Closed athoelke closed 8 months ago
Should we add a note or warning to the key-pair export format, to make clear that SPAKE2+ keys should be initially derived using psa_key_derivation_output_key()
(which implements the RFC9383 process); and that psa_key_derivation_output_bytes()
-> psa_import_key()
does not result in the same/valid/safe/secure key pair?
_From Oberon (Referencing the SPAKE2+ draft2 rendering of the PAKE Extension):_
The spec draft states on page 54, section 2.3.4 SPAKE2+ keys:
However, a defined export format for secret keys is required to support:
Even if import and export of secret PAKE keys is not needed in typical use cases, it should be defined for completeness, for testing, and to support predefined keys.