idnits 2.17.1 draft-deremin-rfc4491-bis-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 20, 2020) is 1520 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '0' on line 1065 -- Looks like a reference, but probably isn't: '3' on line 1111 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force D. Baryshkov, Ed. 3 Internet-Draft Mentor Graphics (Ireland) Ltd. 4 Intended status: Informational V. Nikolaev 5 Expires: August 23, 2020 CryptoPro 6 A. Chelpanov 7 InfoTeCS JSC 8 February 20, 2020 10 Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms with the 11 Internet X.509 Public Key Infrastructure 12 draft-deremin-rfc4491-bis-04 14 Abstract 16 This document describes encoding formats, identifiers, and parameter 17 formats for the algorithms GOST R 34.10-2012 and GOST R 34.11-2012 18 for use in Internet X.509 Public Key Infrastructure (PKI). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on August 23, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 56 2. Signature algorithm support . . . . . . . . . . . . . . . . . 3 57 3. Hash functions support . . . . . . . . . . . . . . . . . . . 4 58 4. Subject Public Keys Information Fields . . . . . . . . . . . 5 59 4.1. Public Key identifiers . . . . . . . . . . . . . . . . . 5 60 4.2. Public Key parameters . . . . . . . . . . . . . . . . . . 5 61 4.3. Public Key encoding . . . . . . . . . . . . . . . . . . . 6 62 4.4. Key usage extension . . . . . . . . . . . . . . . . . . . 7 63 5. Qualified certificates extensions . . . . . . . . . . . . . . 7 64 5.1. Distinguished Name additions . . . . . . . . . . . . . . 7 65 5.2. Certificate policies . . . . . . . . . . . . . . . . . . 8 66 5.3. Subject Sign Tool . . . . . . . . . . . . . . . . . . . . 8 67 5.4. Issuer Sign Tool . . . . . . . . . . . . . . . . . . . . 8 68 6. Historical Considerations . . . . . . . . . . . . . . . . . . 9 69 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 70 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 73 9.2. Informative References . . . . . . . . . . . . . . . . . 11 74 Appendix A. GostR3410-2012-PKISyntax . . . . . . . . . . . . . . 11 75 Appendix B. Public key parameters . . . . . . . . . . . . . . . 13 76 Appendix C. Test Examples . . . . . . . . . . . . . . . . . . . 14 77 C.1. GOST R 34.10-2001 Test parameters (256 bit private key 78 length) . . . . . . . . . . . . . . . . . . . . . . . . . 14 79 C.1.1. Certificate request . . . . . . . . . . . . . . . . . 14 80 C.1.2. Certificate . . . . . . . . . . . . . . . . . . . . . 16 81 C.1.3. Certificate Revocation List . . . . . . . . . . . . . 17 82 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private 83 key length) . . . . . . . . . . . . . . . . . . . . . . . 18 84 C.2.1. Certificate request . . . . . . . . . . . . . . . . . 19 85 C.2.2. Certificate . . . . . . . . . . . . . . . . . . . . . 20 86 C.2.3. Certificate Revocation List . . . . . . . . . . . . . 21 87 C.3. GOST R 34.10-2012 Test parameters (512 bit private key 88 length) . . . . . . . . . . . . . . . . . . . . . . . . . 22 89 C.3.1. Certificate request . . . . . . . . . . . . . . . . . 23 90 C.3.2. Certificate . . . . . . . . . . . . . . . . . . . . . 24 91 C.3.3. Certificate Revocation List . . . . . . . . . . . . . 26 92 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 27 93 D.1. Elliptic Curve Modulus . . . . . . . . . . . . . . . . . 28 94 D.2. Elliptic Curve Coefficients . . . . . . . . . . . . . . . 28 95 D.3. Elliptic Curve Points Group Order . . . . . . . . . . . . 28 96 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group . 28 97 D.5. Elliptic Curve Point Coordinates . . . . . . . . . . . . 29 98 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 29 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 101 1. Introduction 103 This document describes the conventions for using the GOST R 104 34.10-2012 [GOSTR3410-2012] (see [RFC7091]) signature algorithm and 105 GOST R 34.11-2012 [GOSTR3411-2012] (see [RFC6986]) hash function in 106 the Internet X.509 Public Key Infrastructure (PKI) [RFC5280]. 108 This specification defines the contents of the signatureAlgorithm, 109 signatureValue, signature, and subjectPublicKeyInfo fields within 110 X.509 Certificates and CRLs. For each algorithm, the appropriate 111 alternatives for the keyUsage certificate extension are provided. 113 1.1. Requirements Language 115 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 116 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 117 document are to be interpreted as described in [RFC2119]. 119 2. Signature algorithm support 121 Conforming CAs MAY use GOST R 34.10-2012 signature algorithm to sign 122 certificates and CRLs. This signature algorithm MUST always be used 123 with GOST R 34.11-2012 hash function. It may use keys length of 124 either 256 bits or 512 bits. 126 The ASN.1 object identifier used to identify GOST R 34.10-2012 127 signature algorithm with 256-bit key length and GOST R 34.11-2012 128 hash function with 256-bit hash code is: 130 id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= 131 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 132 algorithms(1) signwithdigest(3) gost3410-12-256(2)}. 134 GOST R 34.10-2012 signature algorithm with 256-bit key length 135 generates a digital signature in the form of two 256-bit numbers, r 136 and s. Its octet string representation consists of 64 octets, where 137 the first 32 octets contain the big-endian representation of s and 138 the second 32 octets contain the big-endian representation of r. 140 The ASN.1 object identifier used to identify GOST R 34.10-2012 141 signature algorithm with 512-bit key length and GOST R 34.11-2012 142 hash function with 512-bit hash code is: 144 id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= 145 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 146 algorithms(1) signwithdigest(3) gost3410-12-512(3)}. 148 GOST R 34.10-2012 signature algorithm with 512-bit key length 149 generates a digital signature in the form of two 512-bit numbers, r 150 and s. Its octet string representation consists of 128 octets, where 151 the first 64 octets contain the big-endian representation of s and 152 the second 64 octets contain the big-endian representation of r. 154 When either of these OID is used as the algorithm field in an 155 AlgorithmIdentifier structure, the encoding MUST omit the parameters 156 field. 158 The described definition of a signature value is directly usable in 159 CMS [RFC5652], where such values are represented as octet strings. 160 However, signature values in certificates and CRLs [RFC5280] are 161 represented as bit strings, and thus the octet string representation 162 must be converted. 164 To convert an octet string signature value to a bit string, the most 165 significant bit of the first octet of the signature value SHALL 166 become the first bit of the bit string, and so on through the least 167 significant bit of the last octet of the signature value, which SHALL 168 become the last bit of the bit string. 170 3. Hash functions support 172 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 173 function with 256-bit hash code is: 175 id-tc26-digest-gost3411-12-256 OBJECT IDENTIFIER ::= 176 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 177 algorithms(1) digest(2) gost3411-12-256(2)}. 179 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 180 function with 512-bit hash code is: 182 id-tc26-digest-gost3411-12-512 OBJECT IDENTIFIER ::= 183 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 184 algorithms(1) digest(2) gost3411-12-512(3)}. 186 When either of these OID is used as the algorithm field in an 187 AlgorithmIdentifier structure, the encoding MUST omit the parameters 188 field. 190 4. Subject Public Keys Information Fields 192 4.1. Public Key identifiers 194 GOST R 34.10-2012 public keys with 256 bits private key length are 195 identified by the following OID: 197 id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= 198 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 199 algorithms(1) sign(1) gost3410-12-256(1)}. 201 GOST R 34.10-2012 public keys with 512 bits private key length are 202 identified by the following OID: 204 id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= 205 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 206 algorithms(1) sign(1) gost3410-12-512(2)}. 208 4.2. Public Key parameters 210 When either of these identifiers appears as algorithm field in 211 SubjectPublicKeyInfo.algorithm.algorithm field, parameters field MUST 212 have the following structure: 214 GostR3410-2012-PublicKeyParameters ::= SEQUENCE 215 { 216 publicKeyParamSet OBJECT IDENTIFIER, 217 digestParamSet OBJECT IDENTIFIER OPTIONAL 218 } 220 . 222 where: 224 o "publicKeyParamSet" - public key parameters identifier for GOST R 225 34.10-2012 (see Sections 5.1 and 5.2 of [RFC7836] or Appendix B) 226 or GOST R 34.10-2001 (see Section 8.4 of [RFC4357]) parameters. 228 o "digestParamSet" - parameter identifier for corresponding GOST R 229 34.11-2012 (See Section 3). 231 The field digestParamSet: 233 o SHOULD be omitted if GOST R 34.10-2012 signature algorithm is used 234 with 512-bit key length; 236 o MUST be present and must be equal to "id-tc26-digest- 237 gost3411-12-256" if one of the following values is used as 238 "publicKeyParamSet": 240 * "id-GostR3410-2001-CryptoPro-A-ParamSet", 242 * "id-GostR3410-2001-CryptoPro-B-ParamSet", 244 * "id-GostR3410-2001-CryptoPro-C-ParamSet", 246 * "id-GostR3410-2001-CryptoPro-XchA-ParamSet", 248 * "id-GostR3410-2001-CryptoPro-XchB-ParamSet"; 250 o SHOULD be omitted if publicKeyParamSet is equal to: 252 * "id-tc26-gost-3410-2012-256-paramSetA"; 254 o MUST be omitted if one of the following values is used as 255 publicKeyParamSet: 257 * "id-tc26-gost-3410-2012-256-paramSetB", 259 * "id-tc26-gost-3410-2012-256-paramSetC", 261 * "id-tc26-gost-3410-2012-256-paramSetD". 