ecdh-es header section

[TelegramSam]

Signed-off-by: Sam Curren telegramsam@gmail.com Fixes #256

I'm not sure this is complete, in spite of filling the requirements in #256 Review is needed here for correctness.

[dhh1128]

Wait, wait. I AM saying that we send one envelope to 3 different devices that all belong to the same user. If that's not what Sam's saying then we have a very surprising misalignment.

IMO, it is NOT okay to send a different encryption envelope to each device. That defeats the whole goal of having multiplex encryption.

[baha-ai]

Wait, wait. I AM saying that we send one envelope to 3 different devices that all belong to the same user. If that's not what Sam's saying then we have a very surprising misalignment.

IMO, it is NOT okay to send a different encryption envelope to each device. That defeats the whole goal of having multiplex encryption.

JWE has 3 formats as described earlier:

1. Compact: the 5 . separated base64URL encoded sections representing a JWE for a single recipient (1 key).

2. Flattened JSON: a JSON format of a JWE envelope for a single recipient (1 key) message. These two formats support merging recipients[0].header into the protected section since there's only 1 recipient (to answer your original question: yes protected is a special section representing the protect headers in a JWE envelope).

3. General JSON Format: The same format as Flattened JSON but with multiple recipients (multiple keys) each with its own headers in recipient[x].header. Recipient headers usually include epk, apu, apv, etc. These cannot be merged into the protected headers common section of the JWE since each key has a unique key wrapping (and therefore ECDH-ES computation) of the cek (encrypted and set as recipient[x].encrypted_key).

• if we want to support multiple devices, each with its own key, then we have to use option 3. Each device is treated as a separate recipient with its own key.
• if, on the other hand, we want to support sending the same envelope to, say, all 3 devices of a single user (recipient), then all three devices must share the same recipient key. Only then we can use option 1 or 2.

[TelegramSam]

Needed: The encrypted form of a JWM is a JWE. Add JWE, in the General JSON Format.

[mccown]

This was approved in the recent DIDComm WG on 20220516 pending a few modifications, which have been added. With those changes, it's ready for merging.