1
$\begingroup$

For trying ECIES, I need to derive keys for MAC and AES from the shared secret using ANSI x9.63 based KDF. The information on key derivation I got it from Section 3.6.1 of http://www.secg.org/sec1-v2.pdf.

What is the standard procedure to extract/separate the keys for MAC and AES from the Key derived using KDF?

Improve this question
$\endgroup$

1 Answer 1

Reset to default
1
$\begingroup$

For that standard, it is covered in Section 5.1.3:

  1. Use the key derivation function KDF established during the setup procedure to generate keying data K of length enckeylen + mackeylen octets from Z and [SharedInfo1 ]. If the key derivation function outputs “invalid”, output “invalid” and stop.
  2. Parse the leftmost enckeylen octets of K as an encryption key EK and the rightmost mackeylen octets of K as a MAC key MK. If symmetric encryption method is XOR and backwards compatibility mode is not selected, then instead parse the rightmost enckeylen octets of K as an encryption key EK and the leftmost mackeylen octets of K as a MAC key MK.

In the end, it depends on the parameters enckeylen and mackeylen, which define the sizes of the keys for the symmetric encryption and the MAC, respectively.

Improve this answer
$\endgroup$
3
  • $\begingroup$ OK an ugly way to perform the key derivation, but quoting the standard is never wrong. $\endgroup$ Commented Jan 27, 2018 at 18:02
  • $\begingroup$ @MaartenBodewes What would be a pretty way? $\endgroup$ Commented Jan 27, 2018 at 23:08
  • $\begingroup$ Different labels for different keys would be nice. I'm also kind of flabbergasted why a good KDF needs a different order of keys for different schemes. There is talk about the KDF outputting "invalid" which seems strange to me; KDF's generally should work for most input / output sizes and almost any kind of data. There is talk about "parsing" key octets; there is really nothing to parse: parsing assumes that the input data has some kind of syntax / semantics while a KDF should generally output random data. So... quite a lot actually. Nothing serious but definitely "ugly" in my opinion. $\endgroup$ Commented Jan 28, 2018 at 0:17

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.