Closed samuel-lucas6 closed 3 years ago
A key identifier is anything that can let your application uniquely identify a key, in a protocol handling key rotation.
This information doesn't have to be secret nor unpredictable. It can be a serial number (even a simple counter) or a random value, although padding to at least 128 bit wouldn't be a bad idea.
If this is confusing, I'd rather remove this from the documentation, especially since papers have been published on that subject.
That makes sense. I assumed it was referring to deriving some sort of subkey before.
From the Robustness section for AEAD constructions:
The third bullet point is very clear. However, it's less clear how to create a key identifier for the first and second bullet point implementations. The papers on the subject are rather confusing if you're not used to the notation. Please could you explain a suitable method of generating a key identifier in the documentation. Thank you.