More detailed encryption workflow

w3c / webpayments-crypto

Crypto discussions of the Web Payments Working Group

https://github.com/w3c/webpayments-crypto/wiki

Other

5 stars 7 forks source link

More detailed encryption workflow #3

Open stpeter opened 6 years ago

stpeter commented 6 years ago

It would be helpful to add a more detailed example of the actual operations involved (as in RFC 7516) and what each actor's responsibilities are (e.g., the Payment Handler needs to create a Content Encryption Key, encrypt that to the merchant/PSP's public key to create a JWE Encrypted Key, etc.).

stpeter commented 6 years ago

RFC 7520 ("the JOSE cookbook") has lots of great examples we can emulate. For instance, if we recommend RSA-OAEP for key encryption and AES GCM for content encryption, we could emulate the examples in Section 5.2 of that RFC: https://tools.ietf.org/html/rfc7520#section-5.2

ianbjacobs commented 6 years ago

See proposal from @MasterKeyur: https://github.com/w3c/webpayments-crypto/blob/master/payment-encryption.md