< draft-smirnov-xmldsig-04.txt   draft-smirnov-xmldsig-05.txt >
Network Working Group P. Smirnov, Ed. Network Working Group P.V. Smirnov, Ed.
Internet-Draft M. Paramonova Internet-Draft M.V. Paramonova
Intended status: Informational M. Khomenko Intended status: Informational M.V. Khomenko
Expires: October 1, 2020 A. Makarov Expires: 6 November 2022 A.O. Makarov
CryptoPro CryptoPro
March 30, 2020 5 May 2022
GOST XML digital signature syntax Using GOST Algorithms for XML Digital Signatures
draft-smirnov-xmldsig-04 draft-smirnov-xmldsig-05
Abstract Abstract
This document specifies XML digital signature syntax and methods of This document defines new algorithm identifiers for GOST
including hash-based message authentication code (HMAC) within the cryptographic algorithms and methods of including GOST-based digital
XML document to support the Russian cryptographic standard signature and hash-based message authentication code (HMAC) within
algorithms. the XML document. All statements in this document are techically
equivalent to [R1323565.1.033-2020].
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 1, 2020. This Internet-Draft will expire on 6 November 2022.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents (https://trustee.ietf.org/
(https://trustee.ietf.org/license-info) in effect on the date of license-info) in effect on the date of publication of this document.
publication of this document. Please review these documents Please review these documents carefully, as they describe your rights
carefully, as they describe your rights and restrictions with respect and restrictions with respect to this document. Code Components
to this document. Code Components extracted from this document must extracted from this document must include Revised BSD License text as
include Simplified BSD License text as described in Section 4.e of described in Section 4.e of the Trust Legal Provisions and are
the Trust Legal Provisions and are provided without warranty as provided without warranty as described in the Revised BSD License.
described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 4 1.1. Requirements language . . . . . . . . . . . . . . . . . . 4
3. Basic Terms and Definitions . . . . . . . . . . . . . . . . . 4 2. XML Namespaces and Prefixes . . . . . . . . . . . . . . . . . 4
4. Structure of the document . . . . . . . . . . . . . . . . . . 5 3. Using GOST Algorithms to Construct an XML Digital Signature
5. XML namespaces and prefixes . . . . . . . . . . . . . . . . . 6 Elements . . . . . . . . . . . . . . . . . . . . . . . . 5
6. The Signature element schema definition . . . . . . . . . . . 7 3.1. Hash Algorithm in DigestMethod Element . . . . . . . . . 5
6.1. The SignedInfo element . . . . . . . . . . . . . . . . . 8 3.1.1. GOST R 34.11-2012 Algorithm with 256-bit Hash Code in
6.1.1. The SignatureMethod element . . . . . . . . . . . . . 9 DigestMethod Element . . . . . . . . . . . . . . . . 5
6.1.2. The Reference element . . . . . . . . . . . . . . . . 10 3.1.2. GOST R 34.11-2012 Algorithm with 512-bit Hash Code in
6.1.2.1. The DigestMethod element . . . . . . . . . . . . 11 DigestMethod Element . . . . . . . . . . . . . . . . 6
6.1.2.2. DigestValue element . . . . . . . . . . . . . . . 12 3.1.3. GOST R 34.11-94 Algorithm in DigestMethod Element . . 6
6.2. The SignatureValue element . . . . . . . . . . . . . . . 12 3.2. Signature Algorithm in SignatureMethod Element . . . . . 7
6.3. The KeyInfo element . . . . . . . . . . . . . . . . . . . 13 3.2.1. GOST R 34.10-2012 Algorithm with 256-bit Key in
6.3.1. The KeyValue element . . . . . . . . . . . . . . . . 14 SignatureMethod Element . . . . . . . . . . . . . . . 7
6.3.1.1. The GOSTR34102012-256-KeyValue, 3.2.2. GOST R 34.10-2012 Algorithm with 512-bit Key in
GOSTR34102012-512-KeyValue and SignatureMethod Element . . . . . . . . . . . . . . . 8
GOSTR34102001KeyValue elements . . . . . . . . . 15 3.2.3. GOST R 34.10-2001 Algorithm in SignatureMethod
6.3.2. The RetrievalMethod element . . . . . . . . . . . . . 16 Element . . . . . . . . . . . . . . . . . . . . . . . 8
6.3.3. The X509Data element . . . . . . . . . . . . . . . . 17 3.3. HMAC Algorithm in SignatureMethod Element . . . . . . . . 9
6.3.4. The DEREncodedKeyValue element . . . . . . . . . . . 18 3.3.1. GOST R 34.11-2012 algorithm with 256-bit key in
7. Guidelines on the GOST algorithms . . . . . . . . . . . . . . 18 SignatureMethod Element . . . . . . . . . . . . . . . 9
7.1. GOST algorithms to create an XML document signature . . . 18 3.3.2. GOST R 34.11-2012 algorithm with 512-bit key in
7.1.1. Hash algorithm in DigestMethod element . . . . . . . 18 SignatureMethod Element . . . . . . . . . . . . . . . 9
7.1.1.1. GOST R 34.11-2012 algorithm with 256-bit hash 4. Including GOST-based Key Material in XML Digital Signature . 10
code in DigestMethod element . . . . . . . . . . 18 4.1. Public Key in DEREncodedKeyValue Element . . . . . . . . 10
7.1.1.2. GOST R 34.11-2012 algorithm with 512-bit hash 4.2. Public Key in KeyValue Element . . . . . . . . . . . . . 10
code in DigestMethod element . . . . . . . . . . 19 4.2.1. GOST R 34.10-2012 256-bit Public Key in
7.1.1.3. GOST R 34.11-94 algorithm in DigestMethod element 19 GOSTR34102012-256-KeyValue Element . . . . . . . . . 12
7.1.2. Signature algorithm in SignatureMethod element . . . 20 4.2.2. GOST R 34.10-2012 512-bit Public Key in
7.1.2.1. GOST R 34.10-2012 algorithm with 256-bit key in GOSTR34102012-512-KeyValue Element . . . . . . . . . 13
SignatureMethod element . . . . . . . . . . . . . 20 4.2.3. GOST R 34.10-2001 Public Key in GOSTR34102001KeyValue
7.1.2.2. GOST R 34.10-2012 algorithm with 512-bit key in Element . . . . . . . . . . . . . . . . . . . . . . . 14
SignatureMethod element . . . . . . . . . . . . . 21 4.3. Public Key Reference in RetrievalMethod Element . . . . . 14
7.1.2.3. GOST R 34.10-2001 algorithm in SignatureMethod 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
element . . . . . . . . . . . . . . . . . . . . . 21 5.1. XML Sub-namespace Registration for
7.2. GOST algorithms to calculate HMAC value . . . . . . . . . 22 urn:ietf:params:xml:ns:cpxmlsec . . . . . . . . . . . . 15
7.2.1. GOST R 34.11-2012 algorithm with 256-bit key in
SignatureMethod element . . . . . . . . . . . . . . . 22 5.2. XML Sub-Namespace Registration for
7.2.2. GOST R 34.11-2012 algorithm with 512-bit key in urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
SignatureMethod element . . . . . . . . . . . . . . . 22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
7.3. The key material . . . . . . . . . . . . . . . . . . . . 23 5.3. XML Sub-Namespace Registration for
7.3.1. Verification key in DEREncodedKeyValue element . . . 23 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
7.3.2. GOST R 34.10-2012 256-bit verification key in . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
GOSTR34102012-256-KeyValue element . . . . . . . . . 23 5.4. XML Sub-Namespace Registration for
7.3.3. GOST R 34.10-2012 512-bit verification key in urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 . . 17
GOSTR34102012-512-KeyValue element . . . . . . . . . 24 5.5. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
7.3.4. GOST R 34.10-2001 verification key in pxmlsec:algorithms:gostr34102012-gostr34112012-256 . . . 18
GOSTR34102001KeyValue element . . . . . . . . . . . . 25 5.6. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26 pxmlsec:algorithms:gostr34102012-gostr34112012-512 . . . 19
8.1. XML Sub-namespace registration for 5.7. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
urn:ietf:params:xml:ns:cpxmlsec . . . . . . . . . . . . . 26 pxmlsec:algorithms:gostr34102001-gostr3411 . . . . . . . 20
8.2. XML Sub-Namespace Registration for 5.8. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012- pxmlsec:algorithms:hmac-gostr34112012-256 . . . . . . . 21
256 . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 5.9. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
8.3. XML Sub-Namespace Registration for pxmlsec:algorithms:hmac-gostr34112012-512 . . . . . . . 22
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012- 5.10. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
512 . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 pxmlsec:types:gostr34102012-256-keyvalue . . . . . . . . 23
8.4. XML Sub-Namespace Registration for 5.11. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:c
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 . . 28 pxmlsec:types:gostr34102012-512-keyvalue . . . . . . . . 24
8.5. XML Sub-Namespace Registration for urn:ietf:params:xml:ns 5.12. XML Sub-Namespace Registration for
:cpxmlsec:algorithms:gostr34102012-gostr34112012-256 . . 29 urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
8.6. XML Sub-Namespace Registration for urn:ietf:params:xml:ns . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
:cpxmlsec:algorithms:gostr34102012-gostr34112012-512 . . 30 5.13. XML Schema Registration . . . . . . . . . . . . . . . . . 26
8.7. XML Sub-Namespace Registration for urn:ietf:params:xml:ns 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 26
:cpxmlsec:algorithms:gostr34102001-gostr3411 . . . . . . 31 6.1. Normative References . . . . . . . . . . . . . . . . . . 26
8.8. XML Sub-Namespace Registration for 6.2. Informative References . . . . . . . . . . . . . . . . . 28
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac- Appendix A. CPXMLSEC XML Schema . . . . . . . . . . . . . . . . 29
gostr34112012-256 . . . . . . . . . . . . . . . . . . . . 32 Appendix B. Test Examples . . . . . . . . . . . . . . . . . . . 31
8.9. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-
gostr34112012-512 . . . . . . . . . . . . . . . . . . . . 33
8.10. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-k
eyvalue . . . . . . . . . . . . . . . . . . . . . . . . . 34
8.11. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-k
eyvalue . . . . . . . . . . . . . . . . . . . . . . . . . 35
8.12. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyva
lue . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
8.13. XML schema registration . . . . . . . . . . . . . . . . . 37
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 37
9.1. Normative References . . . . . . . . . . . . . . . . . . 37
9.2. Informative References . . . . . . . . . . . . . . . . . 39
Appendix A. CPXMLSEC XML schema . . . . . . . . . . . . . . . . 40
Appendix B. Test Examples . . . . . . . . . . . . . . . . . . . 41
B.1. Signed XML document with GOST R 34.10-2012 algorithm and B.1. Signed XML document with GOST R 34.10-2012 algorithm and
256-bit hash code in DigestMethod element . . . . . . . . 41 256-bit hash code in DigestMethod element . . . . . . . . 31
B.2. Signed XML document with GOST R 34.10-2012 algorithm and B.2. Signed XML document with GOST R 34.10-2012 algorithm and
512-bit hash code in DigestMethod element . . . . . . . . 43 512-bit hash code in DigestMethod element . . . . . . . . 33
B.3. Signed XML document with GOST R 34.10-2001 algorithm in B.3. Signed XML document with GOST R 34.10-2001 algorithm in
SignatureMethod element . . . . . . . . . . . . . . . . . 46 SignatureMethod element . . . . . . . . . . . . . . . . . 36
B.4. Signed XML document with X.509 certificate in KeyInfo B.4. Signed XML document with X.509 certificate in KeyInfo
element . . . . . . . . . . . . . . . . . . . . . . . . . 49 element . . . . . . . . . . . . . . . . . . . . . . . . . 38
B.5. Signed XML document with GOST R 34.10-2012 algorithm and B.5. Signed XML document with GOST R 34.10-2012 algorithm and
256-bit verification key in DEREncodedKeyValue . . . . . 52 256-bit public key in DEREncodedKeyValue . . . . . . . . 41
Appendix C. Acknowledgments . . . . . . . . . . . . . . . . . . 55 Appendix C. Acknowledgments . . . . . . . . . . . . . . . . . . 44
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 55 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44
1. Introduction 1. Introduction
This document specifies new identifiers (see Section 7.1) of the This document specifies identifiers (see Section 3) for the following
following Russian signature and hash algorithms (called GOST Russian digital signature and hash algorithms (GOST algorithms):
algorithms):
o the GOST 34.11-2012 [GOST3411-2012] hash algorithm (the English * GOST 34.11-2012 [GOST3411-2012] hash algorithm (the English
version can be found in [RFC6986]), version can be found in [RFC6986]),
o the GOST 34.10-2012 [GOST3410-2012] signature algorithm (the * GOST 34.10-2012 [GOST3410-2012] digital signature algorithm (the
English version can be found in [RFC7091]). English version can be found in [RFC7091]).
