< draft-blake-wilson-xmldsig-ecdsa-01.txt   draft-blake-wilson-xmldsig-ecdsa-02.txt >
S. Blake-Wilson and Y.Wang S. Blake-Wilson and Y.Wang
INTERNET-DRAFT Certicom Corp. INTERNET-DRAFT Certicom Corp.
Expires: 12 May 2001 13 November 2000 Expires: 19 September 2001 20 March 2001
ECDSA with XML-Signature Syntax ECDSA with XML-Signature Syntax
<draft-blake-wilson-xmldsig-ecdsa-01.txt> <draft-blake-wilson-xmldsig-ecdsa-02.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. Internet-Drafts are working provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 1, line 44 skipping to change at page 1, line 44
located within the XML that includes the signature or included by located within the XML that includes the signature or included by
reference. reference.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. ECDSA . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Specifying ECDSA within XMLDSIG . . . . . . . . . . . . . . 2 3. Specifying ECDSA within XMLDSIG . . . . . . . . . . . . . . 2
3.1. Identifier. . . . . . . . . . . . . . . . . . . . . . . . . 2 3.1. Identifier. . . . . . . . . . . . . . . . . . . . . . . . . 2
3.2. Core Syntax . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Core Syntax . . . . . . . . . . . . . . . . . . . . . . . . 3
3.3. ECDSA Signatures. . . . . . . . . . . . . . . . . . . . . . 3 3.3. ECDSA Signatures. . . . . . . . . . . . . . . . . . . . . . 4
3.4. ECDSA Key Values. . . . . . . . . . . . . . . . . . . . . . 4 3.4. ECDSA Key Values. . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . 4
5. Intellectual Property Rights . . . . . . . . . . . . . . . . 4 5. Intellectual Property Rights . . . . . . . . . . . . . . . . 5
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7. Authors' address . . . . . . . . . . . . . . . . . . . . . . 6 7. Authors' address . . . . . . . . . . . . . . . . . . . . . . 6
8. Full Copyright Statement . . . . . . . . . . . . . . . . . . 7 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
9. Full Copyright Statement . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
This document specifies how to use ECDSA (Elliptic Curve Digital This document specifies how to use ECDSA (Elliptic Curve Digital
Signature Algorithm) with the XML signature syntax. Signature Algorithm) with the XML signature syntax.
The XML Digital Signature syntax, or XMLDSIG is specified in The XML Digital Signature syntax, or XMLDSIG is specified in
[RFC2807, XMLDSIG]. Currently there are only two digital signature [RFC2807, XMLDSIG]. Currently there are only two digital signature
methods defined for use within XMLDSIG: RSA signatures and DSA (DSS) methods defined for use within XMLDSIG: RSA signatures and DSA (DSS)
signatures. This document introduces ECDSA signatures as a third signatures. This document introduces ECDSA signatures as a third
method. method.
skipping to change at page 2, line 26 skipping to change at page 2, line 26
2. ECDSA 2. ECDSA
The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic
curve analogue of the DSA (also called DSS) signature method curve analogue of the DSA (also called DSS) signature method
[FIPS186-2]. The Elliptic Curve Digital Signature Algorithm (ECDSA) is [FIPS186-2]. The Elliptic Curve Digital Signature Algorithm (ECDSA) is
defined in the ANSI X9.62 standard [ECDSA]; other compatible defined in the ANSI X9.62 standard [ECDSA]; other compatible
specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363], specifications include FIPS 186-2 [FIPS186-2], IEEE 1363 [IEEE1363],
and SEC1 [SEC1]. [PKIX2] describes the means to carry ECDSA keys in and SEC1 [SEC1]. [PKIX2] describes the means to carry ECDSA keys in
X.509 certificates. Recommended elliptic curve domain parameters for X.509 certificates. Recommended elliptic curve domain parameters for
use with ECDSA are given in [SEC2]. use with ECDSA are given in [FIPS186-2], [SEC2], and [ECDSA].
