Signing of HPKE public keys #33
Comments
|
Hey, would you mind adding a little more detail of the keys that you're thinking of? I'm guessing this is for the Bidding and Auction Servers? The key management that Bidding and Auction (as well as Key/Value Server) uses is the same as what's used by the Aggregation Reporting API and so there's a chance that this question will be better answered by that team. I've asked them to have a look, and if necessary we can move this question over to their repo to make sure the right people see it. |
|
Hi @beejones, thank you for your question. Is your signature for the public HPKE key referring to public key verification to ensure the expected parties were verifiably involved in the generation of the public/private key pair? We currently are working on the design for the public key verification and will share design choices to be expected in H1'24. |
|
My question is about the signed public HPKE keys that will be used by chrome to encrypt data. Thanks |
|
Currently we do not sign public HPKE keys on GCP/AWS. The signing of the public HPKE keys will be part of the public key verification design. We will share more details on this expected in H1'24. More info on the current supported format for public keys can be found here. |
We will eventually have to sign our HPKE public keys so they can be added to chrome. Can you clarify which protocol we need to use to sign the public keys? Will you be using Json Web Signing? Which signing algorithms will you support?
Could you provide some samples of payloads that we need to produce?
Thanks
The text was updated successfully, but these errors were encountered: