| < draft-ietf-curdle-cms-eddsa-signatures-01.txt | draft-ietf-curdle-cms-eddsa-signatures-02.txt > | |||
|---|---|---|---|---|
| Internet-Draft R. Housley | Internet-Draft R. Housley | |||
| Intended status: Standards Track Vigil Security | Intended status: Standards Track Vigil Security | |||
| Expires: 19 May 2017 19 November 2016 | Expires: 28 May 2017 28 November 2016 | |||
| Use of EdDSA Signatures in the Cryptographic Message Syntax (CMS) | Use of EdDSA Signatures in the Cryptographic Message Syntax (CMS) | |||
| <draft-ietf-curdle-cms-eddsa-signatures-01.txt> | <draft-ietf-curdle-cms-eddsa-signatures-02.txt> | |||
| Abstract | Abstract | |||
| This document specifies the conventions for using Edwards-curve | This document specifies the conventions for using Edwards-curve | |||
| Digital Signature Algorithm (EdDSA) for Curve25519 and Curve448 in | Digital Signature Algorithm (EdDSA) for Curve25519 and Curve448 in | |||
| the Cryptographic Message Syntax (CMS). For each curve, EdDSA | the Cryptographic Message Syntax (CMS). For each curve, EdDSA | |||
| defines the PureEdDSA and HashEdDSA modes. However, the HashEdDSA | defines the PureEdDSA and HashEdDSA modes. However, the HashEdDSA | |||
| mode is not used with the CMS. In addition, no context string is | mode is not used with the CMS. In addition, no context string is | |||
| used with the CMS. | used with the CMS. | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 19 May 2017. | This Internet-Draft will expire on 28 May 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 52 ¶ | skipping to change at page 3, line 52 ¶ | |||
| operation. | operation. | |||
| For convenience, the object identifiers and parameter syntax for | For convenience, the object identifiers and parameter syntax for | |||
| these algorithms are repeated here: | these algorithms are repeated here: | |||
| hashAlg-SHA-512 ALGORITHM ::= { OID id-sha512 } | hashAlg-SHA-512 ALGORITHM ::= { OID id-sha512 } | |||
| hashAlg-SHAKE256 ALGORITHM ::= { OID id-shake256 } | hashAlg-SHAKE256 ALGORITHM ::= { OID id-shake256 } | |||
| hashAlg-SHAKE256-LEN ALGORITHM ::= { OID id-shake256-len | hashAlg-SHAKE256-LEN ALGORITHM ::= { OID id-shake256-len | |||
| PARMS SHAKE256OutputLen } | PARMS ShakeOutputLen } | |||
| hashalgs OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | hashalgs OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | |||
| country(16) us(840) organization(1) | country(16) us(840) organization(1) | |||
| gov(101) csor(3) nistalgorithm(4) 2 } | gov(101) csor(3) nistalgorithm(4) 2 } | |||
| id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } | id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } | |||
| id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } | id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } | |||
| id-shake256-len OBJECT IDENTIFIER ::= { TBD } | id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 13 } | |||
| SHAKE256OutputLen ::= INTEGER -- Output length in bits | ||||
| {{{ NOTE: NIST will assign the missing object identifier soon. }}} | ShakeOutputLen ::= INTEGER -- Output length in bits | |||
| When using the id-sha512 or id-shake256 algorithm identifier, the | When using the id-sha512 or id-shake256 algorithm identifier, the | |||
| parameters MUST be absent. | parameters MUST be absent. | |||
| When using the id-shake256-len algorithm identifier, the parameters | When using the id-shake256-len algorithm identifier, the parameters | |||
| MUST be present, and the parameter MUST contain 512, encoded as a | MUST be present, and the parameter MUST contain 512, encoded as a | |||
| positive integer value. | positive integer value. | |||
| 2.4. EdDSA Signatures | 2.4. EdDSA Signatures | |||
| skipping to change at page 6, line 6 ¶ | skipping to change at page 6, line 6 ¶ | |||
| if present, the algorithm parameters field MUST be absent. | if present, the algorithm parameters field MUST be absent. | |||
| The SignerInfo digestAlgorithm field includes the identifier of the | The SignerInfo digestAlgorithm field includes the identifier of the | |||
| message digest algorithms used by the signer. When signing with | message digest algorithms used by the signer. When signing with | |||
| Ed25519, the digestAlgorithm MUST be id-sha512, and the algorithm | Ed25519, the digestAlgorithm MUST be id-sha512, and the algorithm | |||
| parameters field MUST be absent. When signing with Ed448, the | parameters field MUST be absent. When signing with Ed448, the | |||
| digestAlgorithm MUST be id-shake256, and the algorithm parameters | digestAlgorithm MUST be id-shake256, and the algorithm parameters | |||
| field MUST be absent. | field MUST be absent. | |||
| NOTE: Either id-sha512 or id-shake256 is used as part to the | NOTE: Either id-sha512 or id-shake256 is used as part to the | |||
| private key signing operation. A message digest computed with one | private key signing operation. However, the private key signing | |||
| of these algorithms is not an input to the private key signing | operation does not take a message digest computed with one of | |||
| operation. | these algorithms as an input. | |||
| The SignerInfo signatureAlgorithm field MUST contain either | The SignerInfo signatureAlgorithm field MUST contain either | |||
| id-Ed25519 or id-Ed448, depending on the elliptic curve that was used | id-Ed25519 or id-Ed448, depending on the elliptic curve that was used | |||
| by the signer. The algorithm parameters field MUST be absent. | by the signer. The algorithm parameters field MUST be absent. | |||
| The SignerInfo signature field contains the octet string resulting | The SignerInfo signature field contains the octet string resulting | |||
| from the EdDSA private key signing operation. | from the EdDSA private key signing operation. | |||
| 4. Implementation Considerations | 4. Implementation Considerations | |||
| End of changes. 7 change blocks. | ||||
| 11 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||