< draft-ietf-pkix-gost-cppk-01.txt   draft-ietf-pkix-gost-cppk-02.txt >
PKIX Working Group Serguei Leontiev, CRYPTO-PRO PKIX Working Group Serguei Leontiev, CRYPTO-PRO
Internet Draft Dennis Shefanovskij, DEMOS Co Ltd Internet Draft Dennis Shefanovskij, DEMOS Co Ltd
Expires October 1, 2004 April 1, 2004 Expires August 5, 2005 February 5, 2005
Intended Category: Informational Intended Category: Informational
Using the GOST R 34.10-94, GOST R 34.10-2001 and Using the GOST R 34.10-94, GOST R 34.10-2001 and
GOST R 34.11-94 algorithms with the GOST R 34.11-94 algorithms with the
Internet X.509 Public Key Infrastructure Internet X.509 Public Key Infrastructure
Certificate and CRL Profile. Certificate and CRL Profile.
<draft-ietf-pkix-gost-cppk-01.txt> <draft-ietf-pkix-gost-cppk-02.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with By submitting this Internet-Draft, I certify that any applicable
all provisions of Section 10 of RFC2026. patent or other IPR claims of which I am aware have been disclosed,
and any of which I become aware will be disclosed, in accordance with
Internet-Drafts are working documents of the Internet Engineering RFC 3668.
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months This document is an Internet Draft and is subject to all provisions
and may be updated, replaced, or obsoleted by other documents at any of Section 10 of RFC2026. Internet Drafts are working documents of
time. It is inappropriate to use Internet-Drafts as reference the Internet Engineering Task Force (IETF), its areas, and its
material or to cite them other than as "work in progress." working groups. Note that other groups may also distribute working
documents as Internet Drafts. Internet Drafts are draft documents
valid for a maximum of 6 months and may be updated, replaced, or
obsoleted by other documents at any time. It is inappropriate to use
Internet Drafts as reference material or to cite them other than as a
"work in progress".
The list of current Internet-Drafts can be accessed at The list of current Internet Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html
Comments or suggestions for improvement may be done via "ietf-pkix" Copyright (C) The Internet Society (2005). All Rights Reserved.
mailing list, or directly to the authors.
Abstract Abstract
This document describes identifiers and appropriate parameters for This document describes identifiers and appropriate parameters for
the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94, the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94,
and also ASN.1 encoding scheme for digital signatures and public and also ASN.1 encoding scheme for digital signatures and public
keys, used in Internet X.509 Public Key Infrastructure (PKI). This keys, used in Internet X.509 Public Key Infrastructure (PKI). This
specification extends [RFC3279], "Algorithms and Identifiers for the specification extends [RFC3279], "Algorithms and Identifiers for the
Internet X.509 Public Key Infrastructure Certificate and Certificate Internet X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile" and, correspondingly, [RFC3280], Revocation List (CRL) Profile" and, correspondingly, [RFC3280],
"Internet X.509 Public Key Infrastructure: Certificate and "Internet X.509 Public Key Infrastructure: Certificate and
Certificate Revocation List (CRL) Profile". All implementations of Certificate Revocation List (CRL) Profile". All implementations of
this specification MUST also satisfy the requirements of [RFC3280]. this specification MUST also satisfy the requirements of [RFC3280].
Table of Contents Table of Contents
1 Introduction. . . . . . . . . . . . . . . . . . . . . . 2 1 Introduction. . . . . . . . . . . . . . . . . . . . . . 2
2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3 2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3
2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 4 2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 3
2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 4 2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 3
2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 4 2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 4
2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 5 2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 4
2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 6 2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 5
2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 7 2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 6
2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 7 2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 6
2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 9 2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 8
3 Security Considerations . . . . . . . . . . . . . . . . 14 3 Security Considerations . . . . . . . . . . . . . . . . 10
4 References. . . . . . . . . . . . . . . . . . . . . . . 41 4 Appendix Examples . . . . . . . . . . . . . . . . . . . 11
Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 42 4.1 GOST R 34.10-94 Certificate . . . . . . . . . . . . . . 11
Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 43 4.2 GOST R 34.10-2001 Certificate . . . . . . . . . . . . . 13
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 44 5 References. . . . . . . . . . . . . . . . . . . . . . . 16
Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 17
Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 18
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 19
1 Introduction 1 Introduction
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
This document defines identifiers and corresponding algorithm This document defines identifiers and corresponding algorithm
parameters and attributes proposed by CRYPTO-PRO Company within parameters and attributes proposed by CRYPTO-PRO Company within
"Russian Cryptographic Software Compatibility Agreement" community "Russian Cryptographic Software Compatibility Agreement" community
skipping to change at page 11, line 11 skipping to change at page 11, line 14
MUST NOT include keyEncipherment and keyAgreement. MUST NOT include keyEncipherment and keyAgreement.
When certificate validity period (typicaly 5 years for end entities When certificate validity period (typicaly 5 years for end entities
and 7 years for CAs in Russia) is not equal to the private key and 7 years for CAs in Russia) is not equal to the private key
validity period (typicaly 15 months in Russia) it is RECOMENDED to validity period (typicaly 15 months in Russia) it is RECOMENDED to
use private key usage period extension. use private key usage period extension.
For security discussion concerning use of algorithm parameters, see For security discussion concerning use of algorithm parameters, see
section Security Considerations from [CPALGS]. section Security Considerations from [CPALGS].
4 References 4 Appendix Examples
4.1 GOST R 34.10-94 Certificate
0 30 527: SEQUENCE {
4 30 444: SEQUENCE {
8 02 16: INTEGER
: 17 31 2A C2 1B D2 08 58 BC 04 1E 52 37 D0 74 50
26 30 10: SEQUENCE {
28 06 6: OBJECT IDENTIFIER
: id_GostR3411_94_with_GostR3410_94
: ( 1 2 643 2 2 4)
36 05 0: NULL
: }
38 30 105: SEQUENCE {
40 31 29: SET {
42 30 27: SEQUENCE {
44 06 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
49 0C 20: UTF8String 'GostR3410-94 example'
: }
: }
71 31 18: SET {
73 30 16: SEQUENCE {
75 06 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
80 0C 9: UTF8String 'CryptoPro'
: }
: }
91 31 11: SET {
93 30 9: SEQUENCE {
95 06 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
100 13 2: PrintableString 'RU'
: }
: }
104 31 39: SET {
106 30 37: SEQUENCE {
108 06 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
119 16 24: IA5String 'GostR3410-94@example.com'
: }
: }
: }
145 30 30: SEQUENCE {
147 17 13: UTCTime '050203151651Z'
162 17 13: UTCTime '150203151651Z'
: }
177 30 105: SEQUENCE {
179 31 29: SET {
181 30 27: SEQUENCE {
183 06 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
188 0C 20: UTF8String 'GostR3410-94 example'
: }
: }
210 31 18: SET {
212 30 16: SEQUENCE {
214 06 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
219 0C 9: UTF8String 'CryptoPro'
: }
: }
230 31 11: SET {
232 30 9: SEQUENCE {
234 06 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
239 13 2: PrintableString 'RU'
: }
: }
243 31 39: SET {
245 30 37: SEQUENCE {
247 06 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
258 16 24: IA5String 'GostR3410-94@example.com'
: }
: }
: }
284 30 165: SEQUENCE {
287 30 28: SEQUENCE {
289 06 6: OBJECT IDENTIFIER
: id_GostR3410_94 ( 1 2 643 2 2 20)
297 30 18: SEQUENCE {
299 06 7: OBJECT IDENTIFIER
: id_GostR3410_94_CryptoPro_A_ParamSet
: ( 1 2 643 2 2 32 2)
308 06 7: OBJECT IDENTIFIER
: id_GostR3411_94_CryptoProParamSet
: ( 1 2 643 2 2 30 1)
: }
: }
317 03 132: BIT STRING 0 unused bits, encapsulates {
321 04 128: OCTET STRING
: BB 84 66 E1 79 9E 5B 34 D8 2C 80 7F 13 A8 19 66
: 71 57 FE 8C 54 25 21 47 6F 30 0B 27 77 46 98 C6
: FB 47 55 BE B7 B2 F3 93 6C 39 B5 42 37 26 84 E2
: 0D 10 8A 24 0E 1F 0C 42 4D 2B 3B 11 2B A8 BF 66
: 39 32 5C 94 8B C1 A8 FE 1B 63 12 F6 09 25 87 CC
: 75 1B F4 E5 89 8A 09 82 68 D3 5C 77 A6 0F B6 90
: 10 13 8D E3 3E 7C 9C 91 D6 AC 0D 08 2C 3E 78 C1
: B5 C2 B6 B7 1A A8 2A 8B 45 81 93 32 32 76 FA 7B
: }
: }
: }
452 30 10: SEQUENCE {
454 06 6: OBJECT IDENTIFIER
: id_GostR3411_94_with_GostR3410_94 ( 1 2 643 2 2 4)
462 05 0: NULL
: }
464 03 65: BIT STRING 0 unused bits
: 71 28 D8 4E 9A 38 33 FE 2E 42 12 02 CE C8 AC B3
: F6 91 46 90 37 1A CA 6B 16 61 05 95 BF B0 99 D2
: 94 CC F0 8C CC CE 45 01 5B 71 87 B1 48 C2 16 96
: A7 15 90 DF 83 6C EE 37 ED E4 4F EE BD E2 7F 41
: }
4.2 GOST R 34.10-2001 Certificate
0 30 468: SEQUENCE {
4 30 385: SEQUENCE {
8 02 16: INTEGER
: 48 E9 54 A5 CF E9 69 F5 C9 5C F7 55 E7 83 41 AF
26 30 10: SEQUENCE {
28 06 6: OBJECT IDENTIFIER
: id_GostR3411_94_with_GostR3410_2001
: ( 1 2 643 2 2 3)
36 05 0: NULL
