In version 1.1, the Crypto API encodes key types according to Appendix B.2.
For asymmetric keys, this allocates 4 bits for an 'ASYM-TYPE' value, and 7 bits for a 'FAMILY' value.
In v1.1, the ASYM-TYPE only has 3 values (RSA:0, EC:1, and FFDH:2); and the largest set of FAMILY values is for EC keys, with 10 distinct values (but utilising the 6 least significant bits of the field).
Looking ahead, we are likely to need additional asymmetric key encodings:
This would begin to place significant pressure on the ASYM-TYPE field, consuming half of the available values.
Proposal
I propose two changes, that do not affect the values of existing key types, which will provide a better balance of encoding space, and extend the life of the encoding scheme:
-
Split the bits differently: allocating 5 bits for ASYM-TYPE (bits[7:11]) and 6 for FAMILY (bits [1:6]). Currently bit 7 is zero in all specified key type encodings, so reallocating this bit will change, but not complicate macros that operate with key types.
Implementations that have internal macros, or other code, that use the ASYM-TYPE values literally (as in 0, 1, and 2) will need to be reviewed and reworked if this change was made.
-
For key types that do not require FAMILY parameterization, (currently just RSA, but the above list adds ML-KEM and ML-DSA), we could improve use of the encoding space by allocating ASYM-TYPE:0 for key types that are not parameterized. Then use the FAMILY field to specify the specific key type.
This would be worth implementing for v1.2, and adopted by the PAKE extension when adding support for SPAKE2+.
Review
Does this conflict with any vendor-specific key types that have been introduced in implementations of the specification?
In version 1.1, the Crypto API encodes key types according to Appendix B.2.
For asymmetric keys, this allocates 4 bits for an 'ASYM-TYPE' value, and 7 bits for a 'FAMILY' value.
In v1.1, the ASYM-TYPE only has 3 values (RSA:0, EC:1, and FFDH:2); and the largest set of FAMILY values is for EC keys, with 10 distinct values (but utilising the 6 least significant bits of the field).
Looking ahead, we are likely to need additional asymmetric key encodings:
This would begin to place significant pressure on the ASYM-TYPE field, consuming half of the available values.
Proposal
I propose two changes, that do not affect the values of existing key types, which will provide a better balance of encoding space, and extend the life of the encoding scheme:
Split the bits differently: allocating 5 bits for ASYM-TYPE (bits[7:11]) and 6 for FAMILY (bits [1:6]). Currently bit 7 is zero in all specified key type encodings, so reallocating this bit will change, but not complicate macros that operate with key types.
Implementations that have internal macros, or other code, that use the ASYM-TYPE values literally (as in 0, 1, and 2) will need to be reviewed and reworked if this change was made.
For key types that do not require FAMILY parameterization, (currently just RSA, but the above list adds ML-KEM and ML-DSA), we could improve use of the encoding space by allocating ASYM-TYPE:0 for key types that are not parameterized. Then use the FAMILY field to specify the specific key type.
This would be worth implementing for v1.2, and adopted by the PAKE extension when adding support for SPAKE2+.
Review
Does this conflict with any vendor-specific key types that have been introduced in implementations of the specification?