idnits 2.17.1 draft-deremin-rfc4491-bis-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC3279, updated by this document, for RFC5378 checks: 2000-07-21) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 20, 2019) is 1620 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '0' on line 1075 -- Looks like a reference, but probably isn't: '3' on line 1121 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force D. Eremin-Solenikov, Ed. 3 Internet-Draft Mentor Graphics (Ireland) Ltd. 4 Updates: 3279, 4491 (if approved) V. Nikolaev 5 Intended status: Informational CryptoPro 6 Expires: May 23, 2020 A. Chelpanov 7 InfoTeCS JSC 8 November 20, 2019 10 Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms with the 11 Internet X.509 Public Key Infrastructure 12 draft-deremin-rfc4491-bis-02 14 Abstract 16 This document updates RFC 3279 and RFC 4491. It describes encoding 17 formats, identifiers, and parameter formats for the algorithms GOST R 18 34.10-2012 and GOST R 34.11-2012 for use in Internet X.509 Public Key 19 Infrastructure (PKI). 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on May 23, 2020. 38 Copyright Notice 40 Copyright (c) 2019 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 56 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 57 2. Signature algorithm support . . . . . . . . . . . . . . . . . 3 58 3. Hash functions support . . . . . . . . . . . . . . . . . . . 4 59 4. Subject Public Keys Information Fields . . . . . . . . . . . 5 60 4.1. Public Key identifiers . . . . . . . . . . . . . . . . . 5 61 4.2. Public Key parameters . . . . . . . . . . . . . . . . . . 5 62 4.3. Public Key encoding . . . . . . . . . . . . . . . . . . . 6 63 4.4. Key usage extension . . . . . . . . . . . . . . . . . . . 7 64 5. Qualified certificates extensions . . . . . . . . . . . . . . 7 65 5.1. Distinguished Name additions . . . . . . . . . . . . . . 7 66 5.2. Certificate policies . . . . . . . . . . . . . . . . . . 8 67 5.3. Subject Sign Tool . . . . . . . . . . . . . . . . . . . . 8 68 5.4. Issuer Sign Tool . . . . . . . . . . . . . . . . . . . . 8 69 6. Historical Considerations . . . . . . . . . . . . . . . . . . 9 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 71 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 72 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 73 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 74 9.2. Informative References . . . . . . . . . . . . . . . . . 11 75 Appendix A. GostR3410-2012-PKISyntax . . . . . . . . . . . . . . 11 76 Appendix B. Public key parameters . . . . . . . . . . . . . . . 13 77 Appendix C. Test Examples . . . . . . . . . . . . . . . . . . . 14 78 C.1. GOST R 34.10-2001 Test parameters (256 bit private key 79 length) . . . . . . . . . . . . . . . . . . . . . . . . . 14 80 C.1.1. Certificate request . . . . . . . . . . . . . . . . . 14 81 C.1.2. Certificate . . . . . . . . . . . . . . . . . . . . . 16 82 C.1.3. Certificate Revocation List . . . . . . . . . . . . . 17 83 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private 84 key length) . . . . . . . . . . . . . . . . . . . . . . . 18 85 C.2.1. Certificate request . . . . . . . . . . . . . . . . . 19 86 C.2.2. Certificate . . . . . . . . . . . . . . . . . . . . . 20 87 C.2.3. Certificate Revocation List . . . . . . . . . . . . . 21 88 C.3. GOST R 34.10-2012 Test parameters (512 bit private key 89 length) . . . . . . . . . . . . . . . . . . . . . . . . . 22 90 C.3.1. Certificate request . . . . . . . . . . . . . . . . . 23 91 C.3.2. Certificate . . . . . . . . . . . . . . . . . . . . . 24 92 C.3.3. Certificate Revocation List . . . . . . . . . . . . . 26 93 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 27 94 D.1. Elliptic Curve Modulus . . . . . . . . . . . . . . . . . 28 95 D.2. Elliptic Curve Coefficients . . . . . . . . . . . . . . . 28 96 D.3. Elliptic Curve Points Group Order . . . . . . . . . . . . 28 97 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group . 28 98 D.5. Elliptic Curve Point Coordinates . . . . . . . . . . . . 29 99 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 29 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 102 1. Introduction 104 This document supplements [RFC3279]. It describes the conventions 105 for using the GOST R 34.10-2012 [GOSTR3410-2012] (see [RFC7091]) 106 signature algorithm and GOST R 34.11-2012 [GOSTR3411-2012] (see 107 [RFC6986]) hash function in the Internet X.509 Public Key 108 Infrastructure (PKI) [RFC5280]. 110 This specification defines the contents of the signatureAlgorithm, 111 signatureValue, signature, and subjectPublicKeyInfo fields within 112 X.509 Certificates and CRLs. For each algorithm, the appropriate 113 alternatives for the keyUsage certificate extension are provided. 115 1.1. Requirements Language 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 119 document are to be interpreted as described in [RFC2119]. 121 2. Signature algorithm support 123 Conforming CAs MAY use GOST R 34.10-2012 signature algorithm to sign 124 certificates and CRLs. This signature algorithm MUST always be used 125 with GOST R 34.11-2012 hash function. It may use keys length of 126 either 256 bits or 512 bits. 128 The ASN.1 object identifier used to identify GOST R 34.10-2012 129 signature algorithm with 256-bit key length and GOST R 34.11-2012 130 hash function with 256-bit hash code is: 132 id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= 133 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 134 algorithms(1) signwithdigest(3) gost3410-12-256(2)}. 136 GOST R 34.10-2012 signature algorithm with 256-bit key length 137 generates a digital signature in the form of two 256-bit numbers, r 138 and s. Its octet string representation consists of 64 octets, where 139 the first 32 octets contain the big-endian representation of s and 140 the second 32 octets contain the big-endian representation of r. 142 The ASN.1 object identifier used to identify GOST R 34.10-2012 143 signature algorithm with 512-bit key length and GOST R 34.11-2012 144 hash function with 512-bit hash code is: 146 id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= 147 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 148 algorithms(1) signwithdigest(3) gost3410-12-512(3)}. 150 GOST R 34.10-2012 signature algorithm with 512-bit key length 151 generates a digital signature in the form of two 512-bit numbers, r 152 and s. Its octet string representation consists of 128 octets, where 153 the first 64 octets contain the big-endian representation of s and 154 the second 64 octets contain the big-endian representation of r. 156 When either of these OID is used as the algorithm field in an 157 AlgorithmIdentifier structure, the encoding MUST omit the parameters 158 field. 160 The described definition of a signature value is directly usable in 161 CMS [RFC5652], where such values are represented as octet strings. 162 However, signature values in certificates and CRLs [RFC5280] are 163 represented as bit strings, and thus the octet string representation 164 must be converted. 166 To convert an octet string signature value to a bit string, the most 167 significant bit of the first octet of the signature value SHALL 168 become the first bit of the bit string, and so on through the least 169 significant bit of the last octet of the signature value, which SHALL 170 become the last bit of the bit string. 172 3. Hash functions support 174 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 175 function with 256-bit hash code is: 177 id-tc26-digest-gost3411-12-256 OBJECT IDENTIFIER ::= 178 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 179 algorithms(1) digest(2) gost3411-12-256(2)}. 181 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 182 function with 512-bit hash code is: 184 id-tc26-digest-gost3411-12-512 OBJECT IDENTIFIER ::= 185 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 186 algorithms(1) digest(2) gost3411-12-512(3)}. 188 When either of these OID is used as the algorithm field in an 189 AlgorithmIdentifier structure, the encoding MUST omit the parameters 190 field. 192 4. Subject Public Keys Information Fields 194 4.1. Public Key identifiers 196 GOST R 34.10-2012 public keys with 256 bits private key length are 197 identified by the following OID: 199 id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= 200 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 201 algorithms(1) sign(1) gost3410-12-256(1)}. 203 GOST R 34.10-2012 public keys with 512 bits private key length are 204 identified by the following OID: 206 id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= 207 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 208 algorithms(1) sign(1) gost3410-12-512(2)}. 210 4.2. Public Key parameters 212 When either of these identifiers appears as algorithm field in 213 SubjectPublicKeyInfo.algorithm.algorithm field, parameters field MUST 214 have the following structure: 216 GostR3410-2012-PublicKeyParameters ::= SEQUENCE 217 { 218 publicKeyParamSet OBJECT IDENTIFIER, 219 digestParamSet OBJECT IDENTIFIER OPTIONAL 220 } 222 . 224 where: 226 o "publicKeyParamSet" - public key parameters identifier for GOST R 227 34.10-2012 (see Sections 5.1 and 5.2 of [RFC7836] or Appendix B) 228 or GOST R 34.10-2001 (see Section 8.4 of [RFC4357]) parameters. 230 o "digestParamSet" - parameter identifier for corresponding GOST R 231 34.11-2012 (See Section 3). 233 The field digestParamSet: 235 o SHOULD be omitted if GOST R 34.10-2012 signature algorithm is used 236 with 512-bit key length; 238 o MUST be present and must be equal to "id-tc26-digest- 239 gost3411-12-256" if one of the following values is used as 240 "publicKeyParamSet": 242 * "id-GostR3410-2001-CryptoPro-A-ParamSet", 244 * "id-GostR3410-2001-CryptoPro-B-ParamSet", 246 * "id-GostR3410-2001-CryptoPro-C-ParamSet", 248 * "id-GostR3410-2001-CryptoPro-XchA-ParamSet", 250 * "id-GostR3410-2001-CryptoPro-XchB-ParamSet"; 252 o SHOULD be omitted if publicKeyParamSet is equal to: 254 * "id-tc26-gost-3410-2012-256-paramSetA"; 256 o MUST be omitted if one of the following values is used as 257 publicKeyParamSet: 259 * "id-tc26-gost-3410-2012-256-paramSetB", 261 * "id-tc26-gost-3410-2012-256-paramSetC", 263 * "id-tc26-gost-3410-2012-256-paramSetD". 265 4.3. Public Key encoding 267 The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an 268 OCTET STRING. This encoding SHALL be used as the content (i.e., the 269 value) of the subjectPublicKey field (a BIT STRING) of 270 SubjectPublicKeyInfo structure. 272 GostR3410-2012-256-PublicKey ::= OCTET STRING (64), 273 GostR3410-2012-512-PublicKey ::= OCTET STRING (128). 275 "GostR3410-2012-256-PublicKey" MUST contain 64 octets, where the 276 first 32 octets contain the little-endian representation of "x" and 277 the second 32 octets contains the little-endian representation of "y" 278 coordinates of the public key. 280 "GostR3410-2012-512-PublicKey" MUST contain 128 octets, where the 281 first 64 octets contain the little-endian representation of "x" and 282 the second 64 octets contains the little-endian representation of "y" 283 coordinates of the public key. 285 4.4. Key usage extension 287 If the KeyUsage extension is present in a certificate with GOST R 288 34.10-2012 public key, the following values MAY be present: 290 o "digitalSignature" (0), 292 o "contentCommitment" (1), 294 o "keyAgreement" (4), 296 o "keyCertSign" (5), 298 o "cRLSign" (6), 300 o "encipherOnly" (7), 302 o "decipherOnly" (8). 304 Note that "contentCommitment" was named "nonRepudiation" in previous 305 versions of X.509. 307 If the key is going to be used for key agreement, flag "keyAgreement" 308 MUST be present in "KeyUsage" extension with "encipherOnly" and 309 "decipherOnly" flags being optional. However flags "encipherOnly" 310 and "decipherOnly" flags MUST NOT be present simultaneously. 312 5. Qualified certificates extensions 314 This section defines additional object identifiers (OIDs) for use in 315 qualified certificates for checking digital signatures. 317 5.1. Distinguished Name additions 319 OGRN is the main state registration number of juridical entities. 321 OGRN ::= NUMERIC STRING 13 323 Corresponding OID is "1.2.643.100.1". 325 SNILS is the individual insurance account number. 327 SNILS ::= NUMERIC STRING 11 329 Corresponding OID is "1.2.643.100.3". 331 OGRNIP is the main state registration number of individual 332 enterpreneurs. 334 OGRNIP ::= NUMERIC STRING 15 336 Corresponding OID is "1.2.643.100.5". 338 INN is the individual taxpayer number (ITN). 340 INN ::= NUMERIC STRING 12 342 Corresponding OID is "1.2.643.3.131.1.1". 344 5.2. Certificate policies 346 Russian national regulation body for cryptography defines several 347 security levels of cryptographic tools. Depending on the class of 348 cryptographic token used by certificate owner the following OIDs must 349 be included into certificate policies. Certificate should include 350 OIDs starting from the lowest one (KC1) up to the strongest 351 applicable. 353 o "1.2.643.100.113.1" - class KC1, 355 o "1.2.643.100.113.2" - class KC2, 357 o "1.2.643.100.113.3" - class KC3, 359 o "1.2.643.100.113.4" - class KB1, 361 o "1.2.643.100.113.5" - class KB2, 363 o "1.2.643.100.113.6" - class KA1. 365 5.3. Subject Sign Tool 367 To denote the token or software type used by certificate owner 368 following non-critical "SubjectSignTool" extension with OID 369 "1.2.643.100.111" should be included. It is defined as 371 SubjectSignTool ::= UTF8String SIZE(1..200) . 373 5.4. Issuer Sign Tool 374 To denote the tools used to generate key pair and tools used by CA to 375 sign certificate following non-critical "IssuerSignTool" extension 376 with OID "1.2.643.100.112" should be included. It is defined as 378 IssuerSignTool ::= SEQUENCE { 379 signTool UTF8String SIZE(1..200), 380 cATool UTF8String SIZE(1..200), 381 signToolCert UTF8String SIZE(1..100), 382 cAToolCert UTF8String SIZE(1..100) }, 384 where: 386 o "signTool" identifies tools used to create key pair, 388 o "cATool" identifies tools used by certificate authority, 390 o "signToolCert" and "cAToolCert" contain the notice of respective 391 tools conformance to Russian federal law on digital signature. 393 6. Historical Considerations 395 Note that for the significant period of time there were no documents 396 describing "GostR3410-2012-PublicKeyParameters". Several old 397 implementations have used "GostR3410-2001-PublicKeyParameters" 398 instead. These implementations will return an error if 399 "digestParamSet" field is not included into public key parameters. 400 Thus an implementation wishing to collaborate with old 401 implementations might want to include "digestParamSet" equal to "id- 402 tc26-digest-gost3411-12-512" if one of the following values is used 403 as "publicKeyParamSet": 405 o "id-tc26-gost-3410-12-512-paramSetA", 407 o "id-tc26-gost-3410-12-512-paramSetB". 409 7. IANA Considerations 411 This memo includes no request to IANA. 413 8. Security Considerations 415 It is RECOMMENDED that applications verify signature values and 416 subject public keys to conform to [RFC7091] standard prior to their 417 use. 419 It is RECOMMENDED that CAs and applications make sure that the 420 private key for creating signatures is not used for more than its 421 allowed validity period (typically 15 months for GOST R 34.10-2012 422 algorithm). 424 For security discussion concerning use of algorithm parameters, see 425 [ANS17] and the Security Considerations sections in [RFC4357], 426 [RFC7836]. 428 9. References 430 9.1. Normative References 432 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 433 Requirement Levels", BCP 14, RFC 2119, 434 DOI 10.17487/RFC2119, March 1997, 435 . 437 [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and 438 Identifiers for the Internet X.509 Public Key 439 Infrastructure Certificate and Certificate Revocation List 440 (CRL) Profile", RFC 3279, DOI 10.17487/RFC3279, April 441 2002, . 443 [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional 444 Cryptographic Algorithms for Use with GOST 28147-89, GOST 445 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 446 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, 447 . 449 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 450 Housley, R., and W. Polk, "Internet X.509 Public Key 451 Infrastructure Certificate and Certificate Revocation List 452 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 453 . 455 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 456 RFC 5652, DOI 10.17487/RFC5652, September 2009, 457 . 