Skip to content
This repository has been archived by the owner on Mar 27, 2024. It is now read-only.

Generic JWE support for envelopes #815

Closed
troyronda opened this issue Nov 14, 2019 · 0 comments · Fixed by #2486
Closed

Generic JWE support for envelopes #815

troyronda opened this issue Nov 14, 2019 · 0 comments · Fixed by #2486
Assignees
@baha-ai
Labels
enhancement New feature or request
Milestone
v0.1.6

Comments

@troyronda
Copy link
Contributor

troyronda commented Nov 14, 2019
edited by fqutishat
Loading

JWE packer should support ECDH key agreement for curves:

  • X25519
  • NIST P-256/secp256r1

For key encryption algorithms, we should support:

  • ECDH-ES+A256KW
  • ECDH-1PU+A256KW

When performing an ECDH key agreement between a static private key
and any untrusted public key, care should be taken to ensure that the public key is a valid point on the same curve as the private key. (IETF ECDH-1PU RFC)

For content encryption, we should support a similar set to what is being discussed in related DIF issues:

  • XChaCha20-Poly1305 (XC20P)
  • ChaCha20-Poly1305 (C20P)
  • 256-bit AES-GCM (to allow for a FIPS compatability mode)

For the ChaCha modes, we should also compare the related issue JWE format to what we have implemented and update the Aries issue (and implementation).

IANA Notes:

  • C20P and XC20P do not currently have IANA registrations.
  • ECDH-1PU does not have an IANA registration but is defined in an IETF draft (Network WG).

#857 lists some additional algorithms that were contemplated.
@fqutishat fqutishat added this to the Backlog milestone Nov 14, 2019
@troyronda troyronda mentioned this issue Nov 22, 2019
Open
@troyronda troyronda modified the milestones: Backlog, 0.1.1 Nov 22, 2019
@fqutishat fqutishat added the enhancement New feature or request label Dec 5, 2019
@troyronda troyronda modified the milestones: 0.1.1, 0.1.2 Jan 24, 2020
@troyronda troyronda modified the milestones: 0.1.2, 0.1.3 Feb 20, 2020
@troyronda troyronda modified the milestones: 0.1.3, 0.1.4 May 7, 2020
@llorllale llorllale removed this from the 0.1.4 milestone Sep 1, 2020
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 8, 2021
feat: add XChacha key to ECDH AEAD Tink key
48ebe02 
part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815, hyperledger-archives#817

Signed-off-by: Baha Shaaban <[email protected]>
@baha-ai baha-ai mentioned this issue Jan 8, 2021
Merged
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 8, 2021
feat: add XChacha key to ECDH AEAD Tink key
612a9bb 
part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 8, 2021
feat: add XChacha key to ECDH AEAD Tink key
8b805d7 
This is a first change to add XChacha20Poly1305 keys to ECDH Tink keys to support XChacha AEAD encryption and key wrapping.

It includes adding new Tink key managers in the Tink keys package, adding new key protos for Xchacha and creating a new templates.

Future changes will include supporting Key exports, adding a KMS key type, add XChacha Key wrapping and finally testing the new key with the JWE packers.

part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 12, 2021
feat: add XChacha key to ECDH AEAD Tink key
2df5b2e 
This is a first change to add XChacha20Poly1305 keys to ECDH Tink keys to support XChacha AEAD encryption and key wrapping.

It includes adding new Tink key managers in the Tink keys package to support keys for:
1. NIST P curves KW - AES/XChacha20Poly1305 content encryption
2. X25519 KW - AES/XChacha20Poly1305 content encryption

This change also includes new key templates to support the creation of these ECDH keys.

Future changes will include supporting Key exports of these ECDH keys, adding new KMS key types, add XChacha Key wrapping and finally testing the new key with the JWE packers.

part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 12, 2021
feat: add XChacha key to ECDH AEAD Tink key
386ad5a 
This is a first change to add XChacha20Poly1305 keys to ECDH Tink keys to support XChacha AEAD encryption and key wrapping.

It includes adding new Tink key managers in the Tink keys package to support keys for:
1. NIST P curves KW - AES/XChacha20Poly1305 content encryption
2. X25519 KW - AES/XChacha20Poly1305 content encryption

This change also includes new key templates to support the creation of these ECDH keys.