Like DSA, ECDSA incorporates the use of a hash function; currently, Like DSA, ECDSA incorporates the use of a hash function; currently,
the only hash function defined for use with ECDSA is the SHA-1 message the only hash function defined for use with ECDSA is the SHA-1 message
digest algorithm [FIPS-180-1]. digest algorithm [FIPS-180-1].
ECDSA signatures are smaller than RSA signatures of similar ECDSA signatures are smaller than RSA signatures of similar
cryptographic strength. ECDSA public keys (and certificates) are smaller cryptographic strength. ECDSA public keys (and certificates) are smaller
than similar strength DSA keys, resulting in improved communications than similar strength DSA keys, resulting in improved communications
efficiency. Furthermore, on many platforms ECDSA operations can be efficiency. Furthermore, on many platforms ECDSA operations can be
computed faster than similar strength RSA or DSA operations (see [KEYS] computed faster than similar strength RSA or DSA operations (see [KEYS]
for a security analysis of key sizes across public key algorithms). for a security analysis of key sizes across public key algorithms).
These advantages of signature size, bandwidth, and computational These advantages of signature size, bandwidth, and computational
efficiency may make ECDSA an attractive choice for XMLDSIG implementations. efficiency may make ECDSA an attractive choice for XMLDSIG
implementations.
3. Specifying ECDSA within XMLDSIG 3. Specifying ECDSA within XMLDSIG
This section specifies the details of how to use ECDSA with the This section specifies the details of how to use ECDSA with the
XML-signature syntax. It relies heavily on the syntax and namespace XML-signature syntax. It relies heavily on the syntax and namespace
defined in [XMLDSIG]. defined in [XMLDSIG].
3.1 Identifier 3.1 Identifier
The XML namespace [XML-ns] URI that MUST be used by implementations The XML namespace [XML-ns] URI that MUST be used by implementations
skipping to change at page 3, line 13 skipping to change at page 3, line 13
http://www.certicom.com/2000/11/xmlecdsig#ecdsa-sha1 http://www.certicom.com/2000/11/xmlecdsig#ecdsa-sha1
3.2 Core Syntax 3.2 Core Syntax
The syntax is defined via DTDs and [XML-Schema] with the following XML The syntax is defined via DTDs and [XML-Schema] with the following XML
preamble, declaration, internal entity, and simpleType: preamble, declaration, internal entity, and simpleType:
Schema Definition: Schema Definition:
<?xml version='1.0'?> <?xml version='1.0'?>
<!DOCTYPE schema <!DOCTYPE schema
PUBLIC "-//W3C//DTD XMLSCHEMA 200010//EN" "http://www.w3.org/2000/10/XMLS PUBLIC "-//W3C//DTD XMLSCHEMA 200010//EN"
chema.dtd" "http://www.w3.org/2000/10/XMLSchema.dtd"
[ [
<!ATTLIST schema <!ATTLIST schema
xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#"> xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
<!ATTLIST schema <!ATTLIST schema
xmlns:ecds CDATA #FIXED "http://www.certicom.com/2000/11/xmlecdsig#"> xmlns:ecds CDATA #FIXED
"http://www.certicom.com/2000/11/xmlecdsig#">
<!ENTITY ecdsig 'http://www.certicom.com/2000/11/xmlecdsig#'> <!ENTITY ecdsig 'http://www.certicom.com/2000/11/xmlecdsig#'>
<!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'> <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
]> ]>
<schema xmlns="http://www.w3.org/2000/10/XMLSchema" <schema xmlns="http://www.w3.org/2000/10/XMLSchema"
xmlns:ds="&dsig;" xmlns:ds="&dsig;"
xmlns:ecds='&ecdsig;' xmlns:ecds='&ecdsig;'
targetNamespace="&ecdsig;" targetNamespace="&ecdsig;"
version="0.1" version="0.1"
elementFormDefault="qualified"> elementFormDefault="qualified">
skipping to change at page 3, line 59 skipping to change at page 4, line 7
<!-- In order to include ECDSA in XML-signature syntax, the <!-- In order to include ECDSA in XML-signature syntax, the
following definition of the entity Key.ANY SHOULD following definition of the entity Key.ANY SHOULD
