[Cryptography] Any reason not to use key derivation to determine IV?
Phillip Hallam-Baker
phill at hallambaker.com
Tue Feb 27 23:38:46 EST 2018
I am doing some work with a JOSE-ish encryption container. The traditional
scheme is
Generate symmetric master key
Encrypt master key under recipient(s) public key to create key blob.
For each chunk of data to be encrypted:
Generate session key
Wrap (i.e. encrypt) session key under master key.
Derive encryption key from session key, generate random IV
Now usually in JOSE, these are options. Well, I do not believe in options.
I would rather have as few code paths as possible. So rather than make the
keywrap step , I always require keywrap, I always require keygen. that way
there is only one possible way for A to talk to B with a particular set of
features.
I sometimes need key derivation, (e,g, when I am stepping up from 128 bit
to 256 bit or when I have encrypted metadata) So I always require it.
Now given that I need the key derivation step, is there any reason not to
use it to generate the IV as well as the encryption key?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180227/be874b2b/attachment.html>
More information about the cryptography
mailing list