| < draft-ietf-pkix-gost-cppk-00.txt | draft-ietf-pkix-gost-cppk-01.txt > | |||
|---|---|---|---|---|
| PKIX Working Group Serguei Leontiev, CRYPTO-PRO | PKIX Working Group Serguei Leontiev, CRYPTO-PRO | |||
| Internet Draft Dennis Shefanovskij, DEMOS Co Ltd | Internet Draft Dennis Shefanovskij, DEMOS Co Ltd | |||
| Expires August 9, 2004 February 9, 2004 | Expires October 1, 2004 April 1, 2004 | |||
| Intended Category: Informational | Intended Category: Informational | |||
| Algorithms and Identifiers for the Internet X.509 Public Key | Using the GOST R 34.10-94, GOST R 34.10-2001 and | |||
| Infrastructure | GOST R 34.11-94 algorithms with the | |||
| Certificate and Certificate Revocation List (CRL) Profile, corresponding | Internet X.509 Public Key Infrastructure | |||
| to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94 | Certificate and CRL Profile. | |||
| <draft-ietf-pkix-gost-cppk-00.txt> | <draft-ietf-pkix-gost-cppk-01.txt> | |||
| Status of this Memo | Status of this Memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| Drafts. | Drafts. | |||
| skipping to change at page 2, line 19 ¶ | skipping to change at page 2, line 19 ¶ | |||
| 2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3 | 2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3 | |||
| 2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 4 | 2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 4 | |||
| 2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 4 | 2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 4 | |||
| 2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 4 | 2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 4 | |||
| 2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 5 | 2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 5 | |||
| 2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 6 | 2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 6 | |||
| 2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 7 | 2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 7 | |||
| 2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 7 | 2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 7 | |||
| 2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 9 | 2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 9 | |||
| 3 Security Considerations . . . . . . . . . . . . . . . . 14 | 3 Security Considerations . . . . . . . . . . . . . . . . 14 | |||
| 4 Appendix ASN.1 Modules. . . . . . . . . . . . . . . . . 14 | 4 References. . . . . . . . . . . . . . . . . . . . . . . 41 | |||
| 4.1 Cryptographic-Gost-Useful-Definitions . . . . . . . . . 14 | ||||
| 4.2 GostR3411-94-DigestSyntax . . . . . . . . . . . . . . . 17 | ||||
| 4.3 GostR3410-94-PKISyntax. . . . . . . . . . . . . . . . . 21 | ||||
| 4.4 GostR3410-2001-PKISyntax. . . . . . . . . . . . . . . . 33 | ||||
| 5 References. . . . . . . . . . . . . . . . . . . . . . . 41 | ||||
| Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 42 | Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 42 | |||
| Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 43 | Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 43 | |||
| Full Copyright Statement . . . . . . . . . . . . . . . . . . . 44 | Full Copyright Statement . . . . . . . . . . . . . . . . . . . 44 | |||
| 1 Introduction | 1 Introduction | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| This document defines identifiers and corresponding algorithm | This document defines identifiers and corresponding algorithm | |||
| parameters and attributes proposed by CRYPTO-PRO Company within | parameters and attributes proposed by CRYPTO-PRO Company within | |||
| "Russian Cryptographic Software Compatibility Agreement" community | "Russian Cryptographic Software Compatibility Agreement" community | |||
| for the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R | for the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R | |||
| 34.11-94, key establishment algorithms based on GOST R 34.10-94 | 34.11-94, key derivation algorithms based on GOST R 34.10-94 public | |||
| public keys, key establishment algorithms based on GOST R 34.10-2001 | keys, key derivation algorithms based on GOST R 34.10-2001 public | |||
| public keys, and also ASN.1 encoding [X.660] for digital signatures | keys, and also ASN.1 encoding [X.660] for digital signatures and | |||
| and public keys, used in Internet X.509 Public Key Infrastructure | public keys, used in Internet X.509 Public Key Infrastructure (PKI). | |||
| (PKI). | ||||
| This specification extends [RFC3279], "Algorithms and Identifiers for | This specification extends [RFC3279], "Algorithms and Identifiers for | |||
| the Internet X.509 Public Key Infrastructure Certificate and | the Internet X.509 Public Key Infrastructure Certificate and | |||
| Certificate Revocation List (CRL) Profile" and, correspondingly, | Certificate Revocation List (CRL) Profile" and, correspondingly, | |||
| [RFC3280], "Internet X.509 Public Key Infrastructure: Certificate and | [RFC3280], "Internet X.509 Public Key Infrastructure: Certificate and | |||
| Certificate Revocation List (CRL) Profile". All implementations of | Certificate Revocation List (CRL) Profile". All implementations of | |||
| this specification MUST also satisfy the requirements of [RFC3280]. | this specification MUST also satisfy the requirements of [RFC3280]. | |||
| This specification defines the content of the signatureAlgorithm, | This specification defines the content of the signatureAlgorithm, | |||
| signatureValue, signature, and subjectPublicKeyInfo fields within | signatureValue, signature, and subjectPublicKeyInfo fields within | |||
| skipping to change at page 3, line 27 ¶ | skipping to change at page 3, line 20 ¶ | |||
| * GOST R 34.10-2001. | * GOST R 34.10-2001. | |||
| This document also defines the contents of the subjectPublicKeyInfo | This document also defines the contents of the subjectPublicKeyInfo | |||
| field for Internet X.509 certificates. For each algorithm, the | field for Internet X.509 certificates. For each algorithm, the | |||
| appropriate alternatives for the keyUsage extension are provided. | appropriate alternatives for the keyUsage extension are provided. | |||
| This specification describes encoding formats for public keys used | This specification describes encoding formats for public keys used | |||
| with the following cryptographic algorithms: | with the following cryptographic algorithms: | |||
| * GOST R 34.10-94 [GOST341094]; | * GOST R 34.10-94 [GOST341094]; | |||
| * GOST R 34.10-2001 [GOST34102001]; | * GOST R 34.10-2001 [GOST34102001]; | |||
| * Key establishment algorithm VKO GOST R 34.10-94 [CPALGS]; | * Key derivation algorithm VKO GOST R 34.10-94 [CPALGS]; | |||
| * Key establishment algorithm VKO GOST R 34.10-2001 [CPALGS]; | * Key derivation algorithm VKO GOST R 34.10-2001 [CPALGS]; | |||
| ASN.1 modules, including all the definitions used in this document | ||||
| can be found in [CPALGS]. | ||||
| 2 Algorithm Support | 2 Algorithm Support | |||
| This section is an overview of cryptographic algorithms, that may be | This section is an overview of cryptographic algorithms, that may be | |||
| used within the Internet X.509 certificates and CRL profile | used within the Internet X.509 certificates and CRL profile | |||
| [RFC3280]. It describes one-way hash functions and digital signature | [RFC3280]. It describes one-way hash functions and digital signature | |||
| algorithms, that may be used to sign certificates and CRLs, and | algorithms, that may be used to sign certificates and CRLs, and | |||
| identifies OIDs and ASN.1 encoding for public keys contained in a | identifies OIDs and ASN.1 encoding for public keys contained in a | |||
| certificate. | certificate. | |||
| skipping to change at page 4, line 12 ¶ | skipping to change at page 4, line 9 ¶ | |||
| GOST R 34.11-94 has been developed by "GUBS of Federal Agency | GOST R 34.11-94 has been developed by "GUBS of Federal Agency | |||
| Government Communication and Information" and "All-Russian Scientific | Government Communication and Information" and "All-Russian Scientific | |||
| and Research Institute of Standardization". The algorithm GOST R | and Research Institute of Standardization". The algorithm GOST R | |||
| 34.11-94 produces a 256-bit hash value of the arbitrary finite bit | 34.11-94 produces a 256-bit hash value of the arbitrary finite bit | |||
| length input. This document does not contain GOST R 34.11-94 full | length input. This document does not contain GOST R 34.11-94 full | |||
| specification, which can be found in [GOSTR3411] in Russian. It's | specification, which can be found in [GOSTR3411] in Russian. It's | |||
| brief technical description in english can be found in [Schneier95], | brief technical description in english can be found in [Schneier95], | |||
| ch. 18.11, p. 454. | ch. 18.11, p. 454. | |||
| Parameters for this function are defined in section 6.2 of [CPALGS]. | This function is always used with default parameter set | |||
| gostR3411CryptoProParamSetAI (see section 8.2 of [CPALGS]). | ||||
| 2.2 Signature Algorithms | 2.2 Signature Algorithms | |||
| Conforming CAs may use GOST R 34.10-94 or GOST R 34.10-2001 signature | Conforming CAs may use GOST R 34.10-94 or GOST R 34.10-2001 signature | |||
| algorithms to sign certificates and CRLs. The signatureAlgorithm | algorithms to sign certificates and CRLs. The signatureAlgorithm | |||
| field of Certificate or CertificateList indicates the signature | field of Certificate or CertificateList indicates the signature | |||
| algorithm ID, and associated parameters. This section also defines | algorithm ID, and associated parameters. This section also defines | |||
| algorithm identifiers and parameters that MUST be used in the | algorithm identifiers and parameters that MUST be used in the | |||
| signatureAlgorithm field in a Certificate or CertificateList. | signatureAlgorithm field in a Certificate or CertificateList. | |||
| skipping to change at page 6, line 40 ¶ | skipping to change at page 6, line 37 ¶ | |||
| MUST use the predefined OID issuing certificates containing public | MUST use the predefined OID issuing certificates containing public | |||
