Storing validation parameters in PKCS#8

Storing validation parameters in PKCS#8 Red Hat, Inc.

Brno Czech Republic nmav@redhat.com

Security I-D Internet-Draft Private keys Validation parameters PKCS#8 This memo describes a method of storing parameters needed for private key validation in the Private-Key Information Syntax Specification as defined in RFC5208 (PKCS#8) format. It is equally applicable the alternative implementation of the Private-Key Information Syntax Specification as defined in RFC 5958. This approach described in this document encodes the parameters under a private enterprise extension and does not form part of a formal standard.

RSA or DSA private keys generated using the Shawe-Taylor prime generation algorithm describled in allow for parameter validation, i.e., verify whether the primes are actually prime, and were correctly generated. That is done by generating the parameters from a known seed and a selected hash algorithm. Storing these parameters in a private key format such as the RSA Private Key Syntax from PKCS#1 , or common representations for DSA private keys, does not allow attaching information on the parameters needed for validation. The purpose of the document is to describe such a method using the Private-Key Information Syntax Specification as defined in , as well as on the alternative specification on . This approach described in this document encodes the parameters under a private enterprise extension and does not form part of a formal standard. The encoding can be used as is, or could be used as the basis for a standard at a later time.

The information related to the validation parameters is stored as an attribute in the PrivateKeyInfo structure. The attribute is identified by the id-attr-validation-parameters object identifier and contains as AttributeValue a single ValidationParams structure.

The algorithm identifier in the ValidationParams should be a hash algorithm identifier for the methods. The ValidationParams sequence must be DER encoded .

The following structure contains an RSA key generated using the section B.3.3 algorithm with SHA2-384 hash. The seed used is '8af4328c87bebcec31e303b8f5537effcb6a91d947084d99a369823b36f01462' (hex encoded).

For compatibility it is recommended that implementations following this document, support generation and validation using the SHA2-384 hash algorithm. The extension defined in this document is applicable both to the Private-Key Information Syntax Specification defined in and PKCS#8 .

All the considerations in and apply.

None.

&RFC5208; FIPS PUB 186-4: Digital Signature Standard (DSS) &RFC5958; &RFC8017; &RFC5912;

The author would like to thank Russ Housley for his comments and for the ASN.1 module appendix.

This appendix provides non-normative ASN.1 definitions for the structures described in this specification using ASN.1 as defined in and .