This document specifies new identifiers (see Section 7.2) of the This document specifies identifiers (see Section 3.3) for GOST-based
following Russian HMAC algorithms (called HMAC algorithms): HMAC transformations defined in the R 50.1.113-2016 [R501113-2016]
(the English version can be found in [RFC7836]).
o the R 50.1.113-2016 [R501113-2016] HMAC algorithms (the English These identifiers are meant to use in XML Digital Signature Syntax
version can be found in [RFC7836]). (see [XMLDSIG]).
In addition, this document specifies new ways of the key material In addition, new methods of carrying GOST-based key material within
placement within XML document and namespace identifiers, prefixes and XML documents are defined (see Section 4).
XML schema definitions.
2. Conventions Used in This Document Also included are namespace identifiers, prefixes and XML schema
definition required to make specification complete (see Section 2).
1.1. Requirements language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
3. Basic Terms and Definitions 2. XML Namespaces and Prefixes
This document uses the following terms and definitions:
XML document electronic document written in Extensible Markup
Language (XML);
XML schema XML document structure description;
XML element part of an XML document from the element start tag to
the element end tag;
XML schema definition part of an XML schema describing particular
element (element name and type);
XML namespace namespace describing XML schema elements and providing
their unicity;
XML prefix set of letters placed at the beginning of an XML element
or his type to exclude the collision of equivalent elements
from different namespaces;
XML attribute part of an XML element consisting of attribute name
and its value;
hash-based message authentication code (HMAC)
a function for calculating a message authentication
code, based on a hash function in accordance with
[RFC2104];
verification key element of data mathematically linked to the
signature key data element that is used by the verifier
during the digital signature verification process
[RFC7091];
signature key element of secret data that is specific to the
subject and used only by this subject during the
signature generation process [RFC7091].
Note: For brevity, the terms "XML element" and "element", "XML
attribute" and "attribute", "XML prefix" and "prefix" are synonymous.
4. Structure of the document
The XML namespaces, prefixes and identifiers are defined in
Section 5.
The ds:Signature element is described in Section 6. This element
includes XML document signature value, used algorithms identifiers
and other parameters, which are used to generate the signature value.
Also, this element MAY include the HMAC value and algorithms
identifiers which are used to support HMAC algorithms. The
ds:Signature element is described by the following XML schemas
(defined in Table 1 of Section 5): DS schema, DSIG11 schema and
CPXMLSEC schema.
The CPXMLSEC schema is a new schema defined in this document and
extends the DS schema in order to support GOST algorithms. The
CPXMLSEC schema elements uses XS schema elements (see [XMLSCHEMA-1]
and [XMLSCHEMA-2]). The DS schema and DSIG11 schema definitions are
described in accordance with [XMLDSIG].
Note: In case of using HMAC the name of the ds:Signature element
doesn't represent content type to avoid elements duplication and
optimize XML digital signature structure. HMAC algorithm identifier
and HMAC value MUST be included in ds:SignatureMethod and
ds:SignatureValue respectively.
Note: In this document, some elements inside the comments of XML
schema definition are avoided since GOST and HMAC algorithms are not
used in these elements. The XML schema comments are not semantical,
that is why DS schema and DSIG11 schema definitions in this document
are equivalent to [XMLDSIG].
The requirements for the elements described in Section 6 are listed
in Section 7:
1. Section 7.1 contains requirements for the elements representation
during the signature generation and verification processes.
2. Section 7.2 contains requirements for the elements during the
HMAC calculation process.
3. Section 7.3 contains requirements for the elements during the key
material specifying in signed XML document.
5. XML namespaces and prefixes
This document uses XML elements from four different XML schemas. This document uses XML elements from four different XML schemas (see
Every XML schema is assigned to one XML namespace. The following Table 1). Every XML schema is assigned to one XML namespace. The
general XML namespace identifier MUST be used as targetNamespace in following XML namespace identifier MUST be used as targetNamespace in
the XML schema header: the XML schema preamble:
urn:ietf:params:xml:ns:cpxmlsec urn:ietf:params:xml:ns:cpxmlsec
The other XML namespaces are external. Their identifiers MUST be The other XML namespaces are external. Their identifiers are
specified in XML schema header. specified in XML schema preamble in corresponding attributes.
Note: XML schema is explicitly specified by the XML namespace Table 1 lists full set of XML namespaces used in this document,
identifier (see Table 1). identifiers and assigned prefixes. Table 1 also defines
abbreviations for corresponding XML schemas.
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
| XML schema name | XML namespace identifier | Prefix | Reference | | XML schema name | XML namespace identifier | Prefix | Reference |
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
| DS schema | http://www.w3.org/2000/09/xmldsig# | ds | XMLDSIG | | DS schema | http://www.w3.org/2000/09/xmldsig# | ds | [XMLDSIG] |
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
| DSIG11 schema | http://www.w3.org/2009/xmldsig11# | dsig11 | XMLDSIG | | DSIG11 schema | http://www.w3.org/2009/xmldsig11# | dsig11 | [XMLDSIG] |
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
| XS schema | http://www.w3.org/2001/XMLSchema | xs | XMLSCHEMA-1 | | XS schema | http://www.w3.org/2001/XMLSchema | xs | [XMLSCHEMA-1]|
| | | | XMLSCHEMA-2 | | | | | [XMLSCHEMA-2]|
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
| CPXMLSEC schema | urn:ietf:params:xml:ns:cpxmlsec | cpxmlsec | This document | | CPXMLSEC schema | urn:ietf:params:xml:ns:cpxmlsec | cpxmlsec | This document |
+-----------------+------------------------------------+----------+---------------+ +-----------------+------------------------------------+----------+---------------+
Table 1 Table 1
Note: The XS schema definitions are assistive and it is unnecessary
for describing it in this document.
Any element or attribute whose name starts with the prefix from the Any element or attribute whose name starts with the prefix from the
Table 1 is considered to be in the corresponding XML schema. The Table 1 is considered to belong to the corresponding XML schema.
full definition of any XML schema is defined in the document This document uses prefixes to prevent possible collisions with
referenced in the "Reference" column of the Table 1. This document elements of same names from different namespaces. Chosen prefixes
uses prefixes to exclude the collision of equivalent elements from have no special meaning and MAY be replaced by others.
different namespaces (see Table 1). The prefixes are no semantical
and MAY be replaced by others. Namespaces and prefixes MUST have no
line breaks and space characters.
The example of CPXMLSEC schema header: The CPXMLSEC schema extends DS schema to support GOST algorithms.
The CPXMLSEC schema uses XS schema elements (see [XMLSCHEMA-1] and
[XMLSCHEMA-2]). The DS schema and DSIG11 schema definitions are
described in accordance with [XMLDSIG].
The subsequent CPXMLSEC schema preamble is to be used with XML Schema
definitions given in the remaining sections of this document.
<xs:schema <xs:schema
xmlns:cpxmlsec="urn:ietf:params:xml:ns:cpxmlsec" xmlns:cpxmlsec="urn:ietf:params:xml:ns:cpxmlsec"
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:dsig11="http://www.w3.org/2009/xmldsig11#" xmlns:dsig11="http://www.w3.org/2009/xmldsig11#"
targetNamespace="urn:ietf:params:xml:ns:cpxmlsec" targetNamespace="urn:ietf:params:xml:ns:cpxmlsec"
elementFormDefault="qualified" elementFormDefault="qualified"
version="0.4"> version="0.4">
6. The Signature element schema definition 3. Using GOST Algorithms to Construct an XML Digital Signature Elements
The ds:Signature element is the root element of an XML signature. It
contains the following values:
o for digital signature: signature value, information about
algorithms and other parameters, which are used to generate the
signature value.
o for HMAC: HMAC value and HMAC algorithm identifier.
The ds:Signature element contains the following descendants:
o The ds:SignedInfo element (Section 6.1). This element contains
information about algorithms and other parameters.
o The ds:SignatureValue element (Section 6.2). This element
includes the signature value or the HMAC value.
o The ds:KeyInfo element (Section 6.3). This element contains
information about verification key and its value or information
about HMAC symmetric key location.
o The ds:Object element. This element MAY contain data to be signed
or authenticated.
The ds:Signature element is described by the following XML schema
definition.
<xs:element name="Signature" type="ds:SignatureType"/>
<xs:complexType name="SignatureType"> 3.1. Hash Algorithm in DigestMethod Element
<xs:sequence>
xs:element ref="ds:SignedInfo"/>
<xs:element ref="ds:SignatureValue"/>
<xs:element ref="ds:KeyInfo" minOccurs="0"/>
<xs:element ref="ds:Object" minOccurs="0"
maxOccurs="unbounded"
/>
</xs:sequence>
<xs:attribute name="Id" type="ID" use="optional"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:Signature element full 3.1.1. GOST R 34.11-2012 Algorithm with 256-bit Hash Code in
definition. DigestMethod Element
6.1. The SignedInfo element For GOST R 34.11-2012 algorithm with 256-bit hash code the following
identifier MUST be used:
The ds:SignedInfo element is a descendant of ds:Signature element. urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
It contains information about algorithms and other parameters, which
are used to generate the signature or the HMAC value. The
ds:SignedInfo element contains the following descendants:
o The ds:SignatureMethod element (Section 6.1.1). This element The following sample includes GOST R 34.11-2012 algorithm with
specifies the algorithm used for signature or HMAC generation. 256-bit hash code in ds:DigestMethod element:
o The ds:Reference element (Section 6.1.2). This element describes <ds:DigestMethod Algorithm=
data to be transformed. "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" />
o The ds:CanonicalizationMethod element. This element specifies the The hash code MUST be represented in little-endian and base64-encoded
canonicalization algorithm applied to the ds:SignedInfo element. [RFC4648], then it is included in the ds:DigestValue element (see
Section 4.4.3.6 of [XMLDSIG]).
The ds:SignedInfo element is described by the following XML schema 3.1.2. GOST R 34.11-2012 Algorithm with 512-bit Hash Code in
definition. DigestMethod Element
<xs:element name="SignedInfo" type="ds:SignedInfoType"/> For GOST R 34.11-2012 algorithm with 512-bit hash code the following
identifier MUST be used:
<xs:complexType name="SignedInfoType"> urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
<xs:sequence>
<xs:element ref="ds:CanonicalizationMethod"/>
<xs:element ref="ds:SignatureMethod"/>
<xs:element ref="ds:Reference" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="Id" type="ID" use="optional"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:SignedInfo element full The following sample includes GOST R 34.11-2012 algorithm with
definition. 512-bit hash code in the ds:DigestMethod element:
6.1.1. The SignatureMethod element <ds:DigestMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512" />
The ds:SignatureMethod element is a descendant of ds:SignedInfo The hash code MUST be represented in little-endian and base64-encoded
element. It specifies the algorithm used for signature generation [RFC4648], then it is included in the ds:DigestValue element (see
and verification, or HMAC calculation. The identifier of the Section 4.4.3.6 of [XMLDSIG]).
algorithm MUST be included in the "Algorithm" attribute.
GOST algorithms identifiers are described in Section 7.1.2. 3.1.3. GOST R 34.11-94 Algorithm in DigestMethod Element
HMAC algorithms identifiers are described in Section 7.2. The following identifier MUST be used for GOST R 34.11-94 algorithm
to provide backward compatibility:
The ds:SignatureMethod element is described by the following XML urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
schema definition.
<xs:element name="SignatureMethod" type="ds:SignatureMethodType"/> The ds:DigestMethod element MAY include a descendant element named
cpxmlsec:NamedParameters to specify hash algorithm parameters.
<xs:complexType name="SignatureMethodType" mixed="true"> If present, hash algorithm parameters MUST be included in the "URI"
<xs:sequence> attribute of the cpxmlsec:NamedParameters element. Parameters are
<xs:element name="HMACOutputLength" minOccurs="0" indicated by OIDs and MUST be formatted in accordance with [RFC3061].
type="ds:HMACOutputLengthType"/> OIDs defined in section 8.2 of [RFC4357] MAY be used.
<xs:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) external namespace -->
</xs:sequence>
<xs:attribute name="Algorithm" type="anyURI" use="required"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:SignatureMethod element full If the cpxmlsec:NamedParameters element is not included, id-
definition. GostR3411-94-CryptoProParamSet (see [RFC4357]) MUST be presumed.
6.1.2. The Reference element The cpxmlsec:NamedParameters element is described by the following
XML schema definition:
The ds:Reference element is a descendant of ds:SignedInfo element. <xs:element name="NamedParameters"
It MAY contain "Id", "URI" and "Type" attributes to specify the type="cpxmlsec:NamedParametersType" />
transformed data. The ds:Reference element contains the following
descendants:
o The ds:Transforms element. This element contains an ordered list The following sample includes GOST R 34.11-94 algorithm in the
of the data transforms specified in ds:Reference element ds:DigestMethod element:
attributes.
o The ds:DigestMethod element (Section 6.1.2.1). This element <ds:DigestMethod Algorithm=
identifies the hash algorithm to be applied to the data specified "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411">
in ds:Reference element attributes. <!-- id-GostR3411-94-CryptoProParamSet -->
<cpxmlsec:NamedParameters URI="urn:oid:1.2.643.2.2.30.1" />
</ds:DigestMethod>
o The ds:DigestValue element (Section 6.1.2.2). This element The hash code MUST be represented in little-endian and base64-encoded
includes the hash value of the data specified in ds:Reference [RFC4648], then it is included in the ds:DigestValue element (see
element attributes. Section 4.4.3.6 of [XMLDSIG]).
The ds:Reference element is described by the following XML schema 3.2. Signature Algorithm in SignatureMethod Element
definition.
<xs:element name="Reference" type="ds:ReferenceType"/> 3.2.1. GOST R 34.10-2012 Algorithm with 256-bit Key in SignatureMethod
Element
<xs:complexType name="ReferenceType"> For GOST R 34.10-2012 algorithm with 256-bit private key the
<xs:sequence> following identifier MUST be used (without line break in the
<xs:element ref="ds:Transforms" minOccurs="0"/> identifier):
<xs:element ref="ds:DigestMethod"/>
<xs:element ref="ds:DigestValue"/>
</xs:sequence>
<xs:attribute name="Id" type="ID" use="optional"/>
<xs:attribute name="URI" type="anyURI" use="optional"/>
<xs:attribute name="Type" type="anyURI" use="optional"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:Reference element full urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
definition. 256
6.1.2.1. The DigestMethod element The following sample includes GOST R 34.10-2012 algorithm with
256-bit private key in the ds:SignatureMethod element (without line
break in the attribute value):
The ds:DigestMethod element is a descendant of ds:Reference element. <ds:SignatureMethod Algorithm=
This element identifies the hash algorithm to be applied to the data "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-
specified in ds:Reference element attributes. The identifier of the gostr34112012-256" />
used hash algorithm MUST be included in the "Algorithm" attribute.
The DigestMethod element is described by the following XML schema Digital signature value MUST be represented in accordance with
definition. [R1323565.1.023-2018] and base64-encoded [RFC4648], then it is
included in the ds:SignatureValue element (see Section 4.3 of
[XMLDSIG]).
<xs:element name="DigestMethod" type="ds:DigestMethodType"/> 3.2.2. GOST R 34.10-2012 Algorithm with 512-bit Key in SignatureMethod
Element
<xs:complexType name="DigestMethodType" mixed="true"> For GOST R 34.10-2012 algorithm with 512-bit private key the
<xs:sequence> following identifier MUST be used (without line break in the
<xs:any namespace="##other" processContents="lax" identifier):
minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
<xs:attribute name="Algorithm" type="anyURI" use="required"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:DigestMethod element full urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
definition. 512
6.1.2.2. DigestValue element The following sample includes GOST R 34.10-2012 algorithm with
512-bit private key in the ds:SignatureMethod element (without line
break in the attribute value):
The ds:DigestValue element is a descendant of ds:Reference element. <ds:SignatureMethod Algorithm=
This element includes the hash value of data specified in "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-
ds:Reference element attributes. The hash value MUST be represented gostr34112012-512" />
in accordance with Section 7.1.1.
The ds:DigestValue element is described by the following XML schema Digital signature value MUST be represented in accordance with
definition. [R1323565.1.023-2018] and base64-encoded [RFC4648], then it is
included in ds:SignatureValue element (see Section 4.3 of [XMLDSIG]).
<xs:element name="DigestValue" type="ds:DigestValueType"/> 3.2.3. GOST R 34.10-2001 Algorithm in SignatureMethod Element
<xs:simpleType name="DigestValueType"> The following identifier MUST be used for GOST R 34.10-2001 algorithm
<xs:restriction base="base64Binary"/> to provide backward compatibility:
</xs:simpleType>
6.2. The SignatureValue element urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
The ds:SignatureValue element is a descendant of ds:Signature The following sample includes GOST R 34.10-2001 algorithm in the
element. This element includes the XML document signature value or ds:SignatureMethod element:
the HMAC value.
In case of GOST algorithms signature value MUST be represented in <ds:SignatureMethod Algorithm=
accordance with Section 7.1.2. "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411"
/>
In case of HMAC algorithms the HMAC value MUST be represented in Digital signature value MUST be represented in accordance with
accordance with Section 7.2. [R1323565.1.023-2018] and base64-encoded [RFC4648], then it is
included in the ds:SignatureValue element (see Section 4.3 of
[XMLDSIG]).
The ds:SignatureValue element is described by the following XML 3.3. HMAC Algorithm in SignatureMethod Element
schema definition.
<xs:element name="SignatureValue" type="ds:SignatureValueType" /> GOST R 34.11-2012 algorithm MAY be used in HMAC mechanism in
accordance with section 6.3.1 [XMLDSIG] and section 4.1.1
[R501113-2016].
<xs:complexType name="SignatureValueType"> 3.3.1. GOST R 34.11-2012 algorithm with 256-bit key in SignatureMethod
<xs:simpleContent> Element
<xs:extension base="base64Binary">
<xs:attribute name="Id" type="ID" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:SignatureValue element full
definition.
6.3. The KeyInfo element For GOST R 34.11-2012 algorithm with 256-bit hash code the following
identifier MUST be used:
The ds:KeyInfo element is a descendant of ds:Signature element. This urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256
element contains information about verification key and its value or
information about HMAC symmetric key location.
In case of verification key is passed in XML document the following The following sample includes GOST R 34.11-2012 algorithm with
descendants MAY be included in the KeyInfo element: 256-bit hash code in the ds:SignatureMethod element:
o The ds:KeyValue element (Section 6.3.1). This element contains <ds:SignatureMethod Algorithm=
the verification key and its parameters. "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256"
/>
o The ds:RetrievalMethod element (Section 6.3.2). This element The HMAC_GOSTR3411_2012_256 algorithm result (section 4.1.1
identifies verification key location if the key is stored at [R501113-2016]) MUST be represented in little-endian and
external location. base64-encoded [RFC4648], then it is included in the
ds:SignatureValue element (see Section 4.3 of [XMLDSIG]).
o The ds:X509Data element (Section 6.3.3). This element includes 3.3.2. GOST R 34.11-2012 algorithm with 512-bit key in SignatureMethod
X.509 certificate ([RFC5280]) with verification key. Element
o Note: The Russian version of [RFC5280] can be found in For GOST R 34.11-2012 algorithm with 512-bit hash code the following
[R1323565.1.023-2018]. It MUST be used as guidelines on GOST identifier MUST be used:
algorithms.
o The dsig11:DEREncodedKeyValue element (Section 6.3.4). This urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512
element contains the verification key and its parameters.
Note: Both ds:KeyValue and dsig11:DEREncodedKeyValue elements MAY be The following sample includes GOST R 34.11-2012 algorithm with
used for specifying the verification key and its parameters. These 512-bit hash code in the ds:SignatureMethod element:
elements use different semantic for the verification key specifying:
in case of ds:KeyValue element the verification key and its
parameters are passed in descendant elements; in case of the
dsig11:DEREncodedKeyValue element the verification key and its
parameters are passed in the SubjectPublicKeyInfo structure
[R1323565.1.023-2018].
In the case of HMAC symmetric key the ds:RetrievalMethod element <ds:SignatureMethod Algorithm=
(Section 6.3.2) MUST be used. "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512"
/>
The ds:KeyInfo element is described by the following XML schema The HMAC_GOSTR3411_2012_512 algorithm result (section 4.1.2
definition. [R501113-2016]) MUST be represented in little-endian and
base64-encoded [RFC4648], then it is included in the
ds:SignatureValue element (see Section 4.3 of [XMLDSIG]).
<xs:element name="KeyInfo" type="ds:KeyInfoType"/> 4. Including GOST-based Key Material in XML Digital Signature
<xs:complexType name="KeyInfoType" mixed="true"> The information about GOST-based key material or HMAC symmetric key
<xs:choice maxOccurs="unbounded"> MAY be included in XML digital signature in any way in accordance
<xs:element ref="ds:KeyName"/> with [XMLDSIG]. In addition, this document defines new ways to
<xs:element ref="ds:KeyValue"/> enclose public keys of GOST algorithms: in descendants of the
<xs:element ref="ds:RetrievalMethod"/> dsig11:DEREncodedKeyValue element (see Section 4.5.9 of [XMLDSIG]),
<xs:element ref="ds:X509Data"/> in the ds:KeyValue element (see Section 4.2) and using the "Type"
<xs:element ref="ds:PGPData"/> atrribute of the ds:RetrievalMethod element (see Section 4.3).
<xs:element ref="ds:SPKIData"/>
<xs:element ref="ds:MgmtData"/>
<!-- <xs:element ref="dsig11:DEREncodedKeyValue"/> -->
<!-- DEREncodedKeyValue (XMLDsig 1.1) will use the any element -->
<xs:any processContents="lax" namespace="##other"/>
<!-- (1,1) elements from (0,unbounded) namespaces -->
</xs:choice>
<xs:attribute name="Id" type="ID" use="optional"/>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:KeyInfo element full definition. 4.1. Public Key in DEREncodedKeyValue Element
6.3.1. The KeyValue element The dsig11:DEREncodedKeyValue element is a descendant of the
ds:KeyInfo (see Section 4.5 of [XMLDSIG]) element. To include the
public key and its parameters into the dsig11:DEREncodedKeyValue
element, the SubjectPublicKeyInfo structure MUST be used. This
structure MUST be encoded in accordance with [R1323565.1.023-2018].
Then this key material MUST be represented in accordance with
Section 4.5.9 of [XMLDSIG].
The ds:KeyValue element is a descendant of ds:KeyInfo element. This 4.2. Public Key in KeyValue Element
element contains the verification key and its parameters.
In case of GOST algorithms the following extra descendants MUST be The ds:KeyValue element is a descendant of the ds:KeyInfo (see
included in the KeyInfo element: Section 4.5 of [XMLDSIG]) element. This element contains the public
key and its parameters.
o the cpxmlsec:GOSTR34102012-256-KeyValue element; For GOST algorithms one of the following extra descendants MUST be
included in the ds:KeyValue element:
o the cpxmlsec:GOSTR34102012-256-KeyValue element; * cpxmlsec:GOSTR34102012-256-KeyValue element;
* cpxmlsec:GOSTR34102012-512-KeyValue element;
o the cpxmlsec:GOSTR34102001KeyValue element. * cpxmlsec:GOSTR34102001KeyValue element.