: }
38 30 109: SEQUENCE {
40 31 31: SET {
42 30 29: SEQUENCE {
44 06 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
49 0C 22: UTF8String 'GostR3410-2001 example'
: }
: }
73 31 18: SET {
75 30 16: SEQUENCE {
77 06 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
82 0C 9: UTF8String 'CryptoPro'
: }
: }
93 31 11: SET {
95 30 9: SEQUENCE {
97 06 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
102 13 2: PrintableString 'RU'
: }
: }
106 31 41: SET {
108 30 39: SEQUENCE {
110 06 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
121 16 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
149 30 30: SEQUENCE {
151 17 13: UTCTime '050203151646Z'
166 17 13: UTCTime '150203151646Z'
: }
181 30 109: SEQUENCE {
183 31 31: SET {
185 30 29: SEQUENCE {
187 06 3: OBJECT IDENTIFIER
: commonName (2 5 4 3)
192 0C 22: UTF8String 'GostR3410-2001 example'
: }
: }
216 31 18: SET {
218 30 16: SEQUENCE {
220 06 3: OBJECT IDENTIFIER
: organizationName (2 5 4 10)
225 0C 9: UTF8String 'CryptoPro'
: }
: }
236 31 11: SET {
238 30 9: SEQUENCE {
240 06 3: OBJECT IDENTIFIER
: countryName (2 5 4 6)
245 13 2: PrintableString 'RU'
: }
: }
249 31 41: SET {
251 30 39: SEQUENCE {
253 06 9: OBJECT IDENTIFIER
: emailAddress (1 2 840 113549 1 9 1)
264 16 26: IA5String 'GostR3410-2001@example.com'
: }
: }
: }
292 30 99: SEQUENCE {
294 30 28: SEQUENCE {
296 06 6: OBJECT IDENTIFIER
: id_GostR3410_2001 ( 1 2 643 2 2 19)
304 30 18: SEQUENCE {
306 06 7: OBJECT IDENTIFIER
: id_GostR3410_2001_CryptoPro_XchA_ParamSet
: ( 1 2 643 2 2 36 0)
315 06 7: OBJECT IDENTIFIER
: id_GostR3411_94_CryptoProParamSet
: ( 1 2 643 2 2 30 1)
: }
: }
324 03 67: BIT STRING 0 unused bits, encapsulates {
327 04 64: OCTET STRING
: 84 95 68 75 60 02 1A 40 75 08 CD 13 8C 31 89 2C
: FD E5 05 03 7A 43 5C F4 6D 2B 0F E7 4F 32 7E 57
: 8F EB CC 16 B9 95 88 03 D0 9A 7C 85 AE 0F E4 8D
: EA A6 BB 7E 56 C7 CB B0 DF 0F 66 BC CA EA 1A 60
: }
: }
: }
393 30 10: SEQUENCE {
395 06 6: OBJECT IDENTIFIER
: id_GostR3411_94_with_GostR3410_2001 ( 1 2 643 2 2 3)
403 05 0: NULL
: }
405 03 65: BIT STRING 0 unused bits
: 1F 0E 5D C3 F6 B0 FC E8 8D BC 7C 8E 13 AE 64 BF
: 2A 38 1E 9D 2C 7F 3D DC B0 CE 94 52 4A 75 D1 53
: B6 E3 BA 1F 34 92 B7 B6 C2 DB 1C E2 E3 51 AA B3
: 79 FA E5 19 BD 75 5A 91 D8 AE F5 85 83 E1 5C 2C
: }
5 References
[GOST28147] "Cryptographic Protection for Data Processing Sys- [GOST28147] "Cryptographic Protection for Data Processing Sys-
tem", GOST 28147-89, Gosudarstvennyi Standard of tem", GOST 28147-89, Gosudarstvennyi Standard of
USSR, Government Committee of the USSR for Standards, USSR, Government Committee of the USSR for Standards,
1989. (In Russian); 1989. (In Russian);
[GOSTR341094] "Information technology. Cryptographic Data Security. [GOSTR341094] "Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital Produce and check procedures of Electronic Digital
Signatures based on Asymmetric Cryptographic Algo- Signatures based on Asymmetric Cryptographic Algo-
rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of
skipping to change at page 14, line 28 skipping to change at page 19, line 22
EMail: igus@cryptocom.ru EMail: igus@cryptocom.ru
Anatolij Erkin Anatolij Erkin
SPRCIS (SPbRCZI) SPRCIS (SPbRCZI)
1, Obrucheva, 1, Obrucheva,
St.Petersburg, 195220, Russian Federation St.Petersburg, 195220, Russian Federation
EMail: erkin@nevsky.net EMail: erkin@nevsky.net
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
This document and translations of it may be copied and furnished to except as set forth therein, the authors retain all their rights.
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
 End of changes. 12 change blocks. 
50 lines changed or deleted 266 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/