This repository has been archived by the owner on Mar 27, 2024. It is now read-only.
update JWEEncrypter to break JWE creation following key wrap/unwrap change #2300
Comments
baha-ai
changed the title
Crypto.Wrap() and finally encrypt plaintext and build JWE
7 tasks
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 6, 2020
This change inclues extracting cek wrapping of JWEs outside of the Tink Composite keys in tinkcrypto package. It also includes related changes to JWEEncrypter/JWEDecrypter as well as the packers and EDV formatter tests using those JWE encrypters services. Following this change, ECDH1PU keys have been removed and ECDHES keys are renamed to ECDH keys. They only execute plaintext AES GCM encryption using a pre created CEK. Their asymetric nature is needed to represent Recipient keys for key wrapping (outside of Tink). closes hyperledger-archives#2299 closes hyperledger-archives#2300 closes hyperledger-archives#2301 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 6, 2020
This change inclues extracting cek wrapping of JWEs outside of the Tink Composite keys in tinkcrypto package. It also includes related changes to JWEEncrypter/JWEDecrypter as well as the packers and EDV formatter tests using those JWE encrypters services. Following this change, ECDH1PU keys have been removed and ECDHES keys are renamed to ECDH keys. They only execute plaintext AES GCM encryption using a pre created CEK. Their asymetric nature is needed to represent Recipient keys for key wrapping (outside of Tink). This change also moved KID creation logic details from pkg/kms/localkms/kid_creator.go to pkg/doc/util/jwkkid/kid_creator.go this avoids circular dependency between pkg/kms/localkms and pkg/doc/jose packages closes hyperledger-archives#2299 closes hyperledger-archives#2300 closes hyperledger-archives#2301 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
baha-ai
pushed a commit
to baha-ai/aries-framework-go
that referenced
this issue
Nov 6, 2020
This change inclues extracting cek wrapping of JWEs outside of the Tink Composite keys in pkg/crypto/tinkcrypto package. It also includes related changes to JWEEncrypter/JWEDecrypter as well as the packers and EDV formatter tests using those JWE encrypters services. Following this change, ECDH1PU keys have been removed and ECDHES keys are renamed to ECDH keys. They only execute plaintext AES GCM encryption using a pre created CEK. Their asymetric nature is needed to represent Recipient keys for key wrapping (outside of Tink). This change also moved KID creation logic details from pkg/kms/localkms/kid_creator.go to pkg/doc/util/jwkkid/kid_creator.go this avoids circular dependency between pkg/kms/localkms and pkg/doc/jose packages closes hyperledger-archives#2299 closes hyperledger-archives#2300 closes hyperledger-archives#2301 closes hyperledger-archives#2256 Signed-off-by: Baha Shaaban <baha.shaaban@securekey.com>
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Update JWEEncrypter to break JWE creation into 3 steps:
Crypto.Wrap()Similarly JWEDecrypter must unwrap CEK for one of the JWE recipients keys found in KMS first, then decrypt ciphertext using the unwrapped CEK
The text was updated successfully, but these errors were encountered: