Skip to content

KAS RSA keys should be deprecated in favor of EC keys in the spec #11

New issue
New issue
Open
Open
KAS RSA keys should be deprecated in favor of EC keys in the spec#11
Labels
enhancementNew feature or request
@bleggett

Description

@bleggett
bleggett
opened on Dec 1, 2022

  1. Right now, TDF uses an RSA keypair for wrapping.

  2. EC is smaller, faster, and more secure than RSA - TDF should use EC keys, there is no good reason not to.

  3. This would reduce the number of "important keys" in the system that people (and our scripts, and KAS, and hardware modules) have to keep track of.

  4. The biggest practical implementation difference between nanoTDF (which has no public spec) and TDF is the use of EC vs RSA keys - removing this would allow us to simplify our SDK logic, and share more code between the nanoTDF and TDF codepaths, as well as our KAS codepaths.

  5. This would require us to major-version bump the spec, add EC keys, and mark the use of RSA as deprecated - we should not be afraid of doing this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions