[Internet]Re: "Pluggable" key serialization in JCE/JCA

Anthony Vanelverdinghe dev at anthonyv.be
Mon Mar 28 12:12:06 UTC 2022


Just for the record, the code for the EU Digital Covid Certificate is 
available on GitHub at 
https://github.com/orgs/ehn-dcc-development/repositories?language=java
Specifically, https://github.com/ehn-dcc-development/dgc-java#structure 
says "CBOR, CWT/COSE - Support for representing the DGC in CBOR and to 
sign/validate it. dgc-create-validate"
Authentication for the user to get to their QR code was done via an eID 
(at least in the countries that issue electronic IDs).

Kind regards
Anthony

On 28/03/2022 11:30, Bernd Eckenfels wrote:
> Hello,
>
> I think both might be too protocol specific to include it in JCE, but 
> a library for JWK would fit into JWT support in Jakarta EE.
>
>  For COSE the key descriptors are very simple (no certificates), not 
> sure if anything besides a cose library is really needed. (That 
> library would benefit from a curve registry, but since cose uses its 
> own code values for the curve access to the CurveDB would not help I 
> think).
>
> CBOR is not QR specific, it’s specific for the Covid Vaccination 
> Certificate framework (due to the QR code size restriction it can’t 
> use JSON).
>
> Gruss
> Bernd
> -- 
> http://bernd.eckenfels.net
> ------------------------------------------------------------------------
> *Von:* Anthony Scarpino <anthony.scarpino at oracle.com>
> *Gesendet:* Monday, March 28, 2022 6:31:29 AM
> *An:* Anders Rundgren <anders.rundgren.net at gmail.com>
> *Cc:* Bernd Eckenfels <ecki at zusammenkunft.net>; 
> security-dev at openjdk.java.net <security-dev at openjdk.java.net>
> *Betreff:* Re: [Internet]Re: "Pluggable" key serialization in JCE/JCA
> Thanks for all the info. We don’t have experience with JOSE or COSE, I 
> think we need to digest some of this data before making a future step
>
> Not knowing this technology until you brought it up a few days ago, a 
> few questions i have are how is this used and how common?  Would I see 
> this used for more secure sites like banks or shopping through the 
> browser or it more common sites. Is it only browser-based or are their 
> other used cases?  Bernd mentioned QR codes, is COSE used inside the 
> QR code or the authentication for the user to get to their QR code?
>
> Thanks
>
> Tony
>
> > On Mar 26, 2022, at 11:48 PM, Anders Rundgren 
> <anders.rundgren.net at gmail.com> wrote:
> >
> > On 2022-03-26 23:14, Bernd Eckenfels wrote:
> >> Just for completeness, the standard for key transport in JOSE is 
> JWK (RFC7517).
> >> In COSE it is a COSE_Key(Set) as defined in RFC8152 sect13.
> >> BTW the most widely used CBOR/COSE application are probably the QR 
> codes around Covid and Vaccination certificates of the EU.
> >
> > Thanx Bernd and Michael for the additional clarifications!
> >
> > Now to the thing that spurred this discussion: 
> https://datatracker.ietf.org/doc/html/rfc8037
> >
> >   This document defines how to use the Diffie-Hellman algorithms
> >   "X25519" and "X448" as well as the signature algorithms "Ed25519" and
> >   "Ed448" from the IRTF CFRG elliptic curves work in JSON Object
> >   Signing and Encryption (JOSE).
> >
> > When RFC 8037 was created the assumption was that the "OKP" key 
> container {sh|c}ould be used for other crypto systems having the same 
> parameter set.  This is now an active proposal:
> > 
> https://www.ietf.org/archive/id/draft-looker-cose-bls-key-representations-00.html
> >
> > Obviously everything works just fine if you look at the container in 
> isolation. However, it means that "OKP" encoder/decoder code must be 
> updated for every new reuse ("overloading").  To be meaningful these 
> new algorithms would also have to coerced into the existing XEC or 
> EdDSA interfaces.
> >
> > IMO, this would be VERY UNFORTUNATE since it is incompatible with 
> the provider concept as well as with object oriented crypto APIs.  I'm 
> therefore suggesting that key containers for specific crypto systems 
> should have unique names.  In this particular case "BLS" seems 
> logical.  In Java it could eventually be mapped to BLSPublicKey and 
> BLSPrivateKey.
> >
> > WDYT?
> >
> > There is no need for a JEP at this stage, only some kind of 
> indication of what the JDK crypto team see as the best way forward 
> from your horizon.  The same discussion has emerged for Post Quantum 
> Crypto algorithms.
> >
> > Thanx,
> > Anders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20220328/73475a57/attachment.htm>


More information about the security-dev mailing list