263 4.3. Public Key encoding 265 The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an 266 OCTET STRING. This encoding SHALL be used as the content (i.e., the 267 value) of the subjectPublicKey field (a BIT STRING) of 268 SubjectPublicKeyInfo structure. 270 GostR3410-2012-256-PublicKey ::= OCTET STRING (64), 271 GostR3410-2012-512-PublicKey ::= OCTET STRING (128). 273 "GostR3410-2012-256-PublicKey" MUST contain 64 octets, where the 274 first 32 octets contain the little-endian representation of "x" and 275 the second 32 octets contains the little-endian representation of "y" 276 coordinates of the public key. 278 "GostR3410-2012-512-PublicKey" MUST contain 128 octets, where the 279 first 64 octets contain the little-endian representation of "x" and 280 the second 64 octets contains the little-endian representation of "y" 281 coordinates of the public key. 283 4.4. Key usage extension 285 If the KeyUsage extension is present in a certificate with GOST R 286 34.10-2012 public key, the following values MAY be present: 288 o "digitalSignature" (0), 290 o "contentCommitment" (1), 292 o "keyAgreement" (4), 294 o "keyCertSign" (5), 296 o "cRLSign" (6), 298 o "encipherOnly" (7), 300 o "decipherOnly" (8). 302 Note that "contentCommitment" was named "nonRepudiation" in previous 303 versions of X.509. 305 If the key is going to be used for key agreement, flag "keyAgreement" 306 MUST be present in "KeyUsage" extension with "encipherOnly" and 307 "decipherOnly" flags being optional. However flags "encipherOnly" 308 and "decipherOnly" flags MUST NOT be present simultaneously. 310 5. Qualified certificates extensions 312 This section defines additional object identifiers (OIDs) for use in 313 qualified certificates for checking digital signatures. 315 5.1. Distinguished Name additions 317 OGRN is the main state registration number of juridical entities. 319 OGRN ::= NUMERIC STRING 13 321 Corresponding OID is "1.2.643.100.1". 323 SNILS is the individual insurance account number. 325 SNILS ::= NUMERIC STRING 11 327 Corresponding OID is "1.2.643.100.3". 329 OGRNIP is the main state registration number of individual 330 enterpreneurs. 332 OGRNIP ::= NUMERIC STRING 15 334 Corresponding OID is "1.2.643.100.5". 336 INN is the individual taxpayer number (ITN). 338 INN ::= NUMERIC STRING 12 340 Corresponding OID is "1.2.643.3.131.1.1". 342 5.2. Certificate policies 344 Russian national regulation body for cryptography defines several 345 security levels of cryptographic tools. Depending on the class of 346 cryptographic token used by certificate owner the following OIDs must 347 be included into certificate policies. Certificate should include 348 OIDs starting from the lowest one (KC1) up to the strongest 349 applicable. 351 o "1.2.643.100.113.1" - class KC1, 353 o "1.2.643.100.113.2" - class KC2, 355 o "1.2.643.100.113.3" - class KC3, 357 o "1.2.643.100.113.4" - class KB1, 359 o "1.2.643.100.113.5" - class KB2, 361 o "1.2.643.100.113.6" - class KA1. 363 5.3. Subject Sign Tool 365 To denote the token or software type used by certificate owner 366 following non-critical "SubjectSignTool" extension with OID 367 "1.2.643.100.111" should be included. It is defined as 369 SubjectSignTool ::= UTF8String SIZE(1..200) . 371 5.4. Issuer Sign Tool 372 To denote the tools used to generate key pair and tools used by CA to 373 sign certificate following non-critical "IssuerSignTool" extension 374 with OID "1.2.643.100.112" should be included. It is defined as 376 IssuerSignTool ::= SEQUENCE { 377 signTool UTF8String SIZE(1..200), 378 cATool UTF8String SIZE(1..200), 379 signToolCert UTF8String SIZE(1..100), 380 cAToolCert UTF8String SIZE(1..100) }, 382 where: 384 o "signTool" identifies tools used to create key pair, 386 o "cATool" identifies tools used by certificate authority, 388 o "signToolCert" and "cAToolCert" contain the notice of respective 389 tools conformance to Russian federal law on digital signature. 391 6. Historical Considerations 393 Note that for the significant period of time there were no documents 394 describing "GostR3410-2012-PublicKeyParameters". Several old 395 implementations have used "GostR3410-2001-PublicKeyParameters" 396 instead. These implementations will return an error if 397 "digestParamSet" field is not included into public key parameters. 