- changed milestone to Implementer's Draft
-
assigned issue to
Michael Jones
SHA-256 to get AES KeyWrap key?
Issue #828
resolved
I know this is a PITA but the use of left truncated SHA-256 hash to get the symmetric encryption key isn't particularity cryptographically agile.
It is sufficient for what's currently defined (A128KW & A256KW) but the text below couldn't accommodate algorithms needing keys larger that 256bits and seems like it precludes anything but AES based key wrapping. I dunno, maybe that's okay. But I felt like I should raise it.
http://openid.net/specs/openid-connect-messages-1_0-16.html#enc "Symmetric Encryption The symmetric encryption key is derived from the client_secret value by using a left truncated SHA-256 hash of the bytes of the UTF-8 representation of the client_secret. The SHA-256 value MUST be left truncated to the appropriate bit length for the AES KeyWrap algorithm used, for instance, to 128 bits for A128KW. "
Comments (2)
-
-
- changed status to resolved
Fixed
#828- Stated that an extension would be needed if a key wrapping key of greater than 256 bits for symmetric encryption needs to be derived.→ <<cset 2abde7d52a0e>>
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Messages
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 0
We will say that if a key wrap key greater than 256 bits is needed, a different method of generating the key from the Client ID would have to be defined.