The ds:KeyValue element is described by the following XML schema The extended ds:KeyValue element is described by the following XML
definition. schema definition:
<xs:element name="KeyValue" type="ds:KeyValueType" /> <xs:element name="KeyValue" type="ds:KeyValueType" />
<xs:complexType name="KeyValueType" mixed="true"> <xs:complexType name="KeyValueType" mixed="true">
<xs:choice> <xs:choice>
<xs:element ref="ds:DSAKeyValue"/> <xs:element ref="ds:DSAKeyValue"/>
<xs:element ref="ds:RSAKeyValue"/> <xs:element ref="ds:RSAKeyValue"/>
<!-- <xs:element ref="cpxmlsec:GOSTR34102012-256-KeyValue "/> <!-- <xs:element ref="cpxmlsec:GOSTR34102012-256-KeyValue "/>
<xs:element ref="cpxmlsec:GOSTR34102012-512-KeyValue "/> <xs:element ref="cpxmlsec:GOSTR34102012-512-KeyValue "/>
<xs:element ref="cpxmlsec:GOSTR34102001KeyValue "/> --> <xs:element ref="cpxmlsec:GOSTR34102001KeyValue "/> -->
<!-- cpxmlsec:GOSTR34102012-256-KeyValue, <!-- cpxmlsec:GOSTR34102012-256-KeyValue,
cpxmlsec:GOSTR34102012-512-KeyValue, cpxmlsec:GOSTR34102012-512-KeyValue,
cpxmlsec:GOSTR34102001KeyValue will use the any element --> cpxmlsec:GOSTR34102001KeyValue will use the any element -->
<xs:any namespace="##other" processContents="lax"/> <xs:any namespace="##other" processContents="lax"/>
</xs:choice> </xs:choice>
</xs:complexType> </xs:complexType>
Please refer to [XMLDSIG] for the ds:KeyValue element full Each of cpxmlsec:GOSTR34102012-256-KeyValue,
definition.
6.3.1.1. The GOSTR34102012-256-KeyValue, GOSTR34102012-512-KeyValue and
GOSTR34102001KeyValue elements
The cpxmlsec:GOSTR34102012-256-KeyValue,
cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:GOSTR34102012-512-KeyValue and
cpxmlsec:GOSTR34102001KeyValue elements are a descendants of cpxmlsec:GOSTR34102001KeyValue elements have
ds:KeyValue element. Each of these elements has cpxmlsec:GOSTKeyValueType type (see schema definition below) and MUST
cpxmlsec:GOSTKeyValueType type and MUST contain the following contain the following descendants:
descendants:
o the cpxmlsec:NamedCurve element - contains the elliptic curve * cpxmlsec:NamedCurve element - contains an elliptic curve
identifier; identifier;
o the cpxmlsec:PublicKey element - contains the verification key. * cpxmlsec:PublicKey element - contains a public key.
The cpxmlsec:NamedCurve and cpxmlsec:PublicKey elements belong to Each of cpxmlsec:NamedCurve and cpxmlsec:PublicKey elements belong to
cpxmlsec namespace. The cpxmlsec namespace identifier is described cpxmlsec namespace. The cpxmlsec:NamedCurve element has
in Section 5. The cpxmlsec:NamedCurve element has
dsig11:NamedCurveType type. The cpxmlsec:PublicKey element has dsig11:NamedCurveType type. The cpxmlsec:PublicKey element has
dsig11:ECPointType type. Both types belong to DSIG11 schema dsig11:ECPointType type. Both types belong to DSIG11 schema
[XMLDSIG]. [XMLDSIG].
The cpxmlsec:GOSTR34102012-256-KeyValue, Each of cpxmlsec:GOSTR34102012-256-KeyValue,
cpxmlsec:GOSTR34102012-512-KeyValue and
cpxmlsec:GOSTR34102001KeyValue elements data MUST be represented in
accordance with Section 7.3.2-Section 7.3.4.
The cpxmlsec:GOSTR34102012-256-KeyValue,
cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:GOSTR34102012-512-KeyValue and
cpxmlsec:GOSTR34102001KeyValue elements are described by the cpxmlsec:GOSTR34102001KeyValue elements are described by the
following XML schema definition. following XML schema definition:
<xs:element name="GOSTR34102012-256-KeyValue" <xs:element name="GOSTR34102012-256-KeyValue"
type="cpxmlsec:GOSTKeyValueType" /> type="cpxmlsec:GOSTKeyValueType" />
<xs:element name="GOSTR34102012-512-KeyValue" <xs:element name="GOSTR34102012-512-KeyValue"
type="cpxmlsec:GOSTKeyValueType" /> type="cpxmlsec:GOSTKeyValueType" />
<xs:element name="GOSTR34102001KeyValue" <xs:element name="GOSTR34102001KeyValue"
type="cpxmlsec:GOSTKeyValueType" /> type="cpxmlsec:GOSTKeyValueType" />
<xs:complexType name="GOSTKeyValueType"> <xs:complexType name="GOSTKeyValueType">
<xs:sequence> <xs:sequence>
<xs:element name="NamedCurve" <xs:element name="NamedCurve"
type="dsig11:NamedCurveType" /> type="dsig11:NamedCurveType" />
<xs:element name="PublicKey" <xs:element name="PublicKey"
type="dsig11:ECPointType" /> type="dsig11:ECPointType" />
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
6.3.2. The RetrievalMethod element Each of cpxmlsec:GOSTR34102012-256-KeyValue,
cpxmlsec:GOSTR34102012-512-KeyValue and
The ds:RetrievalMethod element is a descendant of ds:KeyInfo element. cpxmlsec:GOSTR34102001KeyValue elements MUST be represented in
This element identifies the verification or symmetric key location if accordance with Section 4.2.1-Section 4.2.3.
the key is stored at external location. The verification or
symmetric key MUST be included in "URI" and "Type" attributes.
The ds:RetrievalMethod element MUST contain the descendant
ds:Transforms element. The ds:Transforms element identifies data
transforms specified in ds:RetrievalMethod element attributes.
The ds:RetrievalMethod element is described by the following XML
schema definition.
<xs:element name="RetrievalMethod" type="ds:RetrievalMethodType" />
<xs:complexType name="RetrievalMethodType">
<xs:sequence>
<xs:element ref="ds:Transforms" minOccurs="0" />
</xs:sequence>
<xs:attribute name="URI" type="anyURI" />
<xs:attribute name="Type" type="anyURI" use="optional" />
</xs:complexType>
Please refer to [XMLDSIG] for the ds:RetrievalMethod and
ds:Transforms elements full definition.
6.3.3. The X509Data element
The ds:X509Data element is a descendant of ds:KeyInfo element. This
element includes the X.509 certificate with the verification key
[RFC5280], which are used to generate the signature value, or
information about it.
The ds:X509Data element is described by the following XML schema
definition.
<xs:element name="X509Data" type="ds:X509DataType"/>
<xs:complexType name="X509DataType">
<xs:sequence maxOccurs="unbounded">
<xs:choice>
<xs:element name="X509IssuerSerial"
type="ds:X509IssuerSerialType"/>
<xs:element name="X509SKI" type="base64Binary"/>
<xs:element name="X509SubjectName" type="string"/>
<xs:element name="X509Certificate" type="base64Binary"/>
<xs:element name="X509CRL" type="base64Binary"/>
<!-- < xs:element ref="dsig11:X509Digest"/> -->
<!-- The X509Digest element (XMLDSig 1.1) will use the any
element -->
<xs:any namespace="##other" processContents="lax"/>
</xs:choice>
</xs:sequence>
</xs:complexType>
Please refer to [XMLDSIG] for the ds:X509Data element full
definition.
6.3.4. The DEREncodedKeyValue element
The dsig11:DEREncodedKeyValue element is an extension of ds:KeyInfo
element schema. This element contains the verification key and its
parameters. Data included in dsig11:DEREncodedKeyValue MUST be
represented in accordance with Section 7.3.1.
The dsig11:DEREncodedKeyValue element is described by the following
XML schema definition.
<!-- targetNamespace="http://www.w3.org/2009/xmldsig11#" -->
<xs:element name="DEREncodedKeyValue"
type="dsig11:DEREncodedKeyValueType" />
<xs:complexType name="DEREncodedKeyValueType">
<xs:simpleContent>
<xs:extension base="base64Binary">
<xs:attribute name="Id" type="ID" use="optional"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
Please refer to [XMLDSIG] for the dsig11:DEREncodedKeyValue element
full definition.
7. Guidelines on the GOST algorithms
This section defines the requirements for the elements (see
Section 6) content are intended to use GOST and HMAC algorithms.
7.1. GOST algorithms to create an XML document signature
7.1.1. Hash algorithm in DigestMethod element
7.1.1.1. GOST R 34.11-2012 algorithm with 256-bit hash code in
DigestMethod element
In case of GOST R 34.11-2012 algorithm with 256-bit hash code the
following identifier MUST be used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
Test example for GOST R 34.11-2012 algorithm with 256-bit hash code
in ds:DigestMethod element:
<ds:DigestMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" />
The hash code MUST be represented in little-endian byte order and
base64-encoded [RFC4648]. This string MUST be included in
ds:DigestValue element (see Section 6.1.2.2).
7.1.1.2. GOST R 34.11-2012 algorithm with 512-bit hash code in
DigestMethod element
In case of GOST R 34.11-2012 algorithm with 512-bit hash code the
following identifier MUST be used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
Test example for GOST R 34.11-2012 algorithm with 512-bit hash code
in ds:DigestMethod element:
<ds:DigestMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512" />
The hash code MUST be represented in little-endian byte order and
base64-encoded [RFC4648]. This string MUST be included in
ds:DigestValue element (see Section 6.1.2.2).
7.1.1.3. GOST R 34.11-94 algorithm in DigestMethod element
In case of GOST R 34.11-94 algorithm the following identifier MUST be
used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
The ds:DigestMethod element MAY include a descendant element named
cpxmlsec:NamedParameters to specify hash algorithm parameters.
Hash algorithm parameters MUST be included in the "URI" attribute of
cpxmlsec:NamedParameters element. In case of OIDs hash algorithm
parameters SHOULD be assigned in accordance with [RFC3061]. OID's
defined in section 8.2 of [RFC4357] MAY be used.
Parameter set id-GostR3411-94-CryptoProParamSet [RFC4357] MUST be
used if cpxmlsec:NamedParameters element does not exist.
The cpxmlsec:NamedParameters element is described by the following
XML schema definition.
<xs:element name="NamedParameters"
type="cpxmlsec:NamedParametersType" />
Test example for GOST R 34.11-94 algorithm in ds:DigestMethod
element:
<ds:DigestMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411">
<!-- id-GostR3411-94-CryptoProParamSet -->
<cpxmlsec:NamedParameters URI="urn:oid:1.2.643.2.2.30.1" />
</ds:DigestMethod>
The hash code MUST be represented in little-endian byte order and
base64-encoded [RFC4648]. This string MUST be included in
ds:DigestValue element (see Section 6.1.2.2).
7.1.2. Signature algorithm in SignatureMethod element
7.1.2.1. GOST R 34.10-2012 algorithm with 256-bit key in
SignatureMethod element
In case of GOST R 34.10-2012 algorithm with 256-bit signature key the
following identifier MUST be used (without line break in the
identifier):
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
256
Test example for GOST R 34.10-2012 algorithm with 256-bit signature
key in ds:SignatureMethod element (without line break in the
attribute value):
<ds:SignatureMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-
gostr34112012-256" />
The signature value MUST be represented in accordance with
[R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
be included in ds:SignatureValue element (see Section 6.2).
7.1.2.2. GOST R 34.10-2012 algorithm with 512-bit key in
SignatureMethod element
In case of GOST R 34.10-2012 algorithm with 512-bit signature key the
following identifier MUST be used (without line break in the
identifier):
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
512
Test example for GOST R 34.10-2012 algorithm with 512-bit signature
key in ds:SignatureMethod element (without line break in the
attribute value):
<ds:SignatureMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-
gostr34112012-512" />
The signature value MUST be represented in accordance with
[R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
be included in ds:SignatureValue element (see Section 6.2).
7.1.2.3. GOST R 34.10-2001 algorithm in SignatureMethod element
In case of GOST R 34.10-2001 algorithm the following identifier MUST
be used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
Test example for GOST R 34.10-2001 algorithm in ds:SignatureMethod
element:
<ds:SignatureMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411"
/>
The signature value MUST be represented in accordance with
[R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
be included in ds:SignatureValue element (see Section 6.2).
7.2. GOST algorithms to calculate HMAC value
GOST R 34.11-2012 algorithm MAY be used as HMAC algorithm in
accordance with section 6.3.1 [XMLDSIG] and section 4.1.1
[R501113-2016].
7.2.1. GOST R 34.11-2012 algorithm with 256-bit key in SignatureMethod
element
In case of GOST R 34.11-2012 algorithm with 256-bit hash code the
following identifier MUST be used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256
Test example for GOST R 34.11-2012 algorithm with 256-bit hash code
in ds:SignatureMethod element:
<ds:SignatureMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256"
/>
The HMAC_GOSTR3411_2012_256 algorithm result (section 4.1.1
[R501113-2016]) MUST be represented in little-endian byte order and
base64-encoded [RFC4648]. This string MUST be included in
ds:SignatureValue element (see Section 6.2).
7.2.2. GOST R 34.11-2012 algorithm with 512-bit key in SignatureMethod
element
In case of GOST R 34.11-2012 algorithm with 512-bit hash code the
following identifier MUST be used:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512
Test example for GOST R 34.11-2012 algorithm with 512-bit hash code
in ds:SignatureMethod element:
<ds:SignatureMethod Algorithm=
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512"
/>
The HMAC_GOSTR3411_2012_512 algorithm result (section 4.1.2
[R501113-2016]) MUST be represented in little-endian byte order and
base64-encoded [RFC4648]. This string MUST be included in
ds:SignatureValue element (see Section 6.2).
7.3. The key material
This document defines new ways of the GOST algorithms verification
key specifying: in dsig11:DEREncodedKeyValue (Section 6.3.4) element
and in ds:KeyValue (Section 6.3.1) descendants. In addition, the
information about the key material MAY be specified in any way in
accordance with [XMLDSIG].
7.3.1. Verification key in DEREncodedKeyValue element
This section defines GOST R 34.10-2012 and GOST R 34.10-2001
verification key specifying in dsig11:DEREncodedKeyValue
(Section 6.3.4) element.
The verification key and its parameters MUST be included in
SubjectPublicKeyInfo structure and encoded in accordance with
[R1323565.1.023-2018].
Test example for the dsig11:DEREncodedKeyValue element:
<dsig11:DEREncodedKeyValue>
<!-- The verification key value -->
</dsig11:DEREncodedKeyValue>
7.3.2. GOST R 34.10-2012 256-bit verification key in
GOSTR34102012-256-KeyValue element
If the key is stored at external location, the following identifier
MUST be included in the "Type" attribute of ds:Reference or
ds:RetrievalMethod elements:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
If the key is included in XML document, it MUST be represented in 4.2.1. GOST R 34.10-2012 256-bit Public Key in
subjectPublicKey field of SubjectPublicKeyInfo structure GOSTR34102012-256-KeyValue Element
[R1323565.1.023-2018] without OCTET STRING and DER encoding. This
string MUST be base64-encoded [RFC4648] and included in the
cpxmlsec:GOSTR34102012-256-KeyValue element similar to the
ds:RSAKeyValue [XMLDSIG]. (The cpxmlsec:GOSTR34102012-256-KeyValue
element is an descendant of the cpxmlsec:PublicKey element). The XML
schema of the cpxmlsec:GOSTR34102012-256-KeyValue and
cpxmlsec:PublicKey elements is defined in Section 6.3.1.1.
The elliptic curve identifier (verification key parameters) MUST be The elliptic curve identifier (public key parameters) MUST be
included in the "URI" attribute of the cpxmlsec:NamedCurve element included in the "URI" attribute of the cpxmlsec:NamedCurve element
(see Section 6.3.1.1). In case of OIDs verification key parameters (see Section 4.2). In case of public key parameters described by
SHOULD be assigned in accordance with [RFC3061]. OID identifiers for OIDs they SHOULD be represented in accordance with [RFC3061]. OID
GOST algorithms are defined in [R1323565.1.023-2018]. identifiers for GOST algorithms are defined in [R1323565.1.023-2018].
Test example for cpxmlsec:GOSTR34102012-256-KeyValue element: The public key MUST be included in the
cpxmlsec:GOSTR34102012-256-KeyValue element. It MUST be represented
in the same way as subjectPublicKey field of SubjectPublicKeyInfo
structure [R1323565.1.023-2018] without enclosing in OCTET STRING and
DER encoding. This string MUST be base64-encoded [RFC4648] and
included in the cpxmlsec:GOSTR34102012-256-KeyValue element similar
to the ds:RSAKeyValue (see [XMLDSIG]). The XML schema of
cpxmlsec:GOSTR34102012-256-KeyValue and cpxmlsec:PublicKey elements
is defined in Section 4.2.
The following sample includes key material in the
cpxmlsec:GOSTR34102012-256-KeyValue element:
<cpxmlsec:GOSTR34102012-256-KeyValue> <cpxmlsec:GOSTR34102012-256-KeyValue>
<!-- id-GostR3410-2001-CryptoPro-A-ParamSet --> <!-- id-tc26-gost-3410-2012-256-paramSetA -->
<cpxmlsec:NamedCurve URI="urn:oid:1.2.643.2.2.35.1" /> <cpxmlsec:NamedCurve URI="urn:oid:1.2.643.7.1.2.1.1.1" />
<cpxmlsec:PublicKey> <cpxmlsec:PublicKey>
<!-- The verification key value --> <!-- The public key value -->
</cpxmlsec:PublicKey> </cpxmlsec:PublicKey>
</cpxmlsec:GOSTR34102012-256-KeyValue> </cpxmlsec:GOSTR34102012-256-KeyValue>
7.3.3. GOST R 34.10-2012 512-bit verification key in 4.2.2. GOST R 34.10-2012 512-bit Public Key in
GOSTR34102012-512-KeyValue element GOSTR34102012-512-KeyValue Element
If the key is stored at external location, the following identifier
MUST be included in the "Type" attribute of ds:Reference or
ds:RetrievalMethod elements:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
If the key is included in XML document, it MUST be represented in
subjectPublicKey field of SubjectPublicKeyInfo structure
[R1323565.1.023-2018] without OCTET STRING and DER encoding. This
string MUST be base64-encoded [RFC4648] and included in the
cpxmlsec:GOSTR34102012-512-KeyValue element similar to the
ds:RSAKeyValue [XMLDSIG]. (The cpxmlsec:GOSTR34102012-512-KeyValue
element is an descendant of the cpxmlsec:PublicKey element). The XML
schema of the cpxmlsec:GOSTR34102012-512-KeyValue and
cpxmlsec:PublicKey elements is defined in Section 6.3.1.1.
The elliptic curve identifier (verification key parameters) MUST be The elliptic curve identifier (public key parameters) MUST be
included in the "URI" attribute of the cpxmlsec:NamedCurve element included in the "URI" attribute of the cpxmlsec:NamedCurve element
(see Section 6.3.1.1). In case of OIDs verification key parameters (see Section 4.2). In case of public key parameters described by
SHOULD be assigned in accordance with [RFC3061]. OID identifiers for OIDs they SHOULD be represented in accordance with [RFC3061]. OID
GOST algorithms are defined in [R1323565.1.023-2018]. identifiers for GOST algorithms are defined in [R1323565.1.023-2018].
Test example for cpxmlsec:GOSTR34102012-512-KeyValue element: The public key MUST be included in
cpxmlsec:GOSTR34102012-512-KeyValue element. It MUST be represented
in the same way as subjectPublicKey field of SubjectPublicKeyInfo
structure [R1323565.1.023-2018] without enclosing in OCTET STRING and
DER encoding. This string MUST be base64-encoded [RFC4648] and
included in the cpxmlsec:GOSTR34102012-512-KeyValue element similar
to the ds:RSAKeyValue (see [XMLDSIG]). The XML schema of
cpxmlsec:GOSTR34102012-512-KeyValue and cpxmlsec:PublicKey elements
is defined in Section 4.2.
The following sample includes key material in the
cpxmlsec:GOSTR34102012-512-KeyValue element:
<cpxmlsec:GOSTR34102012-512-KeyValue> <cpxmlsec:GOSTR34102012-512-KeyValue>
<!-- id-tc26-gost-3410-12-512-paramSetA --> <!-- id-tc26-gost-3410-12-512-paramSetA -->
<cpxmlsec:NamedCurve URI="urn:oid:1.2.643.7.1.2.1.2.1" /> <cpxmlsec:NamedCurve URI="urn:oid:1.2.643.7.1.2.1.2.1" />
<cpxmlsec:PublicKey> <cpxmlsec:PublicKey>
<!-- The verification key value --> <!-- The public key value -->
</cpxmlsec:PublicKey> </cpxmlsec:PublicKey>
</cpxmlsec:GOSTR34102012-512-KeyValue> </cpxmlsec:GOSTR34102012-512-KeyValue>
7.3.4. GOST R 34.10-2001 verification key in GOSTR34102001KeyValue 4.2.3. GOST R 34.10-2001 Public Key in GOSTR34102001KeyValue Element
element
If the key is stored at external location, the following identifier
MUST be included in the "Type" attribute of ds:Reference or
ds:RetrievalMethod elements:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
If the key is included in XML document, it MUST be represented in
subjectPublicKey field of SubjectPublicKeyInfo structure
[R1323565.1.023-2018] without OCTET STRING and DER encoding. This
string MUST be base64-encoded [RFC4648] and included in the
cpxmlsec:GOSTR34102001KeyValue element similar to the ds:RSAKeyValue
[XMLDSIG]. (The cpxmlsec:GOSTR34102001KeyValue element is an
descendant of the cpxmlsec:PublicKey element). The XML schema of the
cpxmlsec:GOSTR34102001KeyValue and cpxmlsec:PublicKey elements is
defined in Section 6.3.1.1.
The elliptic curve identifier (verification key parameters) MUST be The elliptic curve identifier (public key parameters) MUST be
included in the "URI" attribute of the cpxmlsec:NamedCurve element included in the "URI" attribute of the cpxmlsec:NamedCurve element
(see Section 6.3.1.1). In case of OIDs verification key parameters (see Section 4.2). In case of public key parameters described by
SHOULD be assigned in accordance with [RFC3061]. OID identifiers for OIDs they SHOULD be represented in accordance with [RFC3061]. OID
GOST algorithms are defined in section 8.4 of [RFC4357]. identifiers for GOST algorithms are defined in section 8.4 of
[RFC4357].
Test example for cpxmlsec:GOSTR34102001KeyValue element: The public key MUST be included in cpxmlsec:GOSTR34102001KeyValue
element. It MUST be represented in the same way as subjectPublicKey
field of SubjectPublicKeyInfo structure [R1323565.1.023-2018] without
enclosing in OCTET STRING and DER encoding. This string MUST be
base64-encoded [RFC4648] and included in the
cpxmlsec:GOSTR34102001KeyValue similar to the ds:RSAKeyValue (see
[XMLDSIG]). The XML schema of cpxmlsec:GOSTR34102001KeyValue and
cpxmlsec:PublicKey elements is defined in Section 4.2.
The following sample includes key material in the
cpxmlsec:GOSTR34102001KeyValue element:
<cpxmlsec:GOSTR34102001KeyValue> <cpxmlsec:GOSTR34102001KeyValue>
<!-- id-GostR3410-2001-CryptoPro-A-ParamSet --> <!-- id-GostR3410-2001-CryptoPro-A-ParamSet -->
<cpxmlsec:NamedCurve URI="urn:oid:1.2.643.2.2.35.1" /> <cpxmlsec:NamedCurve URI="urn:oid:1.2.643.2.2.35.1" />
<cpxmlsec:PublicKey> <cpxmlsec:PublicKey>
<!-- The verification key value --> <!-- The public key value -->
</cpxmlsec:PublicKey> </cpxmlsec:PublicKey>
</cpxmlsec:GOSTR34102001KeyValue> </cpxmlsec:GOSTR34102001KeyValue>
8. IANA Considerations 4.3. Public Key Reference in RetrievalMethod Element
8.1. XML Sub-namespace registration for urn:ietf:params:xml:ns:cpxmlsec The GOST public key MAY be referenced in the ds:RetrievalMethod
element. In this case the public key reference MUST be included in
the "URI" attribute. If the "Type" attribute is present one of the
following identifiers MUST be used.
For GOST R 34.10-2012 algorithm with 256-bit private key:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
For GOST R 34.10-2012 algorithm with 512-bit private key:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
For GOST R 34.10-2001 algorithm:
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
5. IANA Considerations
5.1. XML Sub-namespace Registration for urn:ietf:params:xml:ns:cpxmlsec
This section registers a new XML sub-namespace, This section registers a new XML sub-namespace,
"urn:ietf:params:xml:ns:cpxmlsec" (see Section 5) per the guidelines "urn:ietf:params:xml:ns:cpxmlsec" (see Section 2) per the guidelines
in [RFC3688]: in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec URI: urn:ietf:params:xml:ns:cpxmlsec
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: None. Namespace URIs do not represent an XML specification. XML: None. Namespace URIs do not represent an XML specification.
8.2. XML Sub-Namespace Registration for 5.2. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" (see "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256" (see
Section 7.1.1.1) per the guidelines in [RFC3688]: Section 3.1.1) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256 URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
skipping to change at page 27, line 26 skipping to change at page 16, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.11-2012 algorithm with Namespace identifier for GOST R 34.11-2012 algorithm with
256-bit hash code in DigestMethod element 256-bit hash code in DigestMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
</h2> </h2>
<p> <p>
See Section 7.1.1.1 in See Section 4.1.1 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.3. XML Sub-Namespace Registration for 5.3. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512" (see "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512" (see
Section 7.1.1.2) per the guidelines in [RFC3688]: Section 3.1.2) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512 URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
skipping to change at page 28, line 26 skipping to change at page 17, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.11-2012 algorithm with Namespace identifier for GOST R 34.11-2012 algorithm with
512-bit hash code in DigestMethod element 512-bit hash code in DigestMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
</h2> </h2>
<p> <p>
See Section 7.1.1.2 in See Section 4.1.2 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.4. XML Sub-Namespace Registration for 5.4. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411" (see "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411" (see
Section 7.1.1.3) per the guidelines in [RFC3688]: Section 3.1.3) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
skipping to change at page 29, line 25 skipping to change at page 18, line 25
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.11-94 algorithm in Namespace identifier for GOST R 34.11-94 algorithm in
DigestMethod element DigestMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
</h2> </h2>
<p> <p>
See Section 7.1.1.3 in See Section 4.1.3 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.5. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:cpxmlsec 5.5. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:cpxmlsec
:algorithms:gostr34102012-gostr34112012-256 :algorithms:gostr34102012-gostr34112012-256
This section registers a new XML sub-namespace identifier, "urn:ietf: This section registers a new XML sub-namespace identifier, "urn:ietf:
params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256" params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256"
(see Section 7.1.2.1) per the guidelines in [RFC3688]: (see Section 3.2.1) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34 URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34
112012-256 112012-256
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 30, line 26 skipping to change at page 19, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2012 algorithm with Namespace identifier for GOST R 34.10-2012 algorithm with
256-bit key in SignatureMethod element 256-bit key in SignatureMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-256
</h2> </h2>
<p> <p>
See Section 7.1.2.1 in See Section 4.2.1 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.6. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:cpxmlsec 5.6. XML Sub-Namespace Registration for urn:ietf:params:xml:ns:cpxmlsec
:algorithms:gostr34102012-gostr34112012-512 :algorithms:gostr34102012-gostr34112012-512
This section registers a new XML sub-namespace identifier, "urn:ietf: This section registers a new XML sub-namespace identifier, "urn:ietf:
params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512" params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512"
(see Section 7.1.2.2) per the guidelines in [RFC3688]: (see Section 3.2.2) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34 URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34
112012-512 112012-512
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 31, line 26 skipping to change at page 20, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2012 algorithm with Namespace identifier for GOST R 34.10-2012 algorithm with
512-bit key in SignatureMethod element 512-bit key in SignatureMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-512
</h2> </h2>
<p> <p>
See Section 7.1.2.2 in See Section 4.2.2 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.7. XML Sub-Namespace Registration for 5.7. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411" "urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411"
(see Section 7.1.2.3) per the guidelines in [RFC3688]: (see Section 3.2.3) per the guidelines in [RFC3688]:
URI: URI:
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 32, line 25 skipping to change at page 21, line 25
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2001 algorithm in Namespace identifier for GOST R 34.10-2001 algorithm in
SignatureMethod element SignatureMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
</h2> </h2>
<p> <p>
See Section 7.1.2.3 in See Section 4.2.3 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.8. XML Sub-Namespace Registration for 5.8. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256" "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256"
(see Section 7.2.1) per the guidelines in [RFC3688]: (see Section 3.3.1) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac- URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-
gostr34112012-256 gostr34112012-256
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 33, line 26 skipping to change at page 22, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.11-2012 algorithm with Namespace identifier for GOST R 34.11-2012 algorithm with
256-bit key in SignatureMethod element 256-bit key in SignatureMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256
</h2> </h2>
<p> <p>
See Section 7.2.1 in See Section 4.3.1 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.9. XML Sub-Namespace Registration for 5.9. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512" "urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512"
(see Section 7.2.2) per the guidelines in [RFC3688]: (see Section 3.3.2) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac- URI: urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-
gostr34112012-512 gostr34112012-512
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
skipping to change at page 34, line 26 skipping to change at page 23, line 26
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.11-2012 algorithm with Namespace identifier for GOST R 34.11-2012 algorithm with
512-bit key in SignatureMethod element 512-bit key in SignatureMethod element
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512
</h2> </h2>
<p> <p>
See Section 7.2.2 in See Section 4.3.2 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.10. XML Sub-Namespace Registration for 5.10. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue" "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue"
(see Section 7.3.2) per the guidelines in [RFC3688]: (see Section 4.3) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd"> "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
<head> <head>
<meta http-equiv="content-type" <meta http-equiv="content-type"
content="text/html;charset=iso-8859-1"/> content="text/html;charset=iso-8859-1"/>
<title> <title>
GOST R 34.10-2012 256-bit verification key in GOSTR34102012-256-KeyValue element GOST R 34.10-2012 256-bit public key at external location
</title> </title>
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2012 256-bit Namespace identifier for GOST R 34.10-2012 256-bit
verification key in GOSTR34102012-256-KeyValue element public key at external location
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
</h2> </h2>
<p> <p>
See Section 7.3.2 in See Section 5.3 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.11. XML Sub-Namespace Registration for 5.11. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue" "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue"
(see Section 7.3.3) per the guidelines in [RFC3688]: (see Section 4.3) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd"> "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
<head> <head>
<meta http-equiv="content-type" <meta http-equiv="content-type"
content="text/html;charset=iso-8859-1"/> content="text/html;charset=iso-8859-1"/>
<title> <title>
GOST R 34.10-2012 512-bit verification key in GOSTR34102012-512-KeyValue element GOST R 34.10-2012 512-bit public key at external location
</title> </title>
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2012 512-bit Namespace identifier for GOST R 34.10-2012 512-bit
verification key in GOSTR34102012-512-KeyValue element public key at external location
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
</h2> </h2>
<p> <p>
See Section 7.3.3 in See Section 5.3 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.12. XML Sub-Namespace Registration for 5.12. XML Sub-Namespace Registration for
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
This section registers a new XML sub-namespace identifier, This section registers a new XML sub-namespace identifier,
"urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue" (see "urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue" (see
Section 7.3.4) per the guidelines in [RFC3688]: Section 4.3) per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue URI: urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: XML:
<?xml version="1.0"?> <?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN" <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML Basic 1.0//EN"
"http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd"> "http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
<head> <head>
<meta http-equiv="content-type" <meta http-equiv="content-type"
content="text/html;charset=iso-8859-1"/> content="text/html;charset=iso-8859-1"/>
<title> <title>
GOST R 34.10-2001 verification key in GOSTR34102001KeyValue element GOST R 34.10-2001 public key at external location
</title> </title>
</head> </head>
<body> <body>
<h1> <h1>
Namespace identifier for GOST R 34.10-2001 verification Namespace identifier for GOST R 34.10-2001 public
key in GOSTR34102001KeyValue element key at external location
</h1> </h1>
<h2> <h2>
urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
</h2> </h2>
<p> <p>
See Section 7.3.4 in See Section 5.3 in
<a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-04"> <a href="https://tools.ietf.org/html/draft-smirnov-xmldsig-05">
draft-smirnov-xmldsig-04</a>. draft-smirnov-xmldsig-05</a>.
</p> </p>
</body> </body>
</html> </html>
8.13. XML schema registration 5.13. XML Schema Registration
This section registers an XML schema per the guidelines in [RFC3688]: This section registers an XML schema per the guidelines in [RFC3688]:
URI: urn:ietf:params:xml:schema:cpxmlsec URI: urn:ietf:params:xml:schema:cpxmlsec
Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria Registrant Contact: Pavel Smirnov (spv@cryptopro.ru), Maria
Paramonova (mparamonova@cryptopro.ru). Paramonova (mparamonova@cryptopro.ru).
XML: The XML schema can be found in Appendix A. XML: The XML schema can be found in Appendix A.
9. References 6. References
9.1. Normative References 6.1. Normative References
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>. <https://www.rfc-editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 39, line 12 skipping to change at page 28, line 8
DOI 10.17487/RFC7091, December 2013, DOI 10.17487/RFC7091, December 2013,
<https://www.rfc-editor.org/info/rfc7091>. <https://www.rfc-editor.org/info/rfc7091>.
[RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V.,
Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines
on the Cryptographic Algorithms to Accompany the Usage of on the Cryptographic Algorithms to Accompany the Usage of
Standards GOST R 34.10-2012 and GOST R 34.11-2012", Standards GOST R 34.10-2012 and GOST R 34.11-2012",
RFC 7836, DOI 10.17487/RFC7836, March 2016, RFC 7836, DOI 10.17487/RFC7836, March 2016,
<https://www.rfc-editor.org/info/rfc7836>. <https://www.rfc-editor.org/info/rfc7836>.
9.2. Informative References 6.2. Informative References
[GOST3410-2012] [GOST3410-2012]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic data security. "Information technology. Cryptographic data security.
Signature and verification processes of [electronic] Signature and verification processes of [electronic]
digital signature", GOST R Version 1.1, 2012. digital signature", GOST R Version 1.1, 2012.
[GOST3411-2012] [GOST3411-2012]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic Data Security. "Information technology. Cryptographic Data Security.
Hashing function", GOST R 34.11-2012, 2012. Hashing function", GOST R 34.11-2012, 2012.
[R1323565.1.023-2018] [R1323565.1.023-2018]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic information "Information technology. Cryptographic information
security. Usage of GOST R 34.10-2012 and GOST R 34.11-2012 security. Usage of GOST R 34.10-2012 and GOST R 34.11-2012
algorithms in certificate, CRL and PKCS#10 certificate algorithms in certificate, CRL and PKCS#10 certificate
request in X.509 public key infrastructure", request in X.509 public key infrastructure",
R 1323565.1.023-2018, 2019. R 1323565.1.023-2018, 2019.
[R1323565.1.033-2020]
Technical Committee 26 "Cryptography and Security
Mechanisms", "Using Russian algorithms of digital
signature with XML-based protocols and messages", TC 26
Recommendation , 2020, <https://tc26.ru/standarts/
rekomendatsii-po-standartizatsii/r-1323565-1-025-2019-
informatsionnaya-tekhnologiya-kriptograficheskaya-
zashchita-informatsii-ispolzovanie-rossiyskikh-algoritmov-
elektronnoy-podpisi-v-protokolakh-i-formatakh-
soobshcheniy-na-osnove-xml.html/>.
[R501113-2016] [R501113-2016]
Federal Agency on Technical Regulating and Metrology, Federal Agency on Technical Regulating and Metrology,
"Information technology. Cryptographic Data Security. "Information technology. Cryptographic Data Security.
Guidelines on the Cryptographic Algorithms, Accompanying Guidelines on the Cryptographic Algorithms, Accompanying
the Usage of Standards GOST R 34.10-2012 and GOST R the Usage of Standards GOST R 34.10-2012 and GOST R
34.11-2012", R 50.1.113-2016, 2016. 34.11-2012", R 50.1.113-2016, 2016.
[XMLDSIG] The World Wide Web Consortium (W3C), "XML Signature Syntax [XMLDSIG] The World Wide Web Consortium (W3C), "XML Signature Syntax
and Processing", W3C Recommendation Version 1.1, 2013, and Processing", W3C Recommendation Version 1.1, 2013,
<https://www.w3.org/TR/xmldsig-core1/>. <https://www.w3.org/TR/xmldsig-core1/>.
skipping to change at page 40, line 5 skipping to change at page 29, line 15
[XMLSCHEMA-1] [XMLSCHEMA-1]
The World Wide Web Consortium (W3C), "XML Schema Part 1: The World Wide Web Consortium (W3C), "XML Schema Part 1:
Structures Second Edition", W3C Recommendation , 2004, Structures Second Edition", W3C Recommendation , 2004,
<https://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>. <https://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>.
[XMLSCHEMA-2] [XMLSCHEMA-2]
The World Wide Web Consortium (W3C), "XML Schema Part 2: The World Wide Web Consortium (W3C), "XML Schema Part 2:
Datatypes Second Edition", W3C Recommendation , 2004, Datatypes Second Edition", W3C Recommendation , 2004,
<https://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>. <https://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>.
Appendix A. CPXMLSEC XML schema Appendix A. CPXMLSEC XML Schema
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!-- Declare helper entities to avoid overrunning right margin of text <!-- Declare helper entities to avoid overrunning right margin of text
while importing schemata.--> while importing schemata.-->
<!DOCTYPE schema [ <!DOCTYPE schema [
<!ENTITY xmldsiguri <!ENTITY xmldsiguri
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610"> "http://www.w3.org/TR/2008/REC-xmldsig-core-20080610">
]> ]>
<xs:schema <xs:schema
xmlns:cpxmlsec="urn:ietf:params:xml:ns:cpxmlsec" xmlns:cpxmlsec="urn:ietf:params:xml:ns:cpxmlsec"
skipping to change at page 41, line 13 skipping to change at page 31, line 13
</xs:schema> </xs:schema>
Appendix B. Test Examples Appendix B. Test Examples
Note: Line breaks in the coordinates, identifiers, XML elements or in Note: Line breaks in the coordinates, identifiers, XML elements or in
the attribute values MUST be ignored. the attribute values MUST be ignored.
B.1. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit B.1. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit
hash code in DigestMethod element hash code in DigestMethod element
The X.509 certificate from Appendix A of [R1323565.1.023-2018] was The following sample was constructed using the X.509 certificate from
used. Appendix A of [R1323565.1.023-2018].
The x-coordinate of verirification key: X-coordinate of public key:
0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
The y-coordinate of verirification key: Y-coordinate of public key:
0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
Corresponding signature key (d): Corresponding private key (d):
0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
The k value: K value:
0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
The h-bar value: H-bar value:
0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
The signed XML document: Signed XML document:
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<DataToSign Id="ToSign">Data</DataToSign> <DataToSign Id="ToSign">Data</DataToSign>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <SignedInfo>
<CanonicalizationMethod Algorithm= <CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/> />
<SignatureMethod Algorithm= <SignatureMethod Algorithm=
skipping to change at page 43, line 4 skipping to change at page 33, line 4
<NamedCurve URI="urn:oid:1.2.643.2.2.36.0" /> <NamedCurve URI="urn:oid:1.2.643.2.2.36.0" />
<PublicKey> <PublicKey>
ut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4v ut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4v
F0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYrQ== F0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYrQ==
</PublicKey> </PublicKey>
</GOSTR34102012-256-KeyValue> </GOSTR34102012-256-KeyValue>
</KeyValue> </KeyValue>
</KeyInfo> </KeyInfo>
</Signature> </Signature>
</root> </root>
The base64-encoded signed XML document: Base64-encoded signed XML document:
77u/ 77u/
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
skipping to change at page 43, line 38 skipping to change at page 33, line 38
VSST0i dXJuOm9pZDoxLjIuNjQzLjIuMi4zNi4wIiAvPg0KICAgICAgICAgICAgICAgPF VSST0i dXJuOm9pZDoxLjIuNjQzLjIuMi4zNi4wIiAvPg0KICAgICAgICAgICAgICAgPF
B1YmxpY0tl eT51dC9RdzFNVXE5S1Bxa2RIQzJ4QUYzSzdUdWdIZm85bjUyNUQyczVtRl B1YmxpY0tl eT51dC9RdzFNVXE5S1Bxa2RIQzJ4QUYzSzdUdWdIZm85bjUyNUQyczVtRl
pkRDVwd2Y5MC9p NHZGMG1GbXI5bmZSd01ZUDRvMFBnMW1PbjVSbGFYTllyUT09PC9QdW pkRDVwd2Y5MC9p NHZGMG1GbXI5bmZSd01ZUDRvMFBnMW1PbjVSbGFYTllyUT09PC9QdW
JsaWNLZXk+DQogICAg ICAgICAgICA8L0dPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlPg JsaWNLZXk+DQogICAg ICAgICAgICA8L0dPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlPg
0KICAgICAgICAgPC9LZXlW 0KICAgICAgICAgPC9LZXlW
YWx1ZT4NCiAgICAgIDwvS2V5SW5mbz4NCiAgIDwvU2lnbmF0dXJlPg0KPC9yb290Pg== YWx1ZT4NCiAgICAgIDwvS2V5SW5mbz4NCiAgIDwvU2lnbmF0dXJlPg0KPC9yb290Pg==
B.2. Signed XML document with GOST R 34.10-2012 algorithm and 512-bit B.2. Signed XML document with GOST R 34.10-2012 algorithm and 512-bit
hash code in DigestMethod element hash code in DigestMethod element
The X.509 certificate from Appendix A of [R1323565.1.023-2018] was The following sample was constructed using the X.509 certificate from
used. Appendix A of [R1323565.1.023-2018].
The x-coordinate of verirification key: X-coordinate of public key:
0x07134627CE7FC6770953ABA4714B38AF8DE764B8870A502C2F4CC2D05541459A18DA3B 0x07134627CE7FC6770953ABA4714B38AF8DE764B8870A502C2F4CC2D05541459A18DA3B
9D4EBC09BC06CB2EA1856A03747561CF04C34382111539230A550F1913 9D4EBC09BC06CB2EA1856A03747561CF04C34382111539230A550F1913
The y-coordinate of verirification key: Y-coordinate of public key:
0x7E08A434CB2FA300F8974E3FF69A4BCDF36B6308E1D7A56144693A35E11CBD14D50291 0x7E08A434CB2FA300F8974E3FF69A4BCDF36B6308E1D7A56144693A35E11CBD14D50291
6E680E35FE1E6ABBA85BD4DAE7065308B16B1CCABFE3D91CE0655B0FFD 6E680E35FE1E6ABBA85BD4DAE7065308B16B1CCABFE3D91CE0655B0FFD
Corresponding signature key (d): Corresponding private key (d):
0x3FC01CDCD4EC5F972EB482774C41E66DB7F380528DFE9E67992BA05AEE462435757530 0x3FC01CDCD4EC5F972EB482774C41E66DB7F380528DFE9E67992BA05AEE462435757530
E641077CE587B976C8EEB48C48FD33FD175F0C7DE6A44E014E6BCB074B E641077CE587B976C8EEB48C48FD33FD175F0C7DE6A44E014E6BCB074B
The k value: K value:
0x72ABB44536656BF1618CE10BF7EADD40582304A51EE4E2A25A0A32CB0E773ABB23B7D8 0x72ABB44536656BF1618CE10BF7EADD40582304A51EE4E2A25A0A32CB0E773ABB23B7D8
FDD8FA5EEE91B4AE452F2272C86E1E2221215D405F51B5D5015616E1F6 FDD8FA5EEE91B4AE452F2272C86E1E2221215D405F51B5D5015616E1F6
The h-bar value: H-bar value:
0x33DEF8422879AA68482339BC65E5DCA9A5D77E80C5C0371DB13D3B88F4CCA8A89ED3CE 0x33DEF8422879AA68482339BC65E5DCA9A5D77E80C5C0371DB13D3B88F4CCA8A89ED3CE
85849231DD61B35E4B47A3722317663859A2BE088C1BB6EEC87410DAF2 85849231DD61B35E4B47A3722317663859A2BE088C1BB6EEC87410DAF2
The signed XML document: Signed XML document:
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<DataToSign Id="ToSign">Data</DataToSign> <DataToSign Id="ToSign">Data</DataToSign>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <SignedInfo>
<CanonicalizationMethod Algorithm= <CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/> />
<SignatureMethod Algorithm= <SignatureMethod Algorithm=
skipping to change at page 45, line 35 skipping to change at page 35, line 35
xQCoe4ZOeNrzhLcaSrUwl3xn/OJ0YTB/0PW2XgHNnjv8oca7EIUwbn xQCoe4ZOeNrzhLcaSrUwl3xn/OJ0YTB/0PW2XgHNnjv8oca7EIUwbn
2tRbqLtqHv41DmhukQLVFL0c4TU6aURhpdfhCGNr881LmvY/Tpf4AK 2tRbqLtqHv41DmhukQLVFL0c4TU6aURhpdfhCGNr881LmvY/Tpf4AK
MvyzSkCH4= MvyzSkCH4=
</PublicKey> </PublicKey>
</GOSTR34102012-512-KeyValue> </GOSTR34102012-512-KeyValue>
</KeyValue> </KeyValue>
</KeyInfo> </KeyInfo>
</Signature> </Signature>
</root> </root>
The base64-encoded signed XML document: Base64-encoded signed XML document:
77u/ 77u/
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
jAxMi1nb3N0cjM0MTEyMDEy LTUxMiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP jAxMi1nb3N0cjM0MTEyMDEy LTUxMiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
skipping to change at page 46, line 26 skipping to change at page 36, line 26
drUERCTTloZFhRRGFvV2hM c3NHdkFtOFRwMDcyaGlhUlVGVjBNSk1MeXhRQ29lNFpPZU drUERCTTloZFhRRGFvV2hM c3NHdkFtOFRwMDcyaGlhUlVGVjBNSk1MeXhRQ29lNFpPZU
5yemhMY2FTclV3bDN4bi9PSjBZ VEIvMFBXMlhnSE5uanY4b2NhN0VJVXdibjJ0UmJxTH 5yemhMY2FTclV3bDN4bi9PSjBZ VEIvMFBXMlhnSE5uanY4b2NhN0VJVXdibjJ0UmJxTH
RxSHY0MURtaHVrUUxWRkwwYzRUVTZh VVJocGRmaENHTnI4ODFMbXZZL1RwZjRBS012eX RxSHY0MURtaHVrUUxWRkwwYzRUVTZh VVJocGRmaENHTnI4ODFMbXZZL1RwZjRBS012eX
pTa0NIND08L1B1YmxpY0tleT4NCiAgICAg ICAgICAgIDwvR09TVFIzNDEwMjAxMi01MT pTa0NIND08L1B1YmxpY0tleT4NCiAgICAg ICAgICAgIDwvR09TVFIzNDEwMjAxMi01MT
ItS2V5VmFsdWU+DQogICAgICAgICA8L0tleVZh ItS2V5VmFsdWU+DQogICAgICAgICA8L0tleVZh
bHVlPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+ bHVlPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+
B.3. Signed XML document with GOST R 34.10-2001 algorithm in B.3. Signed XML document with GOST R 34.10-2001 algorithm in
SignatureMethod element SignatureMethod element
The X.509 certificate from section 4.2 of [RFC4491] was used. The following sample was constructed using the X.509 certificate from
section 4.2 of [RFC4491].
