Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

COSE_Encrypt and COSE_Encrypt0 messages can be read, decrypted, and created/encrypted #32123

Open
8 tasks
Tracked by #62600
bartonjs opened this issue Feb 11, 2020 · 1 comment
Open
8 tasks
Tracked by #62600
Assignees
Labels
area-System.Security User Story A single user-facing feature. Can be grouped under an epic.
Milestone

Comments

@bartonjs
Copy link
Member

bartonjs commented Feb 11, 2020

Implement COSE Encryption, IETF RFC 8152, section 5

  • Read and expose metadata for tagged and untagged COSE_Encrypt messages
  • Read and expose metadata for tagged and untagged COSE_Encrypt0 messages
  • Decrypt content using ECDiffieHellman
    • KDFs
      • HKDF-SHA256
      • HKDF-SHA512
    • Symmetric Algorithms
      • AES-GCM
      • AES-CCM
  • Create new encrypted messages.

We do not currently have a concrete use case for this support, but:

  1. Theoretically, any time someone wants CMS support, they could desire COSE/CBOR support as an alternate format
  2. For maintaining consistency with other APIs where we have Sign/Encrypt, we always carry both together
  3. If there was a scenario that arose that needed this, it would likely be needed urgently

With this rationale, we will proceed with this functionality within the same release as #32121.

@bartonjs bartonjs added this to the 5.0 milestone Feb 11, 2020
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Feb 11, 2020
@bartonjs bartonjs removed the untriaged New issue has not been triaged by the area owner label Feb 11, 2020
@bartonjs bartonjs modified the milestones: 5.0, Future Jun 8, 2020
@jeffhandley jeffhandley modified the milestones: Future, 7.0.0 Nov 2, 2021
@jeffhandley jeffhandley added the User Story A single user-facing feature. Can be grouped under an epic. label Dec 9, 2021
@jeffhandley jeffhandley changed the title Add support for reading, decrypting, and creating COSE_Encrypt and COSE_Encrypt0 COSE_Encrypt and COSE_Encrypt0 messages can be read, decrypted, and created Jan 9, 2022
@jeffhandley jeffhandley changed the title COSE_Encrypt and COSE_Encrypt0 messages can be read, decrypted, and created COSE_Encrypt and COSE_Encrypt0 messages can be read, decrypted, and created/encrypted Jan 9, 2022
@bartonjs bartonjs modified the milestones: 7.0.0, 8.0.0 Aug 12, 2022
@jeffhandley
Copy link
Member

We haven't heard any compelling cases where this needs to be used yet, so we're moving this into the Future backlog. Please comment here if you have a scenario where the COSE Encrypt features are needed so that we can understand the use case and look into scheduling this work into a release.

@jeffhandley jeffhandley modified the milestones: 8.0.0, Future Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-System.Security User Story A single user-facing feature. Can be grouped under an epic.
Projects
None yet
Development

No branches or pull requests

4 participants