|
It is my impression that generally in crypto, a particular encryption algorithm mandates one or one of several specific encryption key sizes. In the CSE spec, the encryption algorithm is provided during encryption and not during key creation, thus it appears that any key may be used with any algorithm. This seems strange in light of the key size dependency on algorithm.
The current CSE spec makes sense if one considers that it implements a single algorithm (AEAD_AES_256_CBC_HMAC_SHA_512 per https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05) and two variations of it, a probabilistic and a deterministic one. Since the algorithm (in the general crypto sense of this term) is fixed and only one is available, the variation may be specified during encryption and not during key creation. However, this is not immediately obvious and raises the question of why the spec appears to not be future proof to support algorithms requiring different (e.g. larger) key sizes.
Can the spec be clarified to include the following information, either as material spec changes or rationale section comments:
- Will a different crypto algorithm, requiring longer keys, be implementable given the existing specification? If so, how is this envisioned? If not, why is this not a supported use case?
- That the "algorithms", as used by the specification, is really variations of the same algorithm rather than principally different algorithms? If there is a more appropriate crypto term to refer to these variations, perhaps it can be used instead of "algorithm".
|