Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mandate A256GCM for response encryption (compliant with 18013-7) #364

Open
peppelinux opened this issue Feb 18, 2025 · 1 comment
Open

Mandate A256GCM for response encryption (compliant with 18013-7) #364

peppelinux opened this issue Feb 18, 2025 · 1 comment
Labels
potential-lsp standardization

Comments

@peppelinux
Copy link
Member

peppelinux commented Feb 18, 2025
edited
Loading

Let's use A256GCM by default

as it is supported by cryptojwt as well: https://github.com/search?q=repo%3AIdentityPython%2FJWTConnect-Python-CryptoJWT%20%20A256GCM&type=code

@Zicchio ^
@Zicchio
Copy link
Collaborator

Zicchio commented Feb 18, 2025
edited
Loading

Expanidng a little bit for documentation and other readers.

JWE with asymmetric content encryption use an hybrid encryption scheme (like TLS). The scheme has two component:
(1) a secret sharing algorithm (or key encryption algorithm), which is an asymmetric secret sharing scheme like diffie hellman, which uses a public/private key pair. This key is called Key Encryption Key (KEK). This algorithm will negotiate a (symmetric) Content Encryption Key (CEK).
Which secret sharing algorithm to use is contaned in the alg header https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.1.
(2) a content encryption algorithm, which will use the CEK shared above to actually encrypt the content payload. Which algorithm is used to encrypt the payload is in the enc header https://datatracker.ietf.org/doc/html/rfc7516#section-4.1.2

We already do use AES-GCM with 256 bit size key as the default algorithm for content encryption (2).

Se default map for content encryption algorithm, which favours AES-GCM for EC KEK

eudi-wallet-it-python/pyeudiw/jwt/jws_helper.py

Lines 39 to 42 in ea3a917

DEFAULT_ENC_ENC_MAP = {
"RSA": "A256CBC-HS512",
"EC": "A256GCM"
}

and its usage

eudi-wallet-it-python/pyeudiw/jwt/jwe_helper.py

Lines 60 to 66 in ea3a917

_keyobj = JWE_CLASS(
_payload,
alg=DEFAULT_ENC_ALG_MAP[key.kty],
enc=DEFAULT_ENC_ENC_MAP[key.kty],
kid=key.kid,
**kwargs
)

I'm not sure if there is a KEK (asymmetric) scheme (1) that involves AES-GCM.
Our default is ECDH-ES+A256KW, which I'm honestly clueless about the details. I was knowledgebale only about ECDH-ES.

eudi-wallet-it-python/pyeudiw/jwt/jws_helper.py

Lines 34 to 37 in ea3a917

DEFAULT_ENC_ALG_MAP = {
"RSA": "RSA-OAEP",
"EC": "ECDH-ES+A256KW"
}

Expanding the issue with current Potential LSP requirement, I'd personally prefer is Potential LSP mandated both a default content encryption algorithm (AES-GCM) AND key encryption algorithm (no proposal as of 2025-02-18), that is, clealy specified what to support in both alg and enc header parameters of a JWE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
potential-lsp standardization
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peppelinux @Zicchio