459 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: 460 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 461 2013, . 463 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: 464 Digital Signature Algorithm", RFC 7091, 465 DOI 10.17487/RFC7091, December 2013, 466 . 468 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., 469 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines 470 on the Cryptographic Algorithms to Accompany the Usage of 471 Standards GOST R 34.10-2012 and GOST R 34.11-2012", 472 RFC 7836, DOI 10.17487/RFC7836, March 2016, 473 . 475 9.2. Informative References 477 [ANS17] Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the 478 security properties of Russian standardized elliptic 479 curves.", Mathematical Aspects of Cryptography 9:3. P. 480 5-32., DOI 10.4213/mvk260, 2018. 482 [GOSTR3410-2012] 483 Federal Agency on Technical Regulating and Metrology, 484 "Information technology. Cryptographic data security. 485 Signature and verification processes of [electronic] 486 digital signature", GOST R 34.10-2012, 2012. 488 [GOSTR3411-2012] 489 Federal Agency on Technical Regulating and Metrology, 490 "Information technology. Cryptographic Data Security. 491 Hashing function", GOST R 34.11-2012, 2012. 493 Appendix A. GostR3410-2012-PKISyntax 495 GostR3410-2012-PKISyntax 496 { iso(1) member-body(2) ru(643) rosstandart(7) 497 tc26(1) modules(0) gostR3411-2012-PKISyntax(2) } 499 DEFINITIONS ::= 500 BEGIN 501 -- EXPORTS All -- 503 -- ASN.1 TC 26 root 504 id-tc26 OBJECT IDENTIFIER ::= 505 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } 507 -- Signature algorithm 508 id-tc26-sign OBJECT IDENTIFIER ::= 509 { id-tc26 algorithms(1) sign(1) } 511 -- Signature algorithm parameters 512 id-tc26-sign-constants OBJECT IDENTIFIER ::= 513 { id-tc26 constants(2) sign(1) } 515 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters 516 id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= 517 { id-tc26-sign-constants gost-3410-2012-256(1) } 519 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters 520 id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= 521 { id-tc26-sign-constants gost-3410-2012-512(2) } 523 -- GOST R 34.10-2012 / 256 bits signature algorithm 524 id-tc26-gost3410-2012-256 OBJECT IDENTIFIER ::= 525 { id-tc26-sign gost3410-2012-256(1) } 527 -- GOST R 34.10-2012 / 512 bits signature algorithm 528 id-tc26-gost3410-2012-512 OBJECT IDENTIFIER ::= 529 { id-tc26-sign gost3410-2012-512(2) } 531 -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits 532 -- with GOST R 34.11-2012 533 id-tc26-signwithdigest-gost3410-2012-256 OBJECT IDENTIFIER ::= 534 { id-tc26-signwithdigest gost3410-2012-256(2) } 536 -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits 537 -- with GOST R 34.11-2012 538 id-tc26-signwithdigest-gost3410-2012-512 OBJECT IDENTIFIER ::= 539 { id-tc26-signwithdigest gost3410-2012-512(3) } 541 -- GOST R 34.10-2012 / 256 bits Signature algorithm parameters ID: 542 -- "Set A" 543 id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= 544 { id-tc26-gost-3410-2012-256-constants paramSetA(1) } 546 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 547 -- "Set B" 548 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 549 { id-tc26-gost-3410-2012-256-constants paramSetB(2) } 551 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 552 -- "Set C" 553 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 554 { id-tc26-gost-3410-2012-256-constants paramSetC(3) } 556 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 557 -- "Set D" 558 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 559 { id-tc26-gost-3410-2012-256-constants paramSetD(4) } 561 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 562 -- "Test set" 563 id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= 564 { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } 566 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 567 -- "Set A" 568 id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= 569 { id-tc26-gost-3410-2012-512-constants paramSetA(1) } 571 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 572 -- "Set B" 573 id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= 574 { id-tc26-gost-3410-2012-512-constants paramSetB(2) } 576 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 577 -- "Set C" 578 id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= 579 { id-tc26-gost-3410-2012-512-constants paramSetC(3) } 581 -- Public key GOST R 34.10-2012 / 256 bits 582 GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) 583 -- Public key GOST R 34.10-2012 / 512 bits 584 GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) 585 -- Public key GOST R 34.10-2012 586 GostR3410-PublicKey ::= OCTET STRING (SIZE (64 | 128)) 588 -- Public key parameters GOST R 34.10-2012 589 GostR3410-2012-PublicKeyParameters ::= 590 SEQUENCE { 591 publicKeyParamSet OBJECT IDENTIFIER, 592 digestParamSet OBJECT IDENTIFIER OPTIONAL 593 } 595 END -- GostR3410-2012-PKISyntax 597 Appendix B. Public key parameters 599 Here we define three new object identifiers for three existing public 600 key parameter sets defined in [RFC4357]. These object identifiers 601 MUST be used with GOST R 34.10-2012 public keys only. 603 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 604 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 605 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 606 gost-3410-12-256-constants(1) paramSetB(2)}. 608 The elliptic curve of this parameter set is the same as of id- 609 GostR3410-2001-CryptoPro-A-ParamSet which can be found in [RFC4357]. 