Skip to main content

Appendix B. Two Layers of Recipient Information

Appendix B. Two Layers of Recipient Information

All of the currently defined recipient algorithm classes only use two layers of the COSE structure. The first layer (COSE_Encrypt) is the message content, and the second layer (COSE_Recipient) is the content key encryption. However, if one uses a recipient algorithm such as the RSA Key Encapsulation Mechanism (RSA-KEM) (see Appendix A of RSA- KEM [RFC5990]), then it makes sense to have two layers of the COSE_Recipient structure.

These layers would be:

  • Layer 0: The content encryption layer. This layer contains the payload of the message.

  • Layer 1: The encryption of the CEK by a KEK.

  • Layer 2: The encryption of a long random secret using an RSA key and a key derivation function to convert that secret into the KEK.

This is an example of what a triple-layer message would look like. To make it easier to read, it is presented using the extended CBOR diagnostic notation (defined in [RFC8610]) rather than as a binary dump. The message has the following layers:

  • Layer 0: Has content encrypted with AES-GCM using a 128-bit key.

  • Layer 1: Uses the AES Key Wrap algorithm with a 128-bit key.

  • Layer 2: Uses ECDH Ephemeral-Static direct to generate the Layer 1 key.

In effect, this example is a decomposed version of using the ECDH- ES+A128KW algorithm.

Size of binary file is 183 bytes

   96(
     [ / COSE_Encrypt /
       / protected h'a10101' / << {
           / alg / 1:1 / AES-GCM 128 /
         } >>,
       / unprotected / {
         / iv / 5:h'02d1f7e6f26c43d4868d87ce'
       },
       / ciphertext / h'64f84d913ba60a76070a9a48f26e97e863e2852948658f0
   811139868826e89218a75715b',
       / recipients / [
         [ / COSE_Recipient /
           / protected / h'',
           / unprotected / {
             / alg / 1:-3 / A128KW /
           },
           / ciphertext / h'dbd43c4e9d719c27c6275c67d628d493f090593db82
   18f11',
           / recipients / [
             [ / COSE_Recipient /
               / protected h'a1013818' / << {
                   / alg / 1:-25 / ECDH-ES + HKDF-256 /
                 } >> ,
               / unprotected / {
                 / ephemeral / -1:{
                   / kty / 1:2,
                   / crv / -1:1,
                   / x / -2:h'b2add44368ea6d641f9ca9af308b4079aeb519f11
   e9b8a55a600b21233e86e68',
                   / y / -3:false
                 },
                 / kid / 4:'[email protected]'
               },
               / ciphertext / h''
             ]
           ]
         ]
       ]
     ]
   )
Last updated on