . 5 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 6. Normative References . . . . . . . . . . . . . . . . . . . . . 5 | |||
| Appendix A. Document History . . . . . . . . . . . . . . . . . . . 6 | ||||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 | ||||
| 1. Introduction | 1. Introduction | |||
| This specification defines how to encrypt (wrap) keys with the AES | This specification defines how to encrypt (wrap) keys with the AES | |||
| GCM algorithm [AES] [NIST.800-38D] for JSON Web Encryption (JWE) | GCM algorithm [AES] [NIST.800-38D] for JSON Web Encryption (JWE) | |||
| [JWE] objects. | [JWE] objects. | |||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| skipping to change at page 3, line 33 ¶ | skipping to change at page 3, line 33 ¶ | |||
| 3. Key Encryption with AES GCM | 3. Key Encryption with AES GCM | |||
| This section defines the specifics of encrypting a JWE Content | This section defines the specifics of encrypting a JWE Content | |||
| Encryption Key (CEK) with Advanced Encryption Standard (AES) in | Encryption Key (CEK) with Advanced Encryption Standard (AES) in | |||
| Galois/Counter Mode (GCM) [AES] [NIST.800-38D] using 128 or 256 bit | Galois/Counter Mode (GCM) [AES] [NIST.800-38D] using 128 or 256 bit | |||
| keys. The "alg" header parameter values "A128GCMKW" or "A256GCMKW" | keys. The "alg" header parameter values "A128GCMKW" or "A256GCMKW" | |||
| are respectively used in this case. | are respectively used in this case. | |||
| Use of an Initialization Vector of size 96 bits is REQUIRED with this | Use of an Initialization Vector of size 96 bits is REQUIRED with this | |||
| algorithm. | algorithm. The Initialization Vector is represented in base64url | |||
| encoded form as the "iv" (initialization vector) header parameter | ||||
| value. | ||||
| The Additional Authenticated Data value used is the empty octet | The Additional Authenticated Data value used is the empty octet | |||
| string. | string. | |||
| The requested size of the Authentication Tag output MUST be 128 bits, | The requested size of the Authentication Tag output MUST be 128 bits, | |||
| regardless of the key size. | regardless of the key size. | |||
| Let JWE Encrypted Key value be the concatenation of the | The JWE Encrypted Key value is the Ciphertext output. | |||
| Initialization Vector value, the Ciphertext output, and the | ||||
| Authentication Tag output. | ||||
| During key decryption, the JWE Encrypted Key value is split into | The Authentication Tag output is represented in base64url encoded | |||
| three inputs to the AES GCM decryption algorithm: the first 96 bits | form as the "tag" (authentication tag) header parameter value. | |||
| are the Initialization Vector value, the last 128 bits are the | ||||
| Authentication Tag value, and the remaining bits in between are the | 3.1. Header Parameters Used for AES GCM Key Encryption | |||
| Ciphertext value. | ||||
| The following Header Parameter Names are used for AES GCM key | ||||
| encryption. They MAY also be used by other algorithms if so | ||||
| specified by those algorithm parameter definitions. | ||||
| 3.1.1. "iv" (Initialization Vector) Header Parameter | ||||
| The "iv" (initialization vector) header parameter value is the | ||||
| base64url encoded representation of the Initialization Vector value | ||||
| used for the key encryption operation. This Header Parameter is | ||||
| REQUIRED and MUST be understood and processed by implementations when | ||||
| these algorithms are used. | ||||
| 3.1.2. "tag" (Authentication Tag) Header Parameter | ||||
| The "tag" (authentication tag) header parameter value is the | ||||
| base64url encoded representation of the Authentication Tag value | ||||
| resulting from the key encryption operation. This Header Parameter | ||||
| is REQUIRED and MUST be understood and processed by implementations | ||||
| when these algorithms are used. | ||||
| 4. IANA Considerations | 4. IANA Considerations | |||
| 4.1. JSON Web Signature and Encryption Algorithms Registration | 4.1. JSON Web Signature and Encryption Algorithms Registration | |||
| This specification registers the algorithms defined in Section 3 in | This specification registers the algorithms defined in Section 3 in | |||
