Updating to JWE compliant data model #8
Comments
|
Please be aware, this issue is also posted on the Aries-RFC repo in Hyperledger. I'll facilitate communication across the groups if you don't want to track both conversations. |
|
Yes please, there needs to be a very clear encoding and signature documentation. I would say starting with JWE is a requirement for adoption of any sort. Regarding bloat/size... its more important that the schema be well defined and support existing systems, like jose. I suggest a well defined json schema be adopted as a first step, then you can get more compact representations for free later... https://news.ycombinator.com/item?id=18189473 I don't see why we can't implement this entirely with did + jose and then add support for none jose crypto via case by case basis. |
I'm looking into this now to make sure that the JWE header field
As far as I'm aware, there's no other schema formats that are attempting to protect the sender's key. The additional bloat is coming from having to compact JWE encode a JWK in order to keep sender anonymity.
This is something I've been looking at so far. The tradeoffs to this is that it introduces a lot of confusing aspects for developers that leads to them shooting themselves in the foot. Here's a good blog post on the topic. This is one of the reasons that I've focused on being compliant with the JWE data model, but haven't been trying to build a compliant JWE library. It allows the implementation to be compatible (once everything get's registered) without all the downsides. |
|
Related work on edv using JWE as well... would be nice to sync all of this: digitalbazaar/encrypted-data-vaults#5 |
|
JFYI, we're using this library to generate JWEs with our edv work: |
|
Note the kid format... I think we really need to get this id handling stuff into the did spec with some |
Recently there's been discussion to update this work to be fully JWE compliant. One of the proposed solutions that's come up is to generate the following format:
{ "protected": base64url({ "typ": "prs.hyperledger.aries-auth-message", "alg": "ECDH+XC20PKW", "enc":"XC20P" }), "recipients": [ { "encrypted_key": "base64url(encrypted CEK)", "header": { "kid": "base58(Recipient vk)", "iv": "base64url(CEK encryption IV)", "pk": "compactJWE(Sender PK)" } }, { "encrypted_key": "base64url(encrypted CEK)", "header": { "kid": "base58(Recipient vk)", "iv": "base64url(CEK encryption IV)", "pk": "compactJWE(Sender PK)" } } ], "aad": "base64url(sha256(concat('.',sort([recipients[0].kid, recipients[n].kid]))))", "iv": "base64url(content encryption IV)", "ciphertext": "base64url(ciphertext)", "tag": "base64url(AEAD Authentication Tag)" } Exploded example of compactJWE(Sender PK): { "protected": base64url({ "iv": "base64url(CEK encryption IV)", "epk": "Ephemeral JWK", "typ": "jose", "cty": "jwk+json", "alg": "ECDH-ES+XC20PKW", "enc":"XC20P" }), "encrypted_key": "base64url(encrypted CEK)", "iv": "base64url(content encryption IV)", "ciphertext": "base64url(Encrypted Sender vk as JWK)", "tag": "base64url(AEAD Authentication Tag)" }Here's a provided example of what this would look like:
{ "protected": "eyJ0eXAiOiJwcnMuaHlwZXJsZWRnZXIuYXJpZXMtYXV0aC1tZXNzYWdlIiwiYWxnIjoiRUNESCtYQzIwUEtXIiwiZW5jIjoiWEMyMFAifQ", "recipients": [ { "encrypted_key": "whpkJkvHRP0XX-EqxUOHhHIfuW8i5EMuR3Kxlg5NNIU", "header": { "kid": "5jMonJACEPcLfqVaz8jpqBLXHHKYgCE71XYBmFXhjZVX", "iv": "tjGLK6uChZatAyACFzGmFR4V9othKN8S", "tag": "ma9pIjkQuzaqvq_5y5vUlQ", "pk": "eyJpdiI6IldoVGptNi1DX2xiTlQ4Q2RzN2dfNjdMZzZKSEF3NU5BIiwiZXBrIjp7Imt0eSI6Ik9LUCIsImNydiI6IlgyNTUxOSIsIngiOiJnNjRfblJSSFQyYk1JX1hjT1dHRTdJOGdQcU1VWTF4aUNub2J0LVhDUkNZIn0sInR5cCI6Impvc2UiLCJjdHkiOiJqd2sranNvbiIsImFsZyI6IkVDREgtRVMrWEMyMFBLVyIsImVuYyI6IlhDMjBQIn0.4zUt5tOOlcQWskJqxfMi0tNsfUCAzb5_PDfPqQ1h0Vw.xYkeEXV1_cSYFEd6UBMIfl8MWQfHaDex.XSNKTRXye5-iSXQ-aS_vQVZNEgFE6iA9X_KgSRMzihQBMoI1j4WM3o-9dMT9TeSyMvdq3gXt1NpvLdZHpJplahhk3mxMZL-vawm5Prtf.H7a5N-dggwdesjHyJCl06w" } }, { "encrypted_key": "dDHydlp_wlGt_zwR-yUvESx9fXuO-GRJFGtaw2u6CEw", "header": { "kid": "TfVVqzPT1FQHdq1CUDe9XYcg6Wu2QMusWKhGBXEZsosg", "iv": "7SFlGTxQ4Q2l02D9HRNdFeYQnwntyctb", "tag": "9-O6djpNAizix-ZnjAx-Fg", "pk": "eyJpdiI6IkV6UjBFaVRLazJCT19oc05qOVRxeU9PVmVLRFFPYVp1IiwiZXBrIjp7Imt0eSI6Ik9LUCIsImNydiI6IlgyNTUxOSIsIngiOiJoU1g1NGt5ZTdsd0pBdjlMaUplTmh4eFhaV1N0M3hLSDBXUmh6T1NOb1c0In0sInR5cCI6Impvc2UiLCJjdHkiOiJqd2sranNvbiIsImFsZyI6IkVDREgtRVMrWEMyMFBLVyIsImVuYyI6IlhDMjBQIn0.qKmU5xO8Z1ZtRBWEjEMixb5VZG0mrY0LnjUGjLqktwg.EG-VOZSC2vLdoO5l2_A37IYvdXCckLZp.D4kgD6bYL1YfXyApk5ESKE2sc8TUiO-QGBtY-M5hcV_F88JPZdsi53Qofxk02ZxPHJZK-abDy45pIMH6-KUMDfE6WKhW3nPQhydPYutv.0SO4VjM8sDH-wGHcEpinTg" } } ], "aad": "OGY5ZDIxMDE3YTQ4MTc4YWE5MTk0MWQyOGJmYjQ1ZmZmMTYzYTE3ZjUxYjc4YjA3YTlmY2FlMmMwOTFlMjBhZg", "ciphertext": "x1lnQq_pZLgU2ZC4", "tag": "2JgOe9SRjJXddT9TyIjqrg", "iv": "fDGEXswlWXOBx6FxPC_u6qIuhADnOrW1" }I'm curious what other's opinions are on this approach. I personally am not a fan of the bloat the compact JWE adds in order to encrypt the sender's public key. However, I've not found another approach yet that seems satisfactory. If anyone has some suggestions it would be appreciated.
@csuwildcat @awoie @christianlundkvist @dstrockis
The text was updated successfully, but these errors were encountered: