[Sis-dtn] Bundle Signing And Encryption With CMS
Iannicca, Dennis C. (GRC-LCA0)
dennis.c.iannicca at nasa.gov
Tue Jun 30 18:23:15 UTC 2015
On 6/30/15 1:26 PM, "Burleigh, Scott C (312B)" <scott.c.burleigh at jpl.nasa.gov<mailto:scott.c.burleigh at jpl.nasa.gov>> wrote:
I agree, Jeremy, it’s terrific that you could do this so quickly. And I agree that the overheads are not bad, but to my mind they are still a little troubling. I can imagine an SBSP Block Integrity Block ciphersuite that would use a one-time, randomly generated SHA256 key to generate a SHA256 digest over the payload (shipped in the BIB’s results field); would include that key in the BIB’s ciphersuite parameters; and would also provide an elliptic-curve digital signature for that key (computed using the sender’s private key, to be verified using the sender’s pre-placed public key) as an additional ciphersuite parameter. I think that would come to 256 bits for the SHA256 digest plus 256 bits for the SHA256 key, plus 320 bits for the ECDS, for a total of 832 bits = 104 bytes. Even allowing for a little additional BIB structural overhead, this is still less than a sixth of the overhead measured for the CMS signing option.
Scott,
CMS would allow you to use ECDSA for signatures in lieu of RSA if you wanted to reduce the overhead seen in these examples.
--
Dennis Iannicca
NASA Glenn Research Center
21000 Brookpark Road, MS 54-1
Cleveland, OH 44135
216-433-6493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sis-dtn/attachments/20150630/6476ee31/attachment.html>
More information about the SIS-DTN
mailing list