| the JSON Web Signature and Encryption Algorithms registry [JWA]. | the JSON Web Signature and Encryption Algorithms registry [JWA]. | |||
| 4.1.1. Registry Contents | 4.1.1. Registry Contents | |||
| skipping to change at page 4, line 26 ¶ | skipping to change at page 4, line 48 ¶ | |||
| o Implementation Requirements: OPTIONAL | o Implementation Requirements: OPTIONAL | |||
| o Change Controller: IETF | o Change Controller: IETF | |||
| o Specification Document(s): Section 3 of [[ this document ]] | o Specification Document(s): Section 3 of [[ this document ]] | |||
| o Algorithm Name: "A256GCMKW" | o Algorithm Name: "A256GCMKW" | |||
| o Algorithm Usage Location(s): "alg" | o Algorithm Usage Location(s): "alg" | |||
| o Implementation Requirements: OPTIONAL | o Implementation Requirements: OPTIONAL | |||
| o Change Controller: IETF | o Change Controller: IETF | |||
| o Specification Document(s): Section 3 of [[ this document ]] | o Specification Document(s): Section 3 of [[ this document ]] | |||
| 4.2. Registration of JWE Header Parameter Names | ||||
| This specification registers the Header Parameter Names defined in | ||||
| Section 3.1 in the IANA JSON Web Signature and Encryption Header | ||||
| Parameters registry [JWS]. | ||||
| 4.2.1. Registry Contents | ||||
| o Header Parameter Name: "iv" | ||||
| o Header Parameter Usage Location(s): JWE | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 3.1.1 of [[ this document ]] | ||||
| o Header Parameter Name: "tag" | ||||
| o Header Parameter Usage Location(s): JWE | ||||
| o Change Controller: IETF | ||||
| o Specification Document(s): Section 3.1.2 of [[ this document ]] | ||||
| 5. Security Considerations | 5. Security Considerations | |||
| The security considerations in [AES] and [NIST.800-38D] also apply to | The security considerations in [AES] and [NIST.800-38D] also apply to | |||
| this specification. | this specification. | |||
| 6. Normative References | 6. Normative References | |||
| [AES] National Institute of Standards and Technology (NIST), | [AES] National Institute of Standards and Technology (NIST), | |||
| "Advanced Encryption Standard (AES)", FIPS PUB 197, | "Advanced Encryption Standard (AES)", FIPS PUB 197, | |||
| November 2001. | November 2001. | |||
| [JWA] Jones, M., "JSON Web Algorithms (JWA)", | [JWA] Jones, M., "JSON Web Algorithms (JWA)", | |||
| draft-ietf-jose-json-web-algorithms (work in progress), | draft-ietf-jose-json-web-algorithms (work in progress), | |||
| May 2013. | July 2013. | |||
| [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | [JWE] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web | |||
| Encryption (JWE)", draft-ietf-jose-json-web-encryption | Encryption (JWE)", draft-ietf-jose-json-web-encryption | |||
| (work in progress), May 2013. | (work in progress), July 2013. | |||
| [JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web | ||||
| Signature (JWS)", draft-ietf-jose-json-web-signature (work | ||||
| in progress), July 2013. | ||||
| [NIST.800-38D] | [NIST.800-38D] | |||
| National Institute of Standards and Technology (NIST), | National Institute of Standards and Technology (NIST), | |||
| "Recommendation for Block Cipher Modes of Operation: | "Recommendation for Block Cipher Modes of Operation: | |||
| Galois/Counter Mode (GCM) and GMAC", NIST PUB 800-38D, | Galois/Counter Mode (GCM) and GMAC", NIST PUB 800-38D, | |||
| December 2001. | December 2001. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| Appendix A. Document History | Appendix A. Document History | |||
| [[ to be removed by the RFC editor before publication as an RFC ]] | [[ to be removed by the RFC editor before publication as an RFC ]] | |||
| -01 | ||||
| o Represented Initialization Vector and Authentication Tag values | ||||
| used as header parameter values so as to be more parallel with | ||||
| their treatment when using AES GCM for content encryption, per | ||||
| working group request. | ||||
| -00 | -00 | |||
| o Created draft-jones-jose-aes-gcm-key-wrap. | o Created draft-jones-jose-aes-gcm-key-wrap. | |||
| Author's Address | Author's Address | |||
| Michael B. Jones | Michael B. Jones | |||
| Microsoft | Microsoft | |||
| Email: mbj@microsoft.com | Email: mbj@microsoft.com | |||
| End of changes. 12 change blocks. | ||||
| 19 lines changed or deleted | 72 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||