Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add sharedSecret method to key-manager and KMS abstracts #541

Closed
mirceanis opened this issue May 28, 2021 · 0 comments · Fixed by #555
Closed

add sharedSecret method to key-manager and KMS abstracts #541

mirceanis opened this issue May 28, 2021 · 0 comments · Fixed by #555
Labels
enhancement New feature or request planned-feature don't close this just for being stale

Comments

@mirceanis
Copy link
Member

mirceanis commented May 28, 2021
edited
Loading

One of the core crypto operations that should be performed by the key management layer is computing a shared secret.
This would, for example, enable JWE [de]encrypters to use Veramo key management layer instead of requiring direct access to private key material.

  • key-manager plugin needs to expose a keyManagerSharedSecret() method
  • AbstractKeyManagementSystem class should have a new abstract method computeSharedSecret()

The basic API would be something like:
computeSharedSecret(myKey: Partial<IKey>, theirKey: Partial<IKey>)
using Partial<> since the user may wish to provide more key information that would ensure correctness.
Examples:

  • myKey.privateKeyHex + theirKey.publicKeyHex + at least one key has type direct ECDH
  • myKey.type.isCompatible(theirKey.type) && (myKey.privateKeyHex || myKey.kid) => KMS computes ECDH

The result is the RAW shared secret (scalar multiplication in the case of ECC).
To use this for symmetric encryption, one would need to hash it to arrive at a shared Symmetric Key

The key-manager plugin is expected to perform all (or most) of the checks regarding key compatibility and encoding.
The KMS implementations are expected to work mostly on raw Uint8Array data (and key handle in the case of myKey).
@mirceanis mirceanis added planned-feature don't close this just for being stale enhancement New feature or request labels May 28, 2021
mirceanis added a commit that referenced this issue Jun 9, 2021
@mirceanis
feat(key-manager): add method to compute a shared secret
e4080b4 
fixes #541
@mirceanis mirceanis mentioned this issue Jun 9, 2021
Merged
mirceanis added a commit that referenced this issue Jun 9, 2021
@mirceanis
feat(key-manager): add method to compute a shared secret
6d49bca 
fixes #541
@mirceanis mirceanis mentioned this issue Jun 10, 2021
Closed
mirceanis added a commit that referenced this issue Jun 10, 2021
@mirceanis
feat(key-manager): add method to compute a shared secret
34d93ce 
fixes #541
mirceanis added a commit that referenced this issue Jun 10, 2021
@mirceanis
feat(key-manager): add method to compute a shared secret (#555)
393c316 
* feat(key-manager): add method to compute a shared secret

fixes #541
@mirceanis mirceanis mentioned this issue Jul 13, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request planned-feature don't close this just for being stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(key-manager): add method to compute a shared secret decentralized-identity/veramo
1 participant
@mirceanis