IBM Crypto Education Community

  • 1.  TR-32 RT-KRD option question

    Posted Fri January 13, 2023 03:17 PM

    I'm getting to use the TR-34 protocol for exchanging keys.   I think I'm stuck early on the RT-KRD.  The other end of my key exchange is not under my control.  And it seems that they will send me a random number instead of a random number token.

    On my end, I can use the RNGL call with keyword RT-KRD to generate a random and then wrap it in a token.   But I can't find an API call that would allow me to pass my own random number and have the call wrap the provided number into an output token format.

    Is there such an API at this time?

    Any pointers would be helpful and appreciated.

    --

    ------------------------------
    Mark Vollmer
    Developer, but does everything.
    CV Systems, LLC
    ------------------------------


  • 2.  RE: TR-32 RT-KRD option question

    Posted Mon January 16, 2023 12:49 PM
    Edited by Kristen Park Tue January 17, 2023 09:49 AM
    According to the specification, the RT-KRD is a TLV object with the OID of pkcs-9-at-randomNonce.  You can take what is returned by RNGL and add the same prefix to your random number. 




    ------------------------------
    Martin Provost
    ------------------------------



  • 3.  RE: TR-32 RT-KRD option question

    Posted Wed March 08, 2023 09:06 AM

    Martin,

    Thanks very much for your help.  Between reading the TR-34 document and testing with a couple of RNGL calls using different lengths, I was able to figure out how to create my own random token from a given random number.

    One step closer.  Thanks.



    ------------------------------
    Mark Vollmer
    Developer, but does everything.
    CV Systems, LLC
    ------------------------------