| keys for these algorithms. The appropriate applications supporting | keys for these algorithms. The appropriate applications supporting | |||
| any of these algorithms MUST fully recognize the OID identified in | any of these algorithms MUST fully recognize the OID identified in | |||
| this section | this section | |||
| 2.3.1 GOST R 34.10-94 Keys | 2.3.1 GOST R 34.10-94 Keys | |||
| This section defines OID and parameter encoding for inclusion of GOST | This section defines OID and parameter encoding for inclusion of GOST | |||
| R 34.10-94 public key in certificate. Such public key can be used | R 34.10-94 public key in certificate. Such public key can be used | |||
| for digital signature validation algorithm GOST R 34.10-94 | for digital signature validation algorithm GOST R 34.10-94 | |||
| [GOSTR341094], and for key establishment algorithm VKO GOST R | [GOSTR341094], and for key derivation algorithm VKO GOST R 34.10-94 | |||
| 34.10-94 [CPALGS]. | [CPALGS]. | |||
| An assumed cryptographic key usage MAY be specified by keyUsage | An assumed cryptographic key usage MAY be specified by keyUsage | |||
| extension [RFC3280]. The usage of the same key for signature and key | extension [RFC3280]. The usage of the same key for signature and key | |||
| establishment is NOT RECOMMENDED, but possible. | derivation is NOT RECOMMENDED, but possible. | |||
| Public key OID for GOST R 34.10-94 declared in this document is: | Public key OID for GOST R 34.10-94 declared in this document is: | |||
| id-GostR3410-94 OBJECT IDENTIFIER ::= | id-GostR3410-94 OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms gostR3410-94(20) } | { id-CryptoPro-algorithms gostR3410-94(20) } | |||
| SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for | SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for | |||
| GOST R 34.10-94 keys MUST be id-GostR3410-94; | GOST R 34.10-94 keys MUST be id-GostR3410-94; | |||
| SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the | SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the | |||
| following structure: | following structure: | |||
| GostR3410-94-PublicKeyParameters ::= | GostR3410-94-PublicKeyParameters ::= | |||
| SEQUENCE { | SEQUENCE { | |||
| publicKeyParamSet | publicKeyParamSet | |||
| OBJECT IDENTIFIER, | OBJECT IDENTIFIER, | |||
| digestParamSet | digestParamSet | |||
| OBJECT IDENTIFIER, | OBJECT IDENTIFIER, | |||
| encryptionParamSet | encryptionParamSet | |||
| OBJECT IDENTIFIER OPTIONAL | OBJECT IDENTIFIER OPTIONAL | |||
| } | } | |||
| where: | where: | |||
| * publicKeyParamSet - public key parameters identifier for GOST R | * publicKeyParamSet - public key parameters identifier for GOST R | |||
| 34.10-94 (see section 6.3 of [CPALGS]) | 34.10-94 (see section 8.3 of [CPALGS]) | |||
| * digestParamSet - parameters identifier for GOST R 34.11-94 (see | * digestParamSet - parameters identifier for GOST R 34.11-94 (see | |||
| section 6.2 of [CPALGS]) | section 8.2 of [CPALGS]) | |||
| * encryptionParamSet - optional parameters identifier for GOST | * encryptionParamSet - optional parameters identifier for GOST | |||
| 28147-89 (see section 6.1 of [CPALGS]) MAY be present in any | 28147-89 (see section 8.1 of [CPALGS]) MAY be present in any | |||
| certificate and MUST be present if keyUsage includes keyAgreement or | certificate and MUST be present if keyUsage includes keyAgreement or | |||
| keyEnchiperment. | keyEnchiperment. | |||
| If GOST R 34.10-94 algorithm parameters are omitted in | If GOST R 34.10-94 algorithm parameters are omitted in | |||
| subjectPublicKeyInfo, and CA signs subject certificate using GOST R | subjectPublicKeyInfo, and CA signs subject certificate using GOST R | |||
| 34.10-94, then GOST R 34.10-94 parameters taken from | 34.10-94, then GOST R 34.10-94 parameters taken from | |||
| subjectPublicKeyInfo field of issuer certificate are applicable to | subjectPublicKeyInfo field of issuer certificate are applicable to | |||
| public key of GOST R 34.10-94 subject. That is, cryptographic | public key of GOST R 34.10-94 subject. That is, cryptographic | |||
| parameters inheritance takes place. If subjectPublicKeyInfo | parameters inheritance takes place. If subjectPublicKeyInfo | |||
| AlgorithmIdentifier field contain no parameters, but CA sign | AlgorithmIdentifier field contain no parameters, but CA sign | |||
| skipping to change at page 8, line 36 ¶ | skipping to change at page 8, line 34 ¶ | |||
| digitalSignature; | digitalSignature; | |||
| nonRepudiation; | nonRepudiation; | |||
| keyCertSign; | keyCertSign; | |||
| cRLSign. | cRLSign. | |||
| 2.3.2 GOST R 34.10-2001 Keys | 2.3.2 GOST R 34.10-2001 Keys | |||
| This section defines OID and parameter encoding for inclusion of GOST | This section defines OID and parameter encoding for inclusion of GOST | |||
| R 34.10-2001 public key in certificate. Such public key can be used | R 34.10-2001 public key in certificate. Such public key can be used | |||
| for digital signature validation algorithm GOST R 34.10-2001 | for digital signature validation algorithm GOST R 34.10-2001 | |||
