Opaque symmetric keys - SIG announcement

Dmitry Belyavsky Public Seen by 88

Dear colleagues,

We were able to land the support of opaque objects in the versions 3.5 and 3.6 of OpenSSL. You currently can derive opaque keys using KDFs and key exchange, set them as KDF parameters, use them as traditional raw bytes arrays in symmetric ciphers and MACs.

At the OpenSSL conference there was a presentation from IBM that demonstrated that current API is usable for their HW-backed keys, also we know that it works for PKCS#11 provider.

There is a PR in the pipeline that adds support of opaque keys into STORE API (https://github.com/openssl/openssl/pull/28278)

There is an obvious next step to do - for TLS we need to derive several keys simultaneously, and there is no design for it yet.

We (Red Hat) have contributed this feature according to our needs and requirements. It is far beyond MVP now but we just don't know about alternate use cases.

From the project perspective we call to all interested parties to start development and using the provided API to find the corner cases we missed, the scenarios we are currently not aware of etc. This way we can finalize the support of the opaque symmetric keys to the necessary extent.

If there is wide interest, I'd like to create a dedicated community in a format of Special Interest Group dedicated to improving this feature. I believe we can complete it by 4.0 release together.