< draft-turner-asymmetrickeyformat-00.txt		draft-turner-asymmetrickeyformat-01.txt >
	Network Working Group Sean Turner, IECA		Network Working Group Sean Turner, IECA
	Internet Draft 20 October 2008		Internet Draft 30 October 2008
	Intended Status: Standard Track		Intended Status: Standard Track
	Obsoletes: RFC 5208 (once approved)		Obsoletes: RFC 5208 (once approved)
	Expires: 20 April 2009		Expires: 30 April 2009
	Asymmetric Key Packages		Asymmetric Key Packages
	draft-turner-asymmetrickeyformat-00.txt		draft-turner-asymmetrickeyformat-01.txt
	Status of this Memo		Status of this Memo
	By submitting this Internet-Draft, each author represents that any		By submitting this Internet-Draft, each author represents that any
	applicable patent or other IPR claims of which he or she is aware		applicable patent or other IPR claims of which he or she is aware
	have been or will be disclosed, and any of which he or she becomes		have been or will be disclosed, and any of which he or she becomes
	aware will be disclosed, in accordance with Section 6 of BCP 79.		aware will be disclosed, in accordance with Section 6 of BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	skipping to change at page 1, line 34 ¶		skipping to change at page 1, line 34 ¶
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt		http://www.ietf.org/ietf/1id-abstracts.txt
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html		http://www.ietf.org/shadow.html
	This Internet-Draft will expire on 20 April 2009.		This Internet-Draft will expire on 30 April 2009.
	Copyright Notice		Copyright Notice
	Copyright (C) The IETF Trust (2008).		Copyright (C) The IETF Trust (2008).
	Abstract		Abstract
	This document defines the syntax for private key information and a		This document defines the syntax for private key information and a
	content type for it. Private-key information includes a private key		content type for it. Private-key information includes a private key
	for some public-key algorithm and a set of attributes. The document		for some public-key algorithm and a set of attributes. The document
	skipping to change at page 2, line 14 ¶		skipping to change at page 2, line 14 ¶
	digitally sign, digest, authenticate, or encrypt the asymmetric key		digitally sign, digest, authenticate, or encrypt the asymmetric key
	format content type. This document obsoletes RFC 5208.		format content type. This document obsoletes RFC 5208.
	Table of Contents		Table of Contents
	1. Introduction...................................................2		1. Introduction...................................................2
	1.1. Requirements Terminology..................................2		1.1. Requirements Terminology..................................2
	1.2. ASN.1 Syntax Notation.....................................2		1.2. ASN.1 Syntax Notation.....................................2
	1.3. Changes since RFC 5208....................................2		1.3. Changes since RFC 5208....................................2
	2. Asymmetric Key Package Content Type............................3		2. Asymmetric Key Package Content Type............................3
	3. Encrypted Private Key Info.....................................4		3. Encrypted Private Key Info.....................................5
	4. Protecting the AsymmetricKeyPackage............................5		4. Protecting the AsymmetricKeyPackage............................5
	5. Other Considerations...........................................5		5. Other Considerations...........................................6
	6. Security Considerations........................................6		6. Security Considerations........................................6
	7. IANA Considerations............................................6		7. IANA Considerations............................................7
	8. References.....................................................6		8. References.....................................................7
	8.1. Normative References......................................6		8.1. Normative References......................................7
	8.2. Non-Normative References..................................7		8.2. Non-Normative References..................................7
	APPENDIX A: ASN.1 Module..........................................8		APPENDIX A: ASN.1 Module..........................................9
	1. Introduction		1. Introduction
	This document defines the syntax for private key information and a		This document defines the syntax for private key information and a
	content type for it. Private-key information includes a private key		content type for it. Private-key information includes a private key
	for some public-key algorithm and a set of attributes. The document		for some public-key algorithm and a set of attributes. The document
	also describes a syntax for encrypted private keys. The		also describes a syntax for encrypted private keys. The
	Cryptographic Message Syntax [RFC3852] can be used to digitally sign,		Cryptographic Message Syntax [RFC3852] can be used to digitally sign,
	digest, authenticate, or encrypt the asymmetric key format content		digest, authenticate, or encrypt the asymmetric key format content
	type. This document obsoletes [RFC5208].		type. This document obsoletes PKCS#8 v1.2 [RFC5208].
	1.1. Requirements Terminology		1.1. Requirements Terminology
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this		"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
	document are to be interpreted as described in [RFC2119].		document are to be interpreted as described in [RFC2119].
	1.2. ASN.1 Syntax Notation		1.2. ASN.1 Syntax Notation
	The key package is defined using ASN.1 [X.680], [X.681], [X.682], and		The key package is defined using ASN.1 [X.680], [X.681], [X.682], and
	skipping to change at page 3, line 11 ¶		skipping to change at page 3, line 11 ¶
	- Defined Asymmetric Key Package CMS content type.		- Defined Asymmetric Key Package CMS content type.
	- Removed IMPLICIT from aKeyAttrs to align text with module.		- Removed IMPLICIT from aKeyAttrs to align text with module.
	- Added public key to OneAsymmetricKey and added new version number.		- Added public key to OneAsymmetricKey and added new version number.
	- Added that PKCS#9 attributes MAY be supported.		- Added that PKCS#9 attributes MAY be supported.
	- Added Other Considerations section.		- Added Other Considerations section.
	2. Asymmetric Key Package Content Type		2. Asymmetric Key Package CMS Content Type
	The asymmetric key package content type is used to transfer one or		The asymmetric key package CMS content type is used to transfer one
	more plaintext asymmetric keys from one party to another. An		or more plaintext asymmetric keys from one party to another. An
	asymmetric key package MAY be encapsulated in one or more CMS		asymmetric key package MAY be encapsulated in one or more CMS
	protecting content types (see Section 4). This content type MUST be		protecting content types (see Section 4). This content type MUST be
	DER encoded [X.690].		DER encoded [X.690].
	The asymmetric key package content type has the following syntax:		The asymmetric key package content type has the following syntax:
	PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER		PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER
	asymmetric-key-package PKCS7-CONTENT-TYPE ::=		asymmetric-key-package PKCS7-CONTENT-TYPE ::=
	{ AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage }		{ AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage }
	id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::= |		id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::= |
	{ TBD }		{ TBD }
	AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey		AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey
	OneAsymmetricKey ::= SEQUENCE {		OneAsymmetricKey ::= SEQUENCE {
	version Version,		version Version,
	privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,		privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
	privateKey PrivateKey, -- DER encoded		privateKey PrivateKey, -- DER encoded
	aKeyAttrs [0] Attributes OPTIONAL,		attributes [0] Attributes OPTIONAL,
	publicKey [1] PublicKey OPTIONAL }		publicKey [1] PublicKey OPTIONAL }
	PrivateKeyInfo ::= OneAsymmetricKey -- Used in [P12]		PrivateKeyInfo ::= OneAsymmetricKey -- Used in [P12]
	Version ::= INTEGER { v1(0), v2(1) } (v1, v2,...)		Version ::= INTEGER { v1(0), v2(1) } (v1, v2,...)
	PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier		PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
	{ { PrivateKeyAlgorithms } }		{ { PrivateKeyAlgorithms } }
	PrivateKey ::= OCTET STRING		PrivateKey ::= OCTET STRING
	-- Content varies based on type of key. The		-- Content varies based on type of key. The
	-- algorithm identifier dictates the format of		-- algorithm identifier dictates the format of
	-- the key. DSA is INTEGER, ECDSA is INTEGER		-- the key. DSA's is an INTEGER ECDSA's is an
			-- INTEGER, and RSA is as per [RFC3447].
	PublicKey ::= OCTET STRING		PublicKey ::= OCTET STRING
	-- Content varies based on type of key. The		-- Content varies based on type of key. The
	-- algorithm identifier dictates the format of		-- algorithm identifier dictates the format of
	-- the key. DSA is INTEGER, ECDSA is OCTET STRING		-- the key. DSA is an INTEGER, ECDSA is an OCTET
			-- STRING, and RSA is a sequence of two INTEGERs
			-- [PKI-ALG].
	Attributes ::= Set of Attribute		Attributes ::= Set of Attribute
	The AsymmetricKeyPackage contains one or more OneAsymmetricKey		The AsymmetricKeyPackage contains one or more OneAsymmetricKey
	elements. The syntax accommodates keying material attributes (e.g.,		elements. The syntax of OneAsymmetricKey accommodates a version
	certificates), a private key, an optional public key and optional		number, an indication of the algorithm to be used with the private
	asymmetric algorithm parameters. In general, either the public key		key, a private key, and optionally keying material attributes (e.g.,
	or the certificate will be present. In very rare cases will both the		certificates) and a public key. In general, either the public key or
			the certificate will be present. In very rare cases will both the
	public key and the certificate be present as this includes two copies		public key and the certificate be present as this includes two copies
	of the public key. The fields in OneAsymmetricKey are used as		of the public key. The fields in OneAsymmetricKey are used as
	follows:		follows:
	- version identifies version of the asymmetric key package content		- version identifies version of the asymmetric key package content
	structure. For this version of the specification, version MUST be		structure. For this version of the specification, version MUST be
	v1 if the publicKey field is absent and it MUST be set to v2 if the		v1 if the publicKey field is absent and it MUST be set to v2 if the
	publicKey field is present.		publicKey field is present.
	- privateKeyAlgorithm identifies the private key algorithm and		- privateKeyAlgorithm identifies the private key algorithm and
	optionally contains parameters associated with the asymmetric key.		optionally contains parameters associated with the asymmetric key.
	The algorithm is identified by an OID and the parameters format		The algorithm is identified by an OID and the parameters format
	depends on the OID. The value placed in		depends on the OID. The value placed in
	privateKeyAlgorithmIdentifier is the value an originator would		privateKeyAlgorithmIdentifier is the value an originator would
	apply to indicate which algorithm was used.		apply to indicate which algorithm was used.
	- privateKey is an OCTET STRING whose contents are the DER encoded		- privateKey is an OCTET STRING whose contents is the DER encoded
	private key. The interpretation of the contents is defined in the		private key. The interpretation of the contents is defined in the
	registration of the private-key algorithm.		registration of the private-key algorithm.
	- attributes is optional. It contains information corresponding to		- attributes is optional. It contains information corresponding to
	the public key (e.g., certificates). The attributes field uses the		the public key (e.g., certificates). The attributes field uses the
	class ATTRIBUTE which is restricted by the SupportedAttributes		class ATTRIBUTE which is restricted by the SupportedAttributes
	parameterized type. SupportedAttributes is an open ended set in		parameterized type. SupportedAttributes is an open ended set in
	this document. Others documents can constrain these values.		this document. Others documents can constrain these values.
	Attributes from [RFC2985] MAY be supported.		Attributes from [RFC2985] MAY be supported.
	- publicKey is optional. When present, it contains the public key		- publicKey is optional. When present, it contains the public key
	encoded as an OCTET STRING. The structure within the octet string,		encoded as an OCTET STRING. The structure within the octet string,
	if any, depends on the privateKeyAlgorithm.		if any, depends on the privateKeyAlgorithm.
	3. Encrypted Private Key Info		3. Encrypted Private Key Info
	This section gives the syntax for encrypted private-key information,		This section gives the syntax for encrypted private-key information,
	which is used with the [P12].		which is used with [P12].
	Encrypted private-key information shall have ASN.1 type		Encrypted private-key information shall have ASN.1 type
	EncryptedPrivateKeyInfo:		EncryptedPrivateKeyInfo:
	EncryptedPrivateKeyInfo ::= SEQUENCE {		EncryptedPrivateKeyInfo ::= SEQUENCE {
	encryptionAlgorithm EncryptionAlgorithmIdentifier,		encryptionAlgorithm EncryptionAlgorithmIdentifier,
	encryptedData EncryptedData }		encryptedData EncryptedData }
	EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier		EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
	{ { KeyEncryptionAlgorithms } }		{ { KeyEncryptionAlgorithms } }
	EncryptedData ::= OCTET STRING		EncryptedData ::= OCTET STRING
	The EncAsymmetricKeyPackage contains one or more		The EncAsymmetricKeyPackage contains one or more
	EncryptedPrivateKeyInfo elements. The fields in		EncryptedPrivateKeyInfo elements. The fields in
	EncryptedPrivateKeyInfo are used as follows:		EncryptedPrivateKeyInfo are used as follows:
	- encryptionAlgorithm identifies the algorithm under which the		- encryptionAlgorithm identifies the algorithm under which the
	private-key information is encrypted. Implementations MUST the TBD		private-key information is encrypted. Implementations MUST support
	algorithm.		the TBD algorithm.
	- encryptedData is the result of encrypting the private-key		- encryptedData is the result of encrypting the private-key
	information (i.e., the PrivateKeyInfo).		information (i.e., the PrivateKeyInfo).
	The encryption process involves the following two steps:		The encryption process involves the following two steps:
	1. The private-key information is BER encoded, yielding an octet		1. The private-key information is BER encoded, yielding an octet
	string.		string.
	2. The result of step 1 is encrypted with the secret key to give an		2. The result of step 1 is encrypted with the secret key to give an
	octet string, the result of the encryption process.		octet string, the result of the encryption process.
	4. Protecting the AsymmetricKeyPackage		4. Protecting the AsymmetricKeyPackage
	CMS [RFC3852] protecting content types can be used to provide		CMS [RFC3852] and [RFC5083] protecting content types can be used to
	security to the AsymmetricKeyPackage:		provide security to the AsymmetricKeyPackage:
	- SignedData can be used to apply a digital signature to the		- SignedData can be used to apply a digital signature to the
	AsymmetricKeyPackage.		AsymmetricKeyPackage.
	- EncryptedData can be used to encrypt the AsymmetricKeyPackage		- EncryptedData can be used to encrypt the AsymmetricKeyPackage to
	encapsulate the AsymmetricKeyPackage to provide confidentiality but		provide confidentiality but does not distribute the content
	does not distribute the content encryption keys.		encryption keys.
	- EnvelopedData can be used to encrypt the AsymmetricKeyPackage with		- EnvelopedData can be used to encrypt the AsymmetricKeyPackage with
	simple symmetric encryption, where the sender and the receiver		simple symmetric encryption, where the sender and the receiver
	already share the necessary encryption key		already share the necessary encryption key.
	- AuthenticatedData can be used to protect the AsymmetricKeyPackage		- AuthenticatedData can be used to protect the AsymmetricKeyPackage
	with message authentication codes, where key management information		with message authentication codes, where key management information
	is handled in a manner similar to EnvelopedData.		is handled in a manner similar to EnvelopedData.
			- AuthEnvelopedData can be used to protect the AsymmetricKeypackage
			with algorithms that support authenticated encryption, where key
			management information is handled in a manner similar to
			EnvelopedData.
	5. Other Considerations		5. Other Considerations
	This document defines the syntax and the semantics for content types		This document defines the syntax and the semantics for content types
	that exchange asymmetric keys. There are two other standards for		that exchange asymmetric keys. There are two other standards for
	transporting asymmetric private keys:		transporting asymmetric private keys:
	- Personal Information Exchange (PFX) or more commonly referred to as		- Personal Information Exchange (PFX) or more commonly referred to as
	P12 [P12], is a transfer syntax for personal identity information,		P12 [P12], is a transfer syntax for personal identity information,
	including private keys, certificates, miscellaneous secrets, and		including private keys, certificates, miscellaneous secrets, and
	extensions. Both PrivateKeyInfo and EncryptedPrivateKeyInfo can be		extensions. Both PrivateKeyInfo and EncryptedPrivateKeyInfo can be
	skipping to change at page 7, line 30 ¶		skipping to change at page 7, line 48 ¶
	Distinguished Encoding Rules (DER).		Distinguished Encoding Rules (DER).
	8.2. Non-Normative References		8.2. Non-Normative References
	[P12] RSA Laboratories, "PKCS #12 v1.0: Personal Information Exchange		[P12] RSA Laboratories, "PKCS #12 v1.0: Personal Information Exchange
	Syntax", June 1999.		Syntax", June 1999.
	[RFC2985] Nystrom, M., and B. Kaliski, "PKCS #9: Selected Object		[RFC2985] Nystrom, M., and B. Kaliski, "PKCS #9: Selected Object
	Classes and Attribute Types Version 2.0", RFC 2985, November 2000.		Classes and Attribute Types Version 2.0", RFC 2985, November 2000.
			[RFC3447] Jonsson, J., and B. Kaliski, " Public-Key Cryptography
			Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1",
			RFC 3447, February 2003.
	[RFC5208] Kaliski, B., "PKCS #8: Private Key Information Syntax		[RFC5208] Kaliski, B., "PKCS #8: Private Key Information Syntax
	Standard Version 1.2", RFC 5208, May 2008.		Standard Version 1.2", RFC 5208, May 2008.
			[RFC5083] Housley, R., "Cryptographic Message Syntax (CMS)
			Authenticated-Enveloped-Data Content Type", RFC 5083, November 2007.
			[PKI-ALG] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk,
			"Elliptic Curve Cryptography Subject Public Key Information", draft-
			ietf-pkix-ecc-subpubkeyinfo, work-in-progress.
	APPENDIX A: ASN.1 Module		APPENDIX A: ASN.1 Module
	This annex provides the normative ASN.1 definitions for the		This annex provides the normative ASN.1 definitions for the
	structures described in this specification using ASN.1 as defined in		structures described in this specification using ASN.1 as defined in
	[X.680] through [X.683].		[X.680] through [X.683].
	AsymmetricKeyPackageModulev1 { tbd }		AsymmetricKeyPackageModulev1 { tbd }
	DEFINITIONS IMPLICIT TAGS ::=		DEFINITIONS IMPLICIT TAGS ::=
	skipping to change at page 9, line 8 ¶		skipping to change at page 10, line 8 ¶
	{ AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage }		{ AsymmetricKeyPackage IDENTIFIED BY id-ct-KP-aKeyPackage }
	id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::=		id-ct-KP-aKeyPackage OBJECT IDENTIFIER ::=
	{ TBD }		{ TBD }
	AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey		AsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF OneAsymmetricKey
	OneAsymmetricKey ::= SEQUENCE {		OneAsymmetricKey ::= SEQUENCE {
	version Version,		version Version,
	privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,		privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
	privateKey PrivateKey, -- DER encoded		privateKey PrivateKey, -- DER encoded
	aKeyAttrs [0] Attributes OPTIONAL,		attributes [0] Attributes OPTIONAL,
	publicKey [1] PublicKey OPTIONAL }		publicKey [1] PublicKey OPTIONAL }
	PrivateKeyInfo ::= OneAsymmetricKey		PrivateKeyInfo ::= OneAsymmetricKey
	Version ::= INTEGER {v1(0), v2(1)} (v1, v2,...)		Version ::= INTEGER {v1(0), v2(1)} (v1, v2,...)
	PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier		PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
	{ { PrivateKeyAlgorithms } }		{ { PrivateKeyAlgorithms } }
	PrivateKey ::= OCTET STRING -- Content varies based on type of key		PrivateKey ::= OCTET STRING -- Content varies based on type of key
	-- DSA is INTEGER, ECDSA is ECPublicKey		-- DSA is INTEGER, ECDSA is ECPublicKey
	PublicKey ::= OCTET STRING		PublicKey ::= OCTET STRING
	Attributes ::= Set of Attribute { { SupportAttributes } }		Attributes ::= Set of Attribute { { SupportAttributes } }
	SupportedAttributes ATTRIBUTE :: {		SupportedAttributes ATTRIBUTE :: {
	... -- For local profiles		... -- For local profiles
	}		}
	EncAsymmetricKeyPackage ::= SEQUENCE SIZE (1..MAX) OF
	EncryptedPrivateKeyInfo
	EncryptedPrivateKeyInfo ::= SEQUENCE {		EncryptedPrivateKeyInfo ::= SEQUENCE {
	encryptionAlgorithm EncryptionAlgorithmIdentifier,		encryptionAlgorithm EncryptionAlgorithmIdentifier,
	encryptedData EncryptedData }		encryptedData EncryptedData }
	EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier		EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
	{ { KeyEncryptionAlgorithms } }		{ { KeyEncryptionAlgorithms } }
	EncryptedData ::= OCTET STRING -- Encrypted PrivateKeyInfo		EncryptedData ::= OCTET STRING -- Encrypted PrivateKeyInfo
	PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {		PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
End of changes. 26 change blocks.
	35 lines changed or deleted		52 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/