| [GOSTR34102001], and for key establishment algorithm VKO GOST R | [GOSTR34102001], and for key derivation algorithm VKO GOST R | |||
| 34.10-2001 [CPALGS]. | 34.10-2001 [CPALGS]. | |||
| An assumed cryptographic key usage MAY be specified by keyUsage | An assumed cryptographic key usage MAY be specified by keyUsage | |||
| extension [RFC3280]. The usage of the same key for signature and key | extension [RFC3280]. The usage of the same key for signature and key | |||
| establishment is NOT RECOMMENDED, but possible. | derivation is NOT RECOMMENDED, but possible. | |||
| Public key OID for GOST R 34.10-2001 declared in this document is: | Public key OID for GOST R 34.10-2001 declared in this document is: | |||
| id-GostR3410-2001 OBJECT IDENTIFIER ::= | id-GostR3410-2001 OBJECT IDENTIFIER ::= | |||
| { id-CryptoPro-algorithms gostR3410-2001(19) } | { id-CryptoPro-algorithms gostR3410-2001(19) } | |||
| SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for | SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for | |||
| GOST R 34.10-2001 keys MUST be id-GostR3410-2001; | GOST R 34.10-2001 keys MUST be id-GostR3410-2001; | |||
| SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the | SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the | |||
| skipping to change at page 9, line 18 ¶ | skipping to change at page 9, line 15 ¶ | |||
| publicKeyParamSet | publicKeyParamSet | |||
| OBJECT IDENTIFIER, | OBJECT IDENTIFIER, | |||
| digestParamSet | digestParamSet | |||
| OBJECT IDENTIFIER, | OBJECT IDENTIFIER, | |||
| encryptionParamSet | encryptionParamSet | |||
| OBJECT IDENTIFIER OPTIONAL | OBJECT IDENTIFIER OPTIONAL | |||
| } | } | |||
| where: | where: | |||
| * publicKeyParamSet - public key parameters identifier for GOST R | * publicKeyParamSet - public key parameters identifier for GOST R | |||
| 34.10-2001 (see section 6.4 of [CPALGS]) | 34.10-2001 (see section 8.4 of [CPALGS]) | |||
| * digestParamSet - parameters identifier for GOST R 34.11-94 (see | * digestParamSet - parameters identifier for GOST R 34.11-94 (see | |||
| section 6.2 of [CPALGS]) | section 8.2 of [CPALGS]) | |||
| * encryptionParamSet - optional parameters identifier for GOST | * encryptionParamSet - optional parameters identifier for GOST | |||
| 28147-89 (see section 6.1 of [CPALGS]) MAY be present in any | 28147-89 (see section 8.1 of [CPALGS]) MAY be present in any | |||
| certificate and MUST be present if keyUsage includes keyAgreement or | certificate and MUST be present if keyUsage includes keyAgreement or | |||
| keyEnchiperment. | keyEnchiperment. | |||
| If GOST R 34.10-2001 algorithm parameters are omitted in | If GOST R 34.10-2001 algorithm parameters are omitted in | |||
| subjectPublicKeyInfo, and CA signs subject certificate using GOST R | subjectPublicKeyInfo, and CA signs subject certificate using GOST R | |||
| 34.10-2001, then GOST R 34.10-2001 parameters taken from | 34.10-2001, then GOST R 34.10-2001 parameters taken from | |||
| subjectPublicKeyInfo field of issuer certificate are applicable to | subjectPublicKeyInfo field of issuer certificate are applicable to | |||
| public key of GOST R 34.10-2001 subject. That is, cryptographic | public key of GOST R 34.10-2001 subject. That is, cryptographic | |||
| parameters inheritance takes place. If subjectPublicKeyInfo | parameters inheritance takes place. If subjectPublicKeyInfo | |||
| AlgorithmIdentifier field contain no parameters, but CA sign | AlgorithmIdentifier field contain no parameters, but CA sign | |||
| skipping to change at page 10, line 20 ¶ | skipping to change at page 10, line 18 ¶ | |||
| DER-encoded and placed in BIT STRING. | DER-encoded and placed in BIT STRING. | |||
| GostR3410-2001-PublicKey ::= BIT STRING | GostR3410-2001-PublicKey ::= BIT STRING | |||
| GostR3410-2001-PublicKeyOctetString ::= OCTET STRING | GostR3410-2001-PublicKeyOctetString ::= OCTET STRING | |||
| If the keyUsage extension is present in an end-entity certificate, | If the keyUsage extension is present in an end-entity certificate, | |||
| which conveys a GOST R 34.10-2001 public key, the following values | which conveys a GOST R 34.10-2001 public key, the following values | |||
| MAY be present: | MAY be present: | |||
| digitalSignature; | digitalSignature, | |||
| nonRepudiation. | nonRepudiation, | |||
| keyEncipherment; | keyEncipherment, | |||
| keyAgreement. | keyAgreement. | |||
| If the keyAgreement or keyEnchiperment extension is present in a | If the keyAgreement or keyEnchiperment extension is present in a | |||
| certificate, the following values MAY be present: | certificate, the following values MAY be present: | |||
| encipherOnly; | encipherOnly, | |||
| decipherOnly. | decipherOnly. | |||
| The keyUsage extension MUST NOT assert both encipherOnly and | The keyUsage extension MUST NOT assert both encipherOnly and | |||
| decipherOnly. | decipherOnly. | |||
| If the keyUsage extension is present in an CA or CRL signer | If the keyUsage extension is present in an CA or CRL signer | |||