611 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 612 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 613 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 614 gost-3410-12-256-constants(1) paramSetC(3)}. 616 The elliptic curve of this parameter set is the same as of id- 617 GostR3410-2001-CryptoPro-B-ParamSet which can be found in [RFC4357]. 619 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 620 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 621 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 622 gost-3410-12-256-constants(1) paramSetD(4)}. 624 The elliptic curve of this parameter set is the same as of id- 625 GostR3410-2001-CryptoPro-C-ParamSet which can be found in [RFC4357]. 627 Appendix C. Test Examples 629 C.1. GOST R 34.10-2001 Test parameters (256 bit private key length) 631 This example uses curve defined in Section 7.1 of [RFC7091]. 633 Private key is 635 d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 637 Public key is 639 X = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B 640 Y = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA 642 C.1.1. Certificate request 643 -----BEGIN CERTIFICATE REQUEST----- 644 MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq 645 hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b 646 cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB 647 AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN 648 ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== 649 -----END CERTIFICATE REQUEST----- 651 0 211: SEQUENCE { 652 3 129: SEQUENCE { 653 6 1: INTEGER 0 654 9 18: SEQUENCE { 655 11 16: SET { 656 13 14: SEQUENCE { 657 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) 658 20 7: PrintableString 'Example' 659 : } 660 : } 661 : } 662 29 102: SEQUENCE { 663 31 31: SEQUENCE { 664 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 665 43 19: SEQUENCE { 666 45 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 667 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 668 : } 669 : } 670 64 67: BIT STRING, encapsulates { 671 67 64: OCTET STRING 672 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 673 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 674 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 675 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 676 : } 677 : } 678 133 0: [0] {} 679 : } 680 135 10: SEQUENCE { 681 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 682 : } 683 147 65: BIT STRING 684 : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 685 : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A 686 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 687 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 688 : } 690 C.1.2. Certificate 692 -----BEGIN CERTIFICATE----- 693 MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 694 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 695 YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv 696 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 697 lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB 698 AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k 699 GXQFNVSkJ2e4OtBD/TncBJM= 700 -----END CERTIFICATE----- 702 0 301: SEQUENCE { 703 4 219: SEQUENCE { 704 7 3: [0] { 705 9 1: INTEGER 2 706 : } 707 12 1: INTEGER 10 708 15 10: SEQUENCE { 709 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 710 : } 711 27 18: SEQUENCE { 712 29 16: SET { 713 31 14: SEQUENCE { 714 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 715 38 7: PrintableString 'Example' 716 : } 717 : } 718 : } 719 47 32: SEQUENCE { 720 49 13: UTCTime 01/01/2001 00:00:00 GMT 721 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 722 : } 723 81 18: SEQUENCE { 724 83 16: SET { 725 85 14: SEQUENCE { 726 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 727 92 7: PrintableString 'Example' 728 : } 729 : } 730 : } 731 101 102: SEQUENCE { 732 103 31: SEQUENCE { 733 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 734 115 19: SEQUENCE { 735 117 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 736 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 737 : } 738 : } 739 136 67: BIT STRING, encapsulates { 740 139 64: OCTET STRING 741 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 742 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 743 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 744 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 745 : } 746 : } 747 205 19: [3] { 748 207 17: SEQUENCE { 749 209 15: SEQUENCE { 750 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 751 216 1: BOOLEAN TRUE 752 219 5: OCTET STRING, encapsulates { 753 221 3: SEQUENCE { 754 223 1: BOOLEAN TRUE 755 : } 756 : } 757 : } 758 : } 759 : } 760 : } 761 226 10: SEQUENCE { 762 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 763 : } 764 238 65: BIT STRING 765 : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF 766 : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C 767 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 768 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 769 : } 771 C.1.3. Certificate Revocation List 772 -----BEGIN X509 CRL----- 773 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 774 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ 775 RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD 776 /TncBJM= 777 -----END X509 CRL----- 779 0 146: SEQUENCE { 780 3 65: SEQUENCE { 781 5 1: INTEGER 1 782 8 10: SEQUENCE { 783 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 784 : } 785 20 18: SEQUENCE { 786 22 16: SET { 787 24 14: SEQUENCE { 788 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 789 31 7: PrintableString 'Example' 790 : } 791 : } 792 : } 793 40 13: UTCTime 01/01/2014 00:00:00 GMT 794 55 13: UTCTime 02/01/2014 00:00:00 GMT 795 : } 796 70 10: SEQUENCE { 797 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 798 : } 799 82 65: BIT STRING 800 : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F 801 : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 802 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 803 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 804 : } 806 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private key 807 length) 809 This example uses curve defined in Section A.2 of [RFC7836]. 811 Private key is 813 d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 815 Public key is 817 X = 0x99C3DF265EA59350640BA69D1DE04418AF3FEA03EC0F85F2DD84E8BED4952774 818 Y = 0xE218631A69C47C122E2D516DA1C09E6BD19344D94389D1F16C0C4D4DCF96F578 820 C.2.1. Certificate request 822 -----BEGIN CERTIFICATE REQUEST----- 823 MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF 824 AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP 825 TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq 826 Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH 827 em9bOg4Jcxjnrm7naQ== 828 -----END CERTIFICATE REQUEST----- 830 0 202: SEQUENCE { 831 3 121: SEQUENCE { 832 5 1: INTEGER 0 833 8 18: SEQUENCE { 834 10 16: SET { 835 12 14: SEQUENCE { 836 14 3: OBJECT IDENTIFIER commonName (2 5 4 3) 837 19 7: PrintableString 'Example' 838 : } 839 : } 840 : } 841 28 94: SEQUENCE { 842 30 23: SEQUENCE { 843 32 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 844 42 11: SEQUENCE { 845 44 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 846 : } 847 : } 848 55 67: BIT STRING, encapsulates { 849 58 64: OCTET STRING 850 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 851 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 852 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 853 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 854 : } 855 : } 856 124 0: [0] {} 857 : } 858 126 10: SEQUENCE { 859 128 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 860 : } 861 138 65: BIT STRING 862 : 1B DC 2A 13 17 67 9B 66 23 2F 63 EA 16 FF 7C 64 863 : CC AA B9 AD 85 5F C6 E1 80 91 66 1D B7 9D 48 12 864 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 865 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 866 : } 868 C.2.2. Certificate 870 -----BEGIN CERTIFICATE----- 871 MIIBJTCB06ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 872 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 873 YW1wbGUwXjAXBggqhQMHAQEBATALBgkqhQMHAQIBAQEDQwAEQHQnldS+6ITd8oUP 874 7APqP68YROAdnaYLZFCTpV4m38OZePWWz01NDGzx0YlD2UST0WuewKFtUS0uEnzE 875 aRpjGOKjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoUDBwEBAwIDQQAUC02pEksJ 876 yw1c6Sjuh0JzoxASlJLsDik2njt5EkhXjB0OHaW+NHxvG1JWx66sIArWSsd6b1s6 877 DglzGOeubudp 878 -----END CERTIFICATE----- 880 0 293: SEQUENCE { 881 4 211: SEQUENCE { 882 7 3: [0] { 883 9 1: INTEGER 2 884 : } 885 12 1: INTEGER 10 886 15 10: SEQUENCE { 887 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 888 : } 889 27 18: SEQUENCE { 890 29 16: SET { 891 31 14: SEQUENCE { 892 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 893 38 7: PrintableString 'Example' 894 : } 895 : } 896 : } 897 47 32: SEQUENCE { 898 49 13: UTCTime 01/01/2001 00:00:00 GMT 899 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 900 : } 901 81 18: SEQUENCE { 902 83 16: SET { 903 85 14: SEQUENCE { 904 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 905 92 7: PrintableString 'Example' 906 : } 907 : } 908 : } 909 101 94: SEQUENCE { 910 103 23: SEQUENCE { 911 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 912 115 11: SEQUENCE { 913 117 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 914 : } 915 : } 917 128 67: BIT STRING, encapsulates { 918 131 64: OCTET STRING 919 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 920 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 921 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 922 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 923 : } 924 : } 925 197 19: [3] { 926 199 17: SEQUENCE { 927 201 15: SEQUENCE { 928 203 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 929 208 1: BOOLEAN TRUE 930 211 5: OCTET STRING, encapsulates { 931 213 3: SEQUENCE { 932 215 1: BOOLEAN TRUE 933 : } 934 : } 935 : } 936 : } 937 : } 938 : } 939 218 10: SEQUENCE { 940 220 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 941 : } 942 230 65: BIT STRING 943 : 14 0B 4D A9 12 4B 09 CB 0D 5C E9 28 EE 87 42 73 944 : A3 10 12 94 92 EC 0E 29 36 9E 3B 79 12 48 57 8C 945 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 946 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 947 : } 949 C.2.3. Certificate Revocation List 950 -----BEGIN X509 CRL----- 951 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 952 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBABS9aAh8O5A8eqKL 953 B/6y571v4JY/VjJnNZ9c2Oq0UFmtHQ4dpb40fG8bUlbHrqwgCtZKx3pvWzoOCXMY 954 565u52k= 955 -----END X509 CRL----- 957 0 146: SEQUENCE { 958 3 65: SEQUENCE { 959 5 1: INTEGER 1 960 8 10: SEQUENCE { 961 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 962 : } 963 20 18: SEQUENCE { 964 22 16: SET { 965 24 14: SEQUENCE { 966 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 967 31 7: PrintableString 'Example' 968 : } 969 : } 970 : } 971 40 13: UTCTime 01/01/2014 00:00:00 GMT 972 55 13: UTCTime 02/01/2014 00:00:00 GMT 973 : } 974 70 10: SEQUENCE { 975 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 976 : } 977 82 65: BIT STRING 978 : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD 979 : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD 980 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 981 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 982 : } 984 C.3. GOST R 34.10-2012 Test parameters (512 bit private key length) 986 This example uses curve defined in Appendix D. 988 Private key is 990 d = 0x0BA6048AADAE241BA40936D47756D7C93091A0E8514669700EE7508E508B1020\\ 991 72E8123B2200A0563322DAD2827E2714A2636B7BFD18AADFC62967821FA18DD4 993 Public key is 995 X = 0x115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1815B5C320C854621DD\\ 996 5A515856D13314AF69BC5B924C8B4DDFF75C45415C1D9DD9DD33612CD530EFE1 997 Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0E2634FA0503B3D52639F5D7FB72AFD61\\ 998 EA199441D943FFE7F0C70A2759A3CDB84C114E1F9339FDF27F35ECA93677BEEC 1000 C.3.1. Certificate request 1002 -----BEGIN CERTIFICATE REQUEST----- 1003 MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG 1004 CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR 1005 Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R 1006 TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH 1007 N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q 1008 wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e 1009 PGie5RKjyC7g3MJkPHjuqPys01SSVYSGsg8cnsGXyQaZhQJgyTvLzZxcMxfhk0Th 1010 c642 1011 -----END CERTIFICATE REQUEST----- 1013 0 335: SEQUENCE { 1014 4 188: SEQUENCE { 1015 7 1: INTEGER 0 1016 10 18: SEQUENCE { 1017 12 16: SET { 1018 14 14: SEQUENCE { 1019 16 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1020 21 7: PrintableString 'Example' 1021 : } 1022 : } 1023 : } 1024 30 160: SEQUENCE { 1025 33 23: SEQUENCE { 1026 35 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1027 45 11: SEQUENCE { 1028 47 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1029 : } 1030 : } 1031 58 132: BIT STRING, encapsulates { 1032 62 128: OCTET STRING 1033 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1034 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1035 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1036 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1037 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1038 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1039 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1040 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1041 : } 1042 : } 1043 193 0: [0] {} 1044 : } 1045 195 10: SEQUENCE { 1046 197 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1047 : } 1048 207 129: BIT STRING 1049 : 43 3B 1D 6C E4 0A 51 F1 E5 73 7E B1 6A A2 C6 83 1050 : 82 9A 40 5B 9D 91 27 E2 12 60 FC 9D 6A C0 5D 87 1051 : BF 24 E2 6C 45 27 8A 5C 21 92 A7 5B A9 49 93 AB 1052 : D6 07 4E 7F F1 BF 03 FD 2F 53 97 AF A1 D9 45 58 1053 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1054 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1055 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1056 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1057 : } 1059 C.3.2. Certificate 1061 -----BEGIN CERTIFICATE----- 1062 MIIBqjCCARagAwIBAgIBCzAKBggqhQMHAQEDAzASMRAwDgYDVQQDEwdFeGFtcGxl 1063 MCAXDTAxMDEwMTAwMDAwMFoYDzIwNTAxMjMxMDAwMDAwWjASMRAwDgYDVQQDEwdF 1064 eGFtcGxlMIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz 1065 3dmdHVxBRVz3302LTJJbvGmvFDPRVlhRWt0hRoUMMlxbgcEzvmVaqMTUQOe5io1Z 1066 SHsMdpa8xV0R7L53NqnsNX/y/TmTH04RTLjNo1knCsfw5/9D2UGUGeph/Sq3f12f 1067 Y1I9O1CgT2PioM9Rt8E63CFWDwvUDMnHN6MTMBEwDwYDVR0TAQH/BAUwAwEB/zAK 1068 BggqhQMHAQEDAwOBgQBBVwPYkvGl8/aMQ1MYmn7iB7gLVjHvnUlSmk1rVCws+hWq 1069 LqzxH0cP3n2VSFaQPDX9j5Ve8wDZXHdTSnJKDu5wL4b6YKCBCRoj3XleHjxonuUS 1070 o8gu4NzCZDx47qj8rNNUklWEhrIPHJ7Bl8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1071 -----END CERTIFICATE----- 1073 0 426: SEQUENCE { 1074 4 278: SEQUENCE { 1075 8 3: [0] { 1076 10 1: INTEGER 2 1077 : } 1078 13 1: INTEGER 11 1079 16 10: SEQUENCE { 1080 18 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1081 : } 1082 28 18: SEQUENCE { 1083 30 16: SET { 1084 32 14: SEQUENCE { 1085 34 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1086 39 7: PrintableString 'Example' 1087 : } 1088 : } 1089 : } 1090 48 32: SEQUENCE { 1091 50 13: UTCTime 01/01/2001 00:00:00 GMT 1092 65 15: GeneralizedTime 31/12/2050 00:00:00 GMT 1093 : } 1094 82 18: SEQUENCE { 1095 84 16: SET { 1096 86 14: SEQUENCE { 1097 88 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1098 93 7: PrintableString 'Example' 1099 : } 1100 : } 1101 : } 1102 102 160: SEQUENCE { 1103 105 23: SEQUENCE { 1104 107 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1105 117 11: SEQUENCE { 1106 119 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1107 : } 1108 : } 1109 130 132: BIT STRING, encapsulates { 1110 134 128: OCTET STRING 1111 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1112 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1113 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1114 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1115 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1116 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1117 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1118 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1119 : } 1120 : } 1121 265 19: [3] { 1122 267 17: SEQUENCE { 1123 269 15: SEQUENCE { 1124 271 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1125 276 1: BOOLEAN TRUE 1126 279 5: OCTET STRING, encapsulates { 1127 281 3: SEQUENCE { 1128 283 1: BOOLEAN TRUE 1129 : } 1130 : } 1131 : } 1132 : } 1133 : } 1134 : } 1135 286 10: SEQUENCE { 1136 288 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1137 : } 1138 298 129: BIT STRING 1139 : 41 57 03 D8 92 F1 A5 F3 F6 8C 43 53 18 9A 7E E2 1140 : 07 B8 0B 56 31 EF 9D 49 52 9A 4D 6B 54 2C 2C FA 1141 : 15 AA 2E AC F1 1F 47 0F DE 7D 95 48 56 90 3C 35 1142 : FD 8F 95 5E F3 00 D9 5C 77 53 4A 72 4A 0E EE 70 1143 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1144 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1145 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1146 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1147 : } 1149 C.3.3. Certificate Revocation List 1150 -----BEGIN X509 CRL----- 1151 MIHTMEECAQEwCgYIKoUDBwEBAwMwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 1152 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAwOBgQA6E/t67NtVYO72 1153 E3z8XdZGkXMuv7NpCh/Ax+ik7uoIMH1kjU3AmGxGqHs/vkx69C6jQ1nHlZVMo5/z 1154 q77ZBR9NL4b6YKCBCRoj3XleHjxonuUSo8gu4NzCZDx47qj8rNNUklWEhrIPHJ7B 1155 l8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1156 -----END X509 CRL----- 1158 0 211: SEQUENCE { 1159 3 65: SEQUENCE { 1160 5 1: INTEGER 1 1161 8 10: SEQUENCE { 1162 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1163 : } 1164 20 18: SEQUENCE { 1165 22 16: SET { 1166 24 14: SEQUENCE { 1167 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1168 31 7: PrintableString 'Example' 1169 : } 1170 : } 1171 : } 1172 40 13: UTCTime 01/01/2014 00:00:00 GMT 1173 55 13: UTCTime 02/01/2014 00:00:00 GMT 1174 : } 1175 70 10: SEQUENCE { 1176 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1177 : } 1178 82 129: BIT STRING 1179 : 3A 13 FB 7A EC DB 55 60 EE F6 13 7C FC 5D D6 46 1180 : 91 73 2E BF B3 69 0A 1F C0 C7 E8 A4 EE EA 08 30 1181 : 7D 64 8D 4D C0 98 6C 46 A8 7B 3F BE 4C 7A F4 2E 1182 : A3 43 59 C7 95 95 4C A3 9F F3 AB BE D9 05 1F 4D 1183 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1184 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1185 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1186 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1187 : } 1189 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 1191 The following parameters must be used for digital signature 1192 generation and verification. 1194 D.1. Elliptic Curve Modulus 1196 The following value is assigned to parameter p in this example: 1198 p = 36239861022290036359077887536838743060213209255346786050\\ 1199 8654615045085616662400248258848202227149685402509082360305\\ 1200 8735163734263822371964987228582907372403, 1202 p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1203 F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373. 1205 D.2. Elliptic Curve Coefficients 1207 Parameters a and b take the following values in this example: 1209 a = 7, 1211 a = 0x7, 1213 b = 1518655069210828534508950034714043154928747527740206436\\ 1214 1940188233528099824437937328297569147859746748660416053978836775\\ 1215 96626326413990136959047435811826396, 1217 b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC4\\ 1218 361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC. 1220 D.3. Elliptic Curve Points Group Order 1222 Parameter m takes the following value in this example: 1224 m = 36239861022290036359077887536838743060213209255346786050865461\\ 1225 504508561666239691648983050328630684999614040794379365854558651922\\ 1226 12970734808812618120619743, 1228 m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1229 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1231 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group 1233 Parameter q takes the following value in this example: 1235 q = 36239861022290036359077887536838743060213209255346786050865461\\ 1236 504508561666239691648983050328630684999614040794379365854558651922\\ 1237 12970734808812618120619743, 1239 q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1240 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1242 D.5. Elliptic Curve Point Coordinates 1244 Point P coordinates take the following values in this example: 1246 x = 1928356944067022849399309401243137598997786635459507974357075491\\ 1247 307766592685835441065557681003184874819658004903212332884252335830\\ 1248 250729527632383493573274, 1250 x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762\\ 1251 FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A, 1253 y = 22887286933719728599700121555294784163535623273295061803\\ 1254 144974259311028603015728141419970722717088070665938506503341523818\\ 1255 57347798885864807605098724013854, 1257 y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2\\ 1258 C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E. 1260 Appendix E. Contributors 1262 o Semen Pianov 1263 InfoTeCS JSC 1264 Semen.Pianov@infotecs.ru 1266 o Ekaterina Karelina 1267 InfoTeCS JSC 1268 Ekaterina.Karelina@infotecs.ru 1270 o Dmitry Belyavsky 1271 Cryptocom 1272 beldmit@gmail.com 1274 Authors' Addresses 1276 Dmitry Eremin-Solenikov (editor) 1277 Mentor Graphics (Ireland) Ltd. 1278 Pevchesky lane, 12 1279 Saint-Petersburg 197046 1280 Russian Federation 1282 Email: dbaryshkov@gmail.com 1283 Vasily Nikolaev 1284 CryptoPro 1285 18, Suschevsky val 1286 Moscow 127018 1287 Russian Federation 1289 Phone: +7 (495) 995-48-20 1290 Email: nikolaev@cryptopro.ru 1292 Aleksandr Chelpanov 1293 InfoTeCS JSC 1294 Bldg. 1, 1/23, Stary Petrovsko-Razumovskiy Proezd 1295 Moscow 127287 1296 Russian Federation 1298 Phone: +7 (495) 737-61-92 1299 Email: Aleksandr.Chelpanov@infotecs.ru