replace the one in [XMLDSIG]--> replace the one in [XMLDSIG]-->
<!ENTITY % Key.ANY '(#PCDATA|KeyName|KeyValue|RetrievalMethod| <!ENTITY % Key.ANY '(#PCDATA|KeyName|KeyValue|RetrievalMethod|
X509Data|PGPData|MgmtData|DSAKeyValue|RSAKeyValue| X509Data|PGPData|MgmtData|DSAKeyValue|RSAKeyValue|
ECDSAKeyValue)*'> ECDSAKeyValue)*'>
3.3 ECDSA Signatures 3.3 ECDSA Signatures
The output of the ECDSA algorithm consists of a pair of integers The input to the ECDSA algorithm is the encoding of the SignedInfo
usually referred by the pair (r, s). The signature value consists element as specified in Section 3 of [XMLDSIG]. The output of the
of the base64 encoding of the concatenation of two octet-streams that ECDSA algorithm consists of a pair of integers usually referred by
respectively result from the octet-encoding of the values r and s. the pair (r, s). The signature value consists of the base64 encoding
r and s are converted into octet strings of length [log_2 n/8], where of the concatenation of two octet-streams that respectively result
n is the order of the elliptic curve base point, using the from the octet-encoding of the values r and s. r and s are each
conversion routine specified in Section 4.3.1 of ANSI X9.62 [ECDSA]. converted into octet strings of length [log_2 n/8], where n is the order
of the elliptic curve base point, using the conversion routine specified
in Section 4.3.1 of ANSI X9.62 [ECDSA].
3.4 ECDSA Key Values 3.4 ECDSA Key Values
The syntax used for ECDSA key values closely follows the ASN.1 syntax The syntax used for ECDSA key values closely follows the ASN.1 syntax
defined in ANSI X9.62 [ECDSA]. defined in ANSI X9.62 [ECDSA].
ECDSA key values consist of two elements: ECDSAPublickey and ECDSA key values consist of two elements: ECDSAPublickey and
ECCParameters. ECDSAPublicKey contains the ECDSA public key which ECCParameters. ECDSAPublicKey contains the ECDSA public key which
is a point on the elliptic curve and is encoded as a base64 value of is a point on the elliptic curve and is encoded as a base64 value of
its octet-stream representation converted as specified in its octet-stream representation converted as specified in
Section 4.3.1 of ANSI X9.62 [ECDSA]. The element ECCParameters Section 4.3.1 of ANSI X9.62 [ECDSA]. The element ECCParameters
specifies the associated elliptic curve domain parameters which specifies the associated elliptic curve domain parameters which
are represented by the nicknames given to them in [SEC2]. are represented by the nicknames given to them in [SEC2].
Schema: Schema:
<element name='ECDSAKeyValue'> <element name='ECDSAKeyValue'>
<complexType content='elementOnly'> <complexType content='elementOnly'>
<sequence minOccurs='1' maxOccurs='1'> <sequence minOccurs='1' maxOccurs='1'>
<element name='ECDSAPublicKey' type='ecds:CryptoBinary' <element name='ECDSAPublicKey' type='ds:CryptoBinary'
minOccurs='1' maxOccurs='1'/> minOccurs='1' maxOccurs='1'/>
<element name='ECCParameters' type='string' <element name='ECCParameters' type='string'
minOccurs='1' maxOccurs='1'/> minOccurs='1' maxOccurs='1'/>
</sequence> </sequence>
</complexType> </complexType>
</element> </element>
DTD: DTD:
<!ELEMENT ECDSAKeyValue (ECDSAPublicKey, ECCParameters) > <!ELEMENT ECDSAKeyValue (ECDSAPublicKey, ECCParameters) >
skipping to change at page 6, line 6 skipping to change at page 6, line 9
[PKIX2] Bassham, L., Housley, R., and Polk, W., "Internet X.509 [PKIX2] Bassham, L., Housley, R., and Polk, W., "Internet X.509
Public Key Infrastructure Representation of Public Keys Public Key Infrastructure Representation of Public Keys
and Digital Signatures in Internet X.509 Public Key and Digital Signatures in Internet X.509 Public Key
Infrastructure Certificates", Infrastructure Certificates",
draft-ietf-pkix-ipki-pkalgs-00.txt. July, 2000. draft-ietf-pkix-ipki-pkalgs-00.txt. July, 2000.