| certificate which contain a GOST R 34.10-2001 public key, the | certificate which contain a GOST R 34.10-2001 public key, the | |||
| following values MAY be present: | following values MAY be present: | |||
| digitalSignature; | digitalSignature, | |||
| nonRepudiation; | nonRepudiation, | |||
| keyCertSign; | keyCertSign, | |||
| cRLSign. | cRLSign. | |||
| 3 Security Considerations | 3 Security Considerations | |||
| It is RECCOMENDED, that applications verify signature values and | ||||
| subject public keys to conform to [GOSTR34102001], [GOSTR341094] | ||||
| standards prior to their use. | ||||
| When certificate is used as analogue to a manual signing, in the | When certificate is used as analogue to a manual signing, in the | |||
| context of Russian Federal Digital Signature Law [RFDSL], certificate | context of Russian Federal Digital Signature Law [RFDSL], certificate | |||
| MUST contain keyUsage extension, it MUST be critical, and keyUsage | MUST contain keyUsage extension, it MUST be critical, and keyUsage | |||
| MUST NOT include keyEncipherment and keyAgreement. | MUST NOT include keyEncipherment and keyAgreement. | |||
| When certificate validity period (typicaly 5 years for end entities | ||||
| and 7 years for CAs in Russia) is not equal to the private key | ||||
| validity period (typicaly 15 months in Russia) it is RECOMENDED to | ||||
| use private key usage period extension. | ||||
| For security discussion concerning use of algorithm parameters, see | For security discussion concerning use of algorithm parameters, see | |||
| section Security Considerations from [CPALGS]. | section Security Considerations from [CPALGS]. | |||
| 4 Appendix ASN.1 Moduls | 4 References | |||
| 4.1 Cryptographic-Gost-Useful-Definitions | ||||
| Cryptographic-Gost-Useful-Definitions | ||||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | ||||
| other(1) modules(1) cryptographic-Gost-Useful-Definitions(0) | ||||
| 1 } | ||||
| DEFINITIONS ::= | ||||
| BEGIN | ||||
| -- Crypto-Pro OID branch | ||||
| id-CryptoPro OBJECT IDENTIFIER ::= | ||||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } | ||||
| id-CryptoPro-algorithms OBJECT IDENTIFIER ::= | ||||
| id-CryptoPro | ||||
| id-CryptoPro-modules OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro other(1) modules(1) } | ||||
| id-CryptoPro-hashes OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms hashes(30) } | ||||
| id-CryptoPro-encrypts OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms encrypts(31) } | ||||
| id-CryptoPro-signs OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms signs(32) } | ||||
| id-CryptoPro-exchanges OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms exchanges(33) } | ||||
| id-CryptoPro-extensions OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro extensions(34) } | ||||
| id-CryptoPro-ecc-signs OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms ecc-signs(35) } | ||||
| id-CryptoPro-ecc-exchanges OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms ecc-exchanges(36) } | ||||
| id-CryptoPro-private-keys OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms private-keys(37) } | ||||
| id-CryptoPro-policyQt OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro policyQt(39) } | ||||
| id-CryptoPro-policyIds OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro policyIds(38) } | ||||
| id-CryptoPro-attributes OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms attributes(38) } | ||||
| id-CryptoPro-pkixcmp-infos OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms pkixcmp-infos(41) } | ||||
| -- ASN.1 modules of Russian Cryptography "GOST" & "GOST R" | ||||
| -- Specifications | ||||
| cryptographic-Gost-Useful-Definitions OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules | ||||
| cryptographic-Gost-Useful-Definitions(0) 1 } | ||||
| -- GOST R 34.11-94 | ||||
| gostR3411-94-DigestSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3411-94-DigestSyntax(1) 1 } | ||||
| gostR3411-94-ParamSetSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3411-94-ParamSetSyntax(7) 1 } | ||||
| -- GOST R 34.10-94 | ||||
| gostR3410-94-PKISyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3410-94-PKISyntax(2) 1 } | ||||
| gostR3410-94-SignatureSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3410-94-SignatureSyntax(3) 1 } | ||||
| gostR3410-94-EncryptionSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3410-94-EncryptionSyntax(5) 2 } | ||||
| gostR3410-94-ParamSetSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3410-94-ParamSetSyntax(8) 1 } | ||||
| -- GOST R 34.10-2001 | ||||
| gostR3410-2001-PKISyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gostR3410-2001-PKISyntax(9) 1 } | ||||
| gostR3410-2001-SignatureSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules | ||||
| gostR3410-2001-SignatureSyntax(10) 1 } | ||||
| gostR3410-2001-EncryptionSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules | ||||
| gostR3410-2001-EncryptionSyntax(11) 2 } | ||||
| gostR3410-2001-ParamSetSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules | ||||
| gostR3410-2001-ParamSetSyntax(12) 1 } | ||||
| -- GOST 28147-89 | ||||
