Support encryption via Elliptic Curve Diffie-Hellman key agreement (ECDH)
Basics
Logistics
Basics
Logistics
Description
Need XMLObject provider support for new schema.
Need components for actual key agreement cryptographic operations. Probably produces a Credential with the derived SecretKey. Not clear yet what Santuario might add for this, if anything.
Need support for emitting and consuming the relevant KeyInfo structures. On the consumption side, probably includes a KeyInfoProvider that processes a xenc:AgreementMethod and produces a Credential with the derived SecretKey. On the emission side, probably need KeyInfoGenerator/-Factory which can handle producing the xenc:AgreementMethod.
May need a new Credential sub-interface (e.g. AgreementMethodCredential or KeyAgreementCredential) which can carry the following additional info necessary to produce KeyInfo xenc:AgreementMethod:
the key agreement algorithm
other algorithm info and/or parameters (e.g. KDF algo + params, digest method)
nonce
originator and recipient Credentials or equivalent key material info
There is a new cred type KeyAgreementCredential, which is produced by a KeyAgreementProcessor.
The latter is invoked in the BasicEncryptionParametersResolver on the encryption side, and in the the new AgreementMethodKeyInfoProvider on the decryption side.
For the output/encryption side, there is a new KeyAgreementKeyInfoGeneratorFactory which handles generating KeyInfo from the new credential type.
There are various related support components, notably the KeyAgreementParameter which represents inputs to the agreement op. The most import subtype there is the KeyDerivation interface for the KDF impls.
Need XMLObject provider support for new schema.
Need components for actual key agreement cryptographic operations. Probably produces a Credential with the derived SecretKey. Not clear yet what Santuario might add for this, if anything.
Need support for emitting and consuming the relevant KeyInfo structures. On the consumption side, probably includes a KeyInfoProvider that processes a xenc:AgreementMethod and produces a Credential with the derived SecretKey. On the emission side, probably need KeyInfoGenerator/-Factory which can handle producing the xenc:AgreementMethod.
May need a new Credential sub-interface (e.g. AgreementMethodCredential or KeyAgreementCredential) which can carry the following additional info necessary to produce KeyInfo xenc:AgreementMethod:
the key agreement algorithm
other algorithm info and/or parameters (e.g. KDF algo + params, digest method)
nonce
originator and recipient Credentials or equivalent key material info