Future changes will include supporting Key exports of these ECDH keys, adding new KMS key types, add XChacha Key wrapping and finally testing the new key with the JWE packers.

part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
@baha-ai baha-ai mentioned this issue Jan 13, 2021
Closed
6 tasks
@baha-ai baha-ai self-assigned this Jan 13, 2021
@baha-ai baha-ai added this to the v0.1.6 milestone Jan 13, 2021
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 25, 2021
feat: add KMS key type for X25519 key
dace834 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447, hyperledger-archives#1684, hyperledger-archives#815
also part of hyperledger-archives#857
closes hyperledger-archives#475, hyperledger-archives#596

Signed-off-by: Baha Shaaban <[email protected]>
@baha-ai baha-ai mentioned this issue Jan 25, 2021
Merged
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 26, 2021
feat: add KMS key type for X25519 key
fd5d90a 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 26, 2021
feat: add KMS key type for X25519 key
f4516fe 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 26, 2021
feat: add KMS key type for X25519 key
244d9b8 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
baha-ai pushed a commit to baha-ai/aries-framework-go that referenced this issue Jan 27, 2021
feat: add KMS key type for X25519 key
c5c0f56 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
sudeshrshetty pushed a commit to sudeshrshetty/aries-framework-go that referenced this issue Oct 18, 2021
@sudeshrshetty
feat: add XChacha key to ECDH AEAD Tink key
115fa1d 
This is a first change to add XChacha20Poly1305 keys to ECDH Tink keys to support XChacha AEAD encryption and key wrapping.

It includes adding new Tink key managers in the Tink keys package to support keys for:
1. NIST P curves KW - AES/XChacha20Poly1305 content encryption
2. X25519 KW - AES/XChacha20Poly1305 content encryption

This change also includes new key templates to support the creation of these ECDH keys.

Future changes will include supporting Key exports of these ECDH keys, adding new KMS key types, add XChacha Key wrapping and finally testing the new key with the JWE packers.

part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
sudeshrshetty pushed a commit to sudeshrshetty/aries-framework-go that referenced this issue Oct 18, 2021
@sudeshrshetty
feat: add KMS key type for X25519 key
0e39dc4 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
sudeshrshetty pushed a commit to sudeshrshetty/aries-framework-go that referenced this issue Jan 22, 2022
@sudeshrshetty
feat: add XChacha key to ECDH AEAD Tink key
97667c2 
This is a first change to add XChacha20Poly1305 keys to ECDH Tink keys to support XChacha AEAD encryption and key wrapping.

It includes adding new Tink key managers in the Tink keys package to support keys for:
1. NIST P curves KW - AES/XChacha20Poly1305 content encryption
2. X25519 KW - AES/XChacha20Poly1305 content encryption

This change also includes new key templates to support the creation of these ECDH keys.

Future changes will include supporting Key exports of these ECDH keys, adding new KMS key types, add XChacha Key wrapping and finally testing the new key with the JWE packers.

part of hyperledger-archives#1637, hyperledger-archives#1806, hyperledger-archives#1684, hyperledger-archives#815

Signed-off-by: Baha Shaaban <[email protected]>
sudeshrshetty pushed a commit to sudeshrshetty/aries-framework-go that referenced this issue Jan 22, 2022
@sudeshrshetty
feat: add KMS key type for X25519 key
0a0dcc1 
This is the last change about X25519 keys for ECDH KW.
It updates the old ECDH key types into the new type names
and add the X25519 key type as well.

It includes JWE encryption/decryption updates to support
XC20P content encryption along with recipients kw using both
NIST P curved keys and X25519 keys.

Also part of this change is the removal of remnant code
from legacyKMS which was removed from the framework last
year.

closes hyperledger-archives#2447
closes hyperledger-archives#1684
closes hyperledger-archives#815
closes hyperledger-archives#475
closes hyperledger-archives#596
also part of hyperledger-archives#857

Signed-off-by: Baha Shaaban <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@baha-ai baha-ai

Labels
enhancement New feature or request
Milestone
v0.1.6
Development

Successfully merging a pull request may close this issue.

feat: add KMS key type for X25519 key baha-ai/aries-framework-go
4 participants
@troyronda @llorllale @fqutishat @baha-ai