| gost28147-89-EncryptionSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gost28147-89-EncryptionSyntax(4) 1 } | ||||
| gost28147-89-ParamSetSyntax OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gost28147-89-ParamSetSyntax(6) 1 } | ||||
| -- Extended Key Usage for Crypto-Pro | ||||
| gost-CryptoPro-ExtendedKeyUsage OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules | ||||
| gost-CryptoPro-ExtendedKeyUsage(13) 1 } | ||||
| -- Crypto-Pro Private keys | ||||
| gost-CryptoPro-PrivateKey OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gost-CryptoPro-PrivateKey(14) 1 } | ||||
| -- Crypto-Pro Policy | ||||
| gost-CryptoPro-Policy OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gost-CryptoPro-Policy(15) 1 } | ||||
| -- Crypto-Pro PKIXCMP structures | ||||
| gost-CryptoPro-PKIXCMP OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-modules gost-CryptoPro-PKIXCMP(16) 1 } | ||||
| -- External ASN.1 modules for Russian Cryptography | ||||
| id-external-PKIX1Explicit93 OBJECT IDENTIFIER ::= | ||||
| { iso(1) identified-organization(3) | ||||
| dod(6) internet(1) security(5) mechanisms(5) pkix(7) | ||||
| id-mod(0) id-pkix1-explicit-93(3) | ||||
| } | ||||
| -- Useful types | ||||
| ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER | ||||
| AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= | ||||
| SEQUENCE { | ||||
| algorithm | ||||
| ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), | ||||
| parameters | ||||
| ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) | ||||
| OPTIONAL | ||||
| } | ||||
| END -- Cryptographic-Gost-Useful-Definitions | ||||
| 4.2 GostR3411-94-DigestSyntax | ||||
| GostR3411-94-DigestSyntax | ||||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | ||||
| other(1) modules(1) gostR3411-94-DigestSyntax(1) 1 } | ||||
| DEFINITIONS ::= | ||||
| BEGIN | ||||
| IMPORTS | ||||
| id-CryptoPro-algorithms, id-CryptoPro-hashes, | ||||
| gost28147-89-EncryptionSyntax, | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| { iso(1) member-body(2) ru(643) rans(2) | ||||
| cryptopro(2) other(1) modules(1) | ||||
| cryptographic-Gost-Useful-Definitions(0) 1 } | ||||
| Gost28147-89-Data, Gost28147-89-UZ | ||||
| FROM Gost28147-89-EncryptionSyntax | ||||
| gost28147-89-EncryptionSyntax | ||||
| AlgorithmIdentifier, ALGORITHM-IDENTIFIER | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| ; | ||||
| -- GOST R 34.11-94 OID | ||||
| id-GostR3411-94 OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms gostR3411-94(9) } | ||||
| -- GOST R 34.11-94 Cryptographic Parameters Set OIDs | ||||
| id-GostR3411-94-TestParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-hashes test(0) } | ||||
| id-GostR3411-94-CryptoProParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-hashes cryptopro(1) } | ||||
| -- GOST R 34.11-94 Data Types | ||||
| GostR3411-94-Data ::= Gost28147-89-Data | ||||
| GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) | ||||
| -- GOST R 34.11-94 Digest Parameters & Algorithms | ||||
| GostR3411-94-DigestParameters ::= | ||||
| OBJECT IDENTIFIER ( | ||||
| id-GostR3411-94-TestParamSet | -- Only for tests use | ||||
| id-GostR3411-94-CryptoProParamSet | ||||
| ) | ||||
| GostR3411-94-DigestAlgorithms ALGORITHM-IDENTIFIER ::= { | ||||
| { NULL IDENTIFIED BY id-GostR3411-94 } | | ||||
| -- Assume id-GostR3411-94-CryptoProParamSet | ||||
| { GostR3411-94-DigestParameters | ||||
| IDENTIFIED BY id-GostR3411-94 } | ||||
| } | ||||
| END -- GostR3411-94-DigestSyntax | ||||
| 4.3 GostR3410-94-PKISyntax | ||||
| GostR3410-94-PKISyntax | ||||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | ||||
| other(1) modules(1) gostR3410-94-PKISyntax(2) 1 } | ||||
| DEFINITIONS ::= | ||||
| BEGIN | ||||
| IMPORTS | ||||
| id-CryptoPro-algorithms, | ||||
| id-CryptoPro-signs, id-CryptoPro-exchanges, | ||||
| gost28147-89-EncryptionSyntax, | ||||
| gostR3411-94-DigestSyntax, | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| { iso(1) member-body(2) ru(643) rans(2) | ||||
| cryptopro(2) other(1) modules(1) | ||||
| cryptographic-Gost-Useful-Definitions(0) 1 } | ||||
| id-Gost28147-89-TestParamSet, | ||||
| id-Gost28147-89-CryptoPro-A-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-B-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-C-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-D-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet | ||||
| FROM Gost28147-89-EncryptionSyntax | ||||
| gost28147-89-EncryptionSyntax | ||||
| id-GostR3411-94-TestParamSet, | ||||
| id-GostR3411-94-CryptoProParamSet | ||||
| FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax | ||||
| AlgorithmIdentifier, ALGORITHM-IDENTIFIER | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| ; | ||||
| -- GOST R 34.10-94 OIDs | ||||
| id-GostR3410-94 OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms gostR3410-94(20) } | ||||
| id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms | ||||
| gostR3411-94-with-gostR3410-94(4) } | ||||
| -- GOST R 34.10-94 Public Key Cryptographic Parameters Set OIDs | ||||