The x-coordinate of verirification key: X-coordinate of public key:
0x577E324FE70F2B6DF45C437A0305E5FD2C89318C13CD0875401A026075689584 0x577E324FE70F2B6DF45C437A0305E5FD2C89318C13CD0875401A026075689584
The y-coordinate of verirification key: Y-coordinate of public key:
0x601AEACABC660FDFB0CBC7567EBBA6EA8DE40FAE857C9AD0038895B916CCEB8F 0x601AEACABC660FDFB0CBC7567EBBA6EA8DE40FAE857C9AD0038895B916CCEB8F
Corresponding signature key (d): Corresponding private key (d):
0x0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77 0x0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77
The k value: K value:
0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
The h-bar value: H-bar value:
0xEF3E03620C2B0E87E43F503A839AB7868071EA28CA38AABD915D56A5F74400F4 0xEF3E03620C2B0E87E43F503A839AB7868071EA28CA38AABD915D56A5F74400F4
The signed XML document: Signed XML document:
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<DataToSign Id="ToSign">Data</DataToSign> <DataToSign Id="ToSign">Data</DataToSign>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <SignedInfo>
<CanonicalizationMethod Algorithm= <CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/> />
<SignatureMethod Algorithm= <SignatureMethod Algorithm=
skipping to change at page 49, line 4 skipping to change at page 38, line 11
<NamedCurve URI="urn:oid:1.2.643.2.2.36.0" /> <NamedCurve URI="urn:oid:1.2.643.2.2.36.0" />
<PublicKey> <PublicKey>
hJVodWACGkB1CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9 hJVodWACGkB1CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9
CafIWuD+SN6qa7flbHy7DfD2a8yuoaYA== CafIWuD+SN6qa7flbHy7DfD2a8yuoaYA==
</PublicKey> </PublicKey>
</GOSTR34102001KeyValue> </GOSTR34102001KeyValue>
</KeyValue> </KeyValue>
</KeyInfo> </KeyInfo>
</Signature> </Signature>
</root> </root>
The base64-encoded signed XML document:
Base64-encoded signed XML document:
77u/ 77u/
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
jAwMS1nb3N0cjM0MTEiIC8+ DQogICAgICAgICA8UmVmZXJlbmNlIFVSST0iI1RvU2lnb jAwMS1nb3N0cjM0MTEiIC8+ DQogICAgICAgICA8UmVmZXJlbmNlIFVSST0iI1RvU2lnb
skipping to change at page 49, line 36 skipping to change at page 38, line 44
jAwMUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYXJhbXM6eG1sOm5zOmNweG1sc2VjIj jAwMUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYXJhbXM6eG1sOm5zOmNweG1sc2VjIj
4N CiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIFVSST0idXJuOm9pZDoxLjIuNjQzLj 4N CiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIFVSST0idXJuOm9pZDoxLjIuNjQzLj
IuMi4z Ni4wIiAvPg0KICAgICAgICAgICAgICAgPFB1YmxpY0tleT5oSlZvZFdBQ0drQj IuMi4z Ni4wIiAvPg0KICAgICAgICAgICAgICAgPFB1YmxpY0tleT5oSlZvZFdBQ0drQj
FDTTBUakRH SkxQM2xCUU42UTF6MGJTc1A1MDh5ZmxlUDY4d1d1WldJQTlDYWZJV3VEK1 FDTTBUakRH SkxQM2xCUU42UTF6MGJTc1A1MDh5ZmxlUDY4d1d1WldJQTlDYWZJV3VEK1
NONnFhN2ZsYkh5 N0RmRDJhOHl1b2FZQT09PC9QdWJsaWNLZXk+DQogICAgICAgICAgIC NONnFhN2ZsYkh5 N0RmRDJhOHl1b2FZQT09PC9QdWJsaWNLZXk+DQogICAgICAgICAgIC
A8L0dPU1RSMzQxMDIw MDFLZXlWYWx1ZT4NCiAgICAgICAgIDwvS2V5VmFsdWU+DQogIC A8L0dPU1RSMzQxMDIw MDFLZXlWYWx1ZT4NCiAgICAgICAgIDwvS2V5VmFsdWU+DQogIC
AgICA8L0tleUluZm8+DQog ICA8L1NpZ25hdHVyZT4NCjwvcm9vdD4= AgICA8L0tleUluZm8+DQog ICA8L1NpZ25hdHVyZT4NCjwvcm9vdD4=
B.4. Signed XML document with X.509 certificate in KeyInfo element B.4. Signed XML document with X.509 certificate in KeyInfo element
The X.509 certificate from Appendix A of [R1323565.1.023-2018] was The following sample was constructed using the X.509 certificate from
used. Appendix A of [R1323565.1.023-2018].
The x-coordinate of verirification key: X-coordinate of public key:
0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
The y-coordinate of verirification key: Y-coordinate of public key:
0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
Corresponding signature key (d): Corresponding private key (d):
0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
The k value: K value:
0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
The h-bar value: H-bar value:
0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
The signed XML document: Signed XML document:
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<DataToSign Id="ToSign">Data</DataToSign> <DataToSign Id="ToSign">Data</DataToSign>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <SignedInfo>
<CanonicalizationMethod Algorithm= <CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315" "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/> />
<SignatureMethod Algorithm= <SignatureMethod Algorithm=
skipping to change at page 51, line 30 skipping to change at page 40, line 43
xMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAx xMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAx
MiAoMjU2IGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbA MiAoMjU2IGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbA
RR6hJLEoWJkOsYV3Hd7kXQQjz3CdqQfmHrz6TI6Xojdh/t8ckODv/587N RR6hJLEoWJkOsYV3Hd7kXQQjz3CdqQfmHrz6TI6Xojdh/t8ckODv/587N
S5/6KsM77vc6Wh90NAT2s= S5/6KsM77vc6Wh90NAT2s=
</X509Certificate> </X509Certificate>
</X509Data> </X509Data>
</KeyInfo> </KeyInfo>
</Signature> </Signature>
</root> </root>
The base64-encoded signed XML document: Base64-encoded signed XML document:
77u/ 77u/
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
skipping to change at page 52, line 26 skipping to change at page 41, line 38
NBUUV3ZmdZRFZSMEJCSGN3ZFlBVTFmSWVOMUhhUGJ3 K1hXVXpia0ora0hKVVQwQ2hXcV NBUUV3ZmdZRFZSMEJCSGN3ZFlBVTFmSWVOMUhhUGJ3 K1hXVXpia0ora0hKVVQwQ2hXcV
JZTUZZeEtUQW5CZ2txaGtpRzl3MEJDUUVXR2tkdmMzUlNN elF4TUMweU1ERXlRR1Y0WV JZTUZZeEtUQW5CZ2txaGtpRzl3MEJDUUVXR2tkdmMzUlNN elF4TUMweU1ERXlRR1Y0WV
cxd2JHVXVZMjl0TVNrd0p3WURWUVFERXlCSGIzTjBVak0wTVRB dE1qQXhNaUFvTWpVMk cxd2JHVXVZMjl0TVNrd0p3WURWUVFERXlCSGIzTjBVak0wTVRB dE1qQXhNaUFvTWpVMk
lHSnBkQ2tnWlhoaGJYQnNaWUlCQVRBS0JnZ3FoUU1IQVFFREFnTkJB RjVibTRCYkFSUj lHSnBkQ2tnWlhoaGJYQnNaWUlCQVRBS0JnZ3FoUU1IQVFFREFnTkJB RjVibTRCYkFSUj
ZoSkxFb1dKa09zWVYzSGQ3a1hRUWp6M0NkcVFmbUhyejZUSTZYb2pkaC90 OGNrT0R2Lz ZoSkxFb1dKa09zWVYzSGQ3a1hRUWp6M0NkcVFmbUhyejZUSTZYb2pkaC90 OGNrT0R2Lz
U4N05TNS82S3NNNzd2YzZXaDkwTkFUMnM9PC9YNTA5Q2VydGlmaWNhdGU+DQog ICAgIC U4N05TNS82S3NNNzd2YzZXaDkwTkFUMnM9PC9YNTA5Q2VydGlmaWNhdGU+DQog ICAgIC
AgICA8L1g1MDlEYXRhPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+ AgICA8L1g1MDlEYXRhPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+
DQo8L3Jvb3Q+ DQo8L3Jvb3Q+
B.5. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit B.5. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit
verification key in DEREncodedKeyValue public key in DEREncodedKeyValue
The X.509 certificate from Appendix A of [R1323565.1.023-2018] was The following sample was constructed using the X.509 certificate from
used. Appendix A of [R1323565.1.023-2018].
The x-coordinate of verirification key: X-coordinate of public key:
0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
The y-coordinate of verirification key: Y-coordinate of public key:
0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
Corresponding signature key: Corresponding private key:
0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
The k value: K value:
0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
The h-bar value: H-bar value:
0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
The signed XML document: Signed XML document:
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<root> <root>
<DataToSign Id="ToSign">Data</DataToSign> <DataToSign Id="ToSign">Data</DataToSign>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo> <SignedInfo>
<CanonicalizationMethod Algorithm= <CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n- "http://www.w3.org/TR/2001/REC-xml-c14n-
20010315" 20010315"
/> />
skipping to change at page 54, line 48 skipping to change at page 43, line 48
<KeyInfo> <KeyInfo>
<DEREncodedKeyValue xmlns="http://www.w3.org/2009/xmldsig11#"> <DEREncodedKeyValue xmlns="http://www.w3.org/2009/xmldsig11#">
MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLrf0MNT MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLrf0MNT
FKvSj6pHRwtsQBdyu07oB36PZ+duQ9rOZhWXQ+acH/dP4uLxdJhZq/Z30cDG FKvSj6pHRwtsQBdyu07oB36PZ+duQ9rOZhWXQ+acH/dP4uLxdJhZq/Z30cDG
D+KND4NZjp+UZWlzWK0= D+KND4NZjp+UZWlzWK0=
</DEREncodedKeyValue> </DEREncodedKeyValue>
</KeyInfo> </KeyInfo>
</Signature> </Signature>
</root> </root>
The base64-encoded signed XML document: Base64-encoded signed XML document:
77u/ 77u/
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
skipping to change at page 55, line 33 skipping to change at page 44, line 33
jJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWY jJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWY
Wx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPERFUkVuY29kZWRLZXlWYWx1 Z Wx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPERFUkVuY29kZWRLZXlWYWx1 Z
SB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwOS94bWxkc2lnMTEjIj5NR1l3SHdZSU SB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwOS94bWxkc2lnMTEjIj5NR1l3SHdZSU
tv VURCd0VCQVFFd0V3WUhLb1VEQWdJa0FBWUlLb1VEQndFQkFnSURRd0FFUUxyZjBNTl tv VURCd0VCQVFFd0V3WUhLb1VEQWdJa0FBWUlLb1VEQndFQkFnSURRd0FFUUxyZjBNTl
RGS3ZT ajZwSFJ3dHNRQmR5dTA3b0IzNlBaK2R1UTlyT1poV1hRK2FjSC9kUDR1THhkSm RGS3ZT ajZwSFJ3dHNRQmR5dTA3b0IzNlBaK2R1UTlyT1poV1hRK2FjSC9kUDR1THhkSm
hacS9aMzBj REdEK0tORDROWmpwK1VaV2x6V0swPTwvREVSRW5jb2RlZEtleVZhbHVlPg hacS9aMzBj REdEK0tORDROWmpwK1VaV2x6V0swPTwvREVSRW5jb2RlZEtleVZhbHVlPg
0KICAgICAgPC9L ZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+ 0KICAgICAgPC9L ZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+
Appendix C. Acknowledgments Appendix C. Acknowledgments
We thank Ekaterina Smyshlyaeva and Evgeny Alekseev for their useful We thank Ekaterina Griboedova and Evgeny Alekseev for their useful
comments. comments.
Authors' Addresses Authors' Addresses
Pavel Smirnov (editor) Pavel Smirnov (editor)
CryptoPro CryptoPro
18, Suschevsky val 18, Suschevsky val
Moscow 127018 Moscow
127018
Russian Federation Russian Federation
Phone: +7 (495) 995-48-20 Phone: +7 (495) 995-48-20
Email: spv@cryptopro.ru Email: spv@cryptopro.ru
Maria Paramonova Maria Paramonova
CryptoPro CryptoPro
18, Suschevsky val 18, Suschevsky val
Moscow 127018 Moscow
127018
Russian Federation Russian Federation
Phone: +7 (495) 995-48-20 Phone: +7 (495) 995-48-20
Email: mparamonova@cryptopro.ru Email: mparamonova@cryptopro.ru
Mikhail Khomenko Mikhail Khomenko
CryptoPro CryptoPro
18, Suschevsky val 18, Suschevsky val
Moscow 127018 Moscow
127018
Russian Federation Russian Federation
Phone: +7 (495) 995-48-20 Phone: +7 (495) 995-48-20
Email: xmv@cryptopro.ru Email: xmv@cryptopro.ru
Artyom Makarov Artyom Makarov
CryptoPro CryptoPro
18, Suschevsky val 18, Suschevsky val
Moscow 127018 Moscow
127018
Russian Federation Russian Federation
Phone: +7 (495) 995-48-20 Phone: +7 (495) 995-48-20
Email: makarov@cryptopro.ru Email: makarov@cryptopro.ru
 End of changes. 221 change blocks. 
979 lines changed or deleted 521 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/