[RFC2807] RFC 2807. XML Signature Requirements. J. Reagle, April 2000. [RFC2807] RFC 2807. XML Signature Requirements. J. Reagle, April 2000.
http://www.w3.org/TR/xmldsig-requirements http://www.w3.org/TR/xmldsig-requirements
[SEC1] Standards for Efficient Cryptography Group, "SEC 1: [SEC1] Standards for Efficient Cryptography Group, "SEC 1:
Elliptic Curve Cryptography", Version 0.5, September, Elliptic Curve Cryptography", Version 1.0, September,
1999. 2000. http://www.secg.org
http://www.secg.org
[SEC2] Standards for Efficient Cryptography Group, "SEC 2: [SEC2] Standards for Efficient Cryptography Group, "SEC 2:
Recommended Elliptic Curve Domain Parameters", Recommended Elliptic Curve Domain Parameters",
Version 0.6, October, 1999. <http://www.secg.org> Version 1.0, September, 2000. http://www.secg.org
[XML] Extensible Markup Language (XML) 1.0 Recommendation. [XML] Extensible Markup Language (XML) 1.0 Recommendation.
T. Bray, J. Paoli, C. M. Sperberg-McQueen. February, 1998. T. Bray, J. Paoli, C. M. Sperberg-McQueen. February, 1998.
http://www.w3.org/TR/1998/REC-xml-19980210 http://www.w3.org/TR/1998/REC-xml-19980210
[XMLDSIG] XML-Signature Syntax and Processing. [XMLDSIG] XML-Signature Syntax and Processing.
D. Eastlake, J. Reagle, D. Solo. July, 2000. D. Eastlake, J. Reagle, D. Solo. July, 2000.
Work in progess. Work in progess.
http://www.w3.org/TR/2000/WD-xmldsig-core-20000711/ http://www.w3.org/TR/2000/WD-xmldsig-core-20000711/
skipping to change at page 7, line 5 skipping to change at page 7, line 5
7. Authors' Address 7. Authors' Address
Simon Blake-Wilson Simon Blake-Wilson
Yongge Wang Yongge Wang
Certicom Corp. Certicom Corp.
5520 Explorer Dr. 5520 Explorer Dr.
Mississauga, ON, L4W 5L1 Mississauga, ON, L4W 5L1
e-mail: {sblakewilson, ywang}@certicom.com e-mail: {sblakewilson, ywang}@certicom.com
8. Full Copyright Statement 8. Acknowledgements
The authors would like to acknowledge the many helpful comments of
Donald Eastlake, Tom Gindin, Cris Hawk, Joseph M. Reagle Jr., and
Francois Rousseau.
9. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved. Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain others, and derivative works that comment on or otherwise explain
it or assist in its implementation may be prepared, copied, it or assist in its implementation may be prepared, copied,
published and distributed, in whole or in part, without restriction published and distributed, in whole or in part, without restriction
of any kind, provided that the above copyright notice and this of any kind, provided that the above copyright notice and this
paragraph are included on all such copies and derivative works. paragraph are included on all such copies and derivative works.
However, this document itself may not be modified in any way, such However, this document itself may not be modified in any way, such
 End of changes. 14 change blocks. 
23 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/