| id-GostR3410-94-TestParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-signs test(0) } | ||||
| id-GostR3410-94-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-signs cryptopro-A(2) } | ||||
| id-GostR3410-94-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-signs cryptopro-B(3) } | ||||
| id-GostR3410-94-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-signs cryptopro-C(4) } | ||||
| id-GostR3410-94-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-signs cryptopro-D(5) } | ||||
| id-GostR3410-94-CryptoPro-XchA-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-exchanges cryptopro-XchA(1) } | ||||
| id-GostR3410-94-CryptoPro-XchB-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-exchanges cryptopro-XchB(2) } | ||||
| id-GostR3410-94-CryptoPro-XchC-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-exchanges cryptopro-XchC(3) } | ||||
| -- GOST R 34.10-94 Data Types | ||||
| GostR3410-94-CertificateSignature ::= | ||||
| BIT STRING ( SIZE(256..512) ) | ||||
| GostR3410-94-PublicKeyOctetString ::= | ||||
| OCTET STRING ( SIZE( | ||||
| 64 | -- Only for tests use | ||||
| 128 | ||||
| ) ) | ||||
| GostR3410-94-PublicKey ::= | ||||
| BIT STRING ( SIZE(16..1048) ) | ||||
| -- Container for GostR3410-94-PublicKeyOctetString | ||||
| GostR3410-94-PublicKeyParameters ::= | ||||
| SEQUENCE { | ||||
| publicKeyParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-GostR3410-94-TestParamSet | -- Only for tests use | ||||
| id-GostR3410-94-CryptoPro-A-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-B-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-C-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-D-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-XchA-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-XchB-ParamSet | | ||||
| id-GostR3410-94-CryptoPro-XchC-ParamSet | ||||
| ), | ||||
| digestParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-GostR3411-94-TestParamSet | -- Only for tests use | ||||
| id-GostR3411-94-CryptoProParamSet | ||||
| ), | ||||
| encryptionParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-Gost28147-89-TestParamSet | -- Only for tests use | ||||
| id-Gost28147-89-CryptoPro-A-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-B-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-C-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-D-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet | ||||
| ) OPTIONAL | ||||
| } | ||||
| GostR3410-94-PublicKeyAlgorithms ALGORITHM-IDENTIFIER ::= { | ||||
| { GostR3410-94-PublicKeyParameters IDENTIFIED BY | ||||
| id-GostR3410-94 } | ||||
| } | ||||
| GostR3410-94-CertificateSignatureAlgorithms | ||||
| ALGORITHM-IDENTIFIER ::= { | ||||
| { NULL IDENTIFIED BY | ||||
| id-GostR3411-94-with-GostR3410-94 } | | ||||
| { GostR3410-94-PublicKeyParameters IDENTIFIED BY | ||||
| id-GostR3411-94-with-GostR3410-94 } | ||||
| } | ||||
| END -- GostR3410-94-PKISyntax | ||||
| 4.4 GostR3410-2001-PKISyntax | ||||
| GostR3410-2001-PKISyntax | ||||
| { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) | ||||
| other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 } | ||||
| DEFINITIONS ::= | ||||
| BEGIN | ||||
| IMPORTS | ||||
| id-CryptoPro-algorithms, | ||||
| id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges, | ||||
| gost28147-89-EncryptionSyntax, | ||||
| gostR3411-94-DigestSyntax, | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| { iso(1) member-body(2) ru(643) rans(2) | ||||
| cryptopro(2) other(1) modules(1) | ||||
| cryptographic-Gost-Useful-Definitions(0) 1 } | ||||
| id-Gost28147-89-TestParamSet, | ||||
| id-Gost28147-89-CryptoPro-A-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-B-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-C-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-D-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet, | ||||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet | ||||
| FROM Gost28147-89-EncryptionSyntax | ||||
| gost28147-89-EncryptionSyntax | ||||
| id-GostR3411-94-TestParamSet, | ||||
| id-GostR3411-94-CryptoProParamSet | ||||
| FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax | ||||
| AlgorithmIdentifier, ALGORITHM-IDENTIFIER | ||||
| FROM Cryptographic-Gost-Useful-Definitions | ||||
| cryptographic-Gost-Useful-Definitions | ||||
| ; | ||||
| -- GOST R 34.10-2001 OIDs | ||||
| id-GostR3410-2001 OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms gostR3410-2001(19) } | ||||
| id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-algorithms | ||||
| gostR3411-94-with-gostR3410-2001(3) } | ||||
| -- GOST R 34.10-2001 Public Key Cryptographic Parameters Set OIDs | ||||
| id-GostR3410-2001-TestParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-signs test(0) } | ||||
| id-GostR3410-2001-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-signs cryptopro-A(1) } | ||||
| id-GostR3410-2001-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-signs cryptopro-B(2) } | ||||
| id-GostR3410-2001-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-signs cryptopro-C(3) } | ||||
| id-GostR3410-2001-CryptoPro-XchA-ParamSet | ||||
| OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-exchanges cryptopro-XchA(0) } | ||||
| id-GostR3410-2001-CryptoPro-XchB-ParamSet | ||||
| OBJECT IDENTIFIER ::= | ||||
| { id-CryptoPro-ecc-exchanges cryptopro-XchB(1) } | ||||
| -- GOST R 34.10-2001 Data Types | ||||
| GostR3410-2001-CertificateSignature ::= | ||||
| BIT STRING ( SIZE(256..512) ) | ||||
| GostR3410-2001-PublicKeyOctetString ::= | ||||
| OCTET STRING ( SIZE(64) ) | ||||
| GostR3410-2001-PublicKey ::= | ||||
| BIT STRING ( SIZE(16..524) ) | ||||
| -- Container for GostR3410-2001-PublicKeyOctetString | ||||
| GostR3410-2001-PublicKeyParameters ::= | ||||
| SEQUENCE { | ||||
| publicKeyParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-GostR3410-2001-TestParamSet | -- Only for tests use | ||||
| id-GostR3410-2001-CryptoPro-A-ParamSet | | ||||
| id-GostR3410-2001-CryptoPro-B-ParamSet | | ||||
| id-GostR3410-2001-CryptoPro-C-ParamSet | | ||||
| id-GostR3410-2001-CryptoPro-XchA-ParamSet | | ||||
| id-GostR3410-2001-CryptoPro-XchB-ParamSet | ||||
| ), | ||||
| digestParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-GostR3411-94-TestParamSet | -- Only for tests use | ||||
| id-GostR3411-94-CryptoProParamSet | ||||
| ), | ||||
| encryptionParamSet | ||||
| OBJECT IDENTIFIER ( | ||||
| id-Gost28147-89-TestParamSet | -- Only for tests use | ||||
| id-Gost28147-89-CryptoPro-A-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-B-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-C-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-D-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-A-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-B-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-C-ParamSet | | ||||
| id-Gost28147-89-CryptoPro-Simple-D-ParamSet | ||||
| ) OPTIONAL | ||||
| } | ||||
| GostR3410-2001-PublicKeyAlgorithms ALGORITHM-IDENTIFIER ::= { | ||||
| { GostR3410-2001-PublicKeyParameters IDENTIFIED BY | ||||
| id-GostR3410-2001 } | ||||
| } | ||||
| GostR3410-2001-CertificateSignatureAlgorithms | ||||
| ALGORITHM-IDENTIFIER ::= { | ||||
| { NULL IDENTIFIED BY | ||||
| id-GostR3411-94-with-GostR3410-2001 } | | ||||
| { GostR3410-2001-PublicKeyParameters IDENTIFIED BY | ||||
| id-GostR3411-94-with-GostR3410-2001 } | ||||
| } | ||||
| END -- GostR3410-2001-PKISyntax | ||||
| 5 References | ||||
| [GOST28147] "Cryptographic Protection for Data Processing Sys- | [GOST28147] "Cryptographic Protection for Data Processing Sys- | |||
| tem", GOST 28147-89, Gosudarstvennyi Standard of | tem", GOST 28147-89, Gosudarstvennyi Standard of | |||
| USSR, Government Committee of the USSR for Standards, | USSR, Government Committee of the USSR for Standards, | |||
| 1989. (In Russian); | 1989. (In Russian); | |||
| [GOSTR341094] "Information technology. Cryptographic Data Security. | [GOSTR341094] "Information technology. Cryptographic Data Security. | |||
| Produce and check procedures of Electronic Digital | Produce and check procedures of Electronic Digital | |||
| Signatures based on Asymmetric Cryptographic Algo- | Signatures based on Asymmetric Cryptographic Algo- | |||
| rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of | rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of | |||
| skipping to change at page 20, line 24 ¶ | skipping to change at page 11, line 44 ¶ | |||
| Standard of Russian Federation, Government Committee | Standard of Russian Federation, Government Committee | |||
| of the Russia for Standards, 1994. (In Russian); | of the Russia for Standards, 1994. (In Russian); | |||
| [RFDSL] Russian Federal Digital Signature Law, 10 Jan 2002 | [RFDSL] Russian Federal Digital Signature Law, 10 Jan 2002 | |||
| N1-FZ | N1-FZ | |||
| [CPALGS] "Additional cryptographic algorithms for use with | [CPALGS] "Additional cryptographic algorithms for use with | |||
| GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, | GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, | |||
| and GOST R 34.11-94 algorithms", V. Popov, I. Kurep- | and GOST R 34.11-94 algorithms", V. Popov, I. Kurep- | |||
| kin, S. Leontiev, February 2004, draft-popov-crypto- | kin, S. Leontiev, February 2004, draft-popov-crypto- | |||
| pro-cpalgs-00.txt work in progress; | pro-cpalgs-01.txt work in progress; | |||
| [Schneier95] B. Schneier, Applied cryptography, second edition, | [Schneier95] B. Schneier, Applied cryptography, second edition, | |||
| John Wiley & Sons, Inc., 1995; | John Wiley & Sons, Inc., 1995; | |||
| [RFC3280] Housley, R., Polk, W., Ford, W. and D. Solo, | [RFC3280] Housley, R., Polk, W., Ford, W. and D. Solo, | |||
| "Internet X.509 Public Key Infrastructure Certificate | "Internet X.509 Public Key Infrastructure Certificate | |||
| and Certificate Revocation List (CRL) Profile", RFC | and Certificate Revocation List (CRL) Profile", RFC | |||
| 3280, April 2002. | 3280, April 2002. | |||
| [RFC3279] Algorithms and Identifiers for the Internet X.509 | [RFC3279] Algorithms and Identifiers for the Internet X.509 | |||
| End of changes. 25 change blocks. | ||||
| 424 lines changed or deleted | 47 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||