398 Thus an implementation wishing to collaborate with old 399 implementations might want to include "digestParamSet" equal to "id- 400 tc26-digest-gost3411-12-512" if one of the following values is used 401 as "publicKeyParamSet": 403 o "id-tc26-gost-3410-12-512-paramSetA", 405 o "id-tc26-gost-3410-12-512-paramSetB". 407 7. IANA Considerations 409 This memo includes no request to IANA. 411 8. Security Considerations 413 It is RECOMMENDED that applications verify signature values and 414 subject public keys to conform to [GOSTR3410-2012] standard 415 ([RFC7091]) prior to their use. 417 It is RECOMMENDED that CAs and applications make sure that the 418 private key for creating signatures is not used for more than its 419 allowed validity period (typically 15 months for GOST R 34.10-2012 420 algorithm). 422 For security discussion concerning use of algorithm parameters, see 423 [ANS17] and the Security Considerations sections in [RFC4357], 424 [RFC7836]. 426 9. References 428 9.1. Normative References 430 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 431 Requirement Levels", BCP 14, RFC 2119, 432 DOI 10.17487/RFC2119, March 1997, 433 . 435 [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional 436 Cryptographic Algorithms for Use with GOST 28147-89, GOST 437 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 438 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, 439 . 441 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 442 Housley, R., and W. Polk, "Internet X.509 Public Key 443 Infrastructure Certificate and Certificate Revocation List 444 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 445 . 447 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 448 RFC 5652, DOI 10.17487/RFC5652, September 2009, 449 . 451 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: 452 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 453 2013, . 455 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: 456 Digital Signature Algorithm", RFC 7091, 457 DOI 10.17487/RFC7091, December 2013, 458 . 460 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., 461 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines 462 on the Cryptographic Algorithms to Accompany the Usage of 463 Standards GOST R 34.10-2012 and GOST R 34.11-2012", 464 RFC 7836, DOI 10.17487/RFC7836, March 2016, 465 . 467 9.2. Informative References 469 [ANS17] Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the 470 security properties of Russian standardized elliptic 471 curves.", Mathematical Aspects of Cryptography 9:3. P. 472 5-32., DOI 10.4213/mvk260, 2018. 474 [GOSTR3410-2012] 475 Federal Agency on Technical Regulating and Metrology, 476 "Information technology. Cryptographic data security. 477 Signature and verification processes of [electronic] 478 digital signature", GOST R 34.10-2012, 2012. 480 [GOSTR3411-2012] 481 Federal Agency on Technical Regulating and Metrology, 482 "Information technology. Cryptographic Data Security. 483 Hashing function", GOST R 34.11-2012, 2012. 485 Appendix A. GostR3410-2012-PKISyntax 487 GostR3410-2012-PKISyntax 488 { iso(1) member-body(2) ru(643) rosstandart(7) 489 tc26(1) modules(0) gostR3411-2012-PKISyntax(2) } 491 DEFINITIONS ::= 492 BEGIN 493 -- EXPORTS All -- 495 -- ASN.1 TC 26 root 496 id-tc26 OBJECT IDENTIFIER ::= 497 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } 499 -- Signature algorithm 500 id-tc26-sign OBJECT IDENTIFIER ::= 501 { id-tc26 algorithms(1) sign(1) } 503 -- Signature algorithm parameters 504 id-tc26-sign-constants OBJECT IDENTIFIER ::= 505 { id-tc26 constants(2) sign(1) } 507 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters 508 id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= 509 { id-tc26-sign-constants gost-3410-2012-256(1) } 511 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters 512 id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= 513 { id-tc26-sign-constants gost-3410-2012-512(2) } 514 -- GOST R 34.10-2012 / 256 bits signature algorithm 515 id-tc26-gost3410-2012-256 OBJECT IDENTIFIER ::= 516 { id-tc26-sign gost3410-2012-256(1) } 518 -- GOST R 34.10-2012 / 512 bits signature algorithm 519 id-tc26-gost3410-2012-512 OBJECT IDENTIFIER ::= 520 { id-tc26-sign gost3410-2012-512(2) } 522 -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits 523 -- with GOST R 34.11-2012 524 id-tc26-signwithdigest-gost3410-2012-256 OBJECT IDENTIFIER ::= 525 { id-tc26-signwithdigest gost3410-2012-256(2) } 527 -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits 528 -- with GOST R 34.11-2012 529 id-tc26-signwithdigest-gost3410-2012-512 OBJECT IDENTIFIER ::= 530 { id-tc26-signwithdigest gost3410-2012-512(3) } 532 -- GOST R 34.10-2012 / 256 bits Signature algorithm parameters ID: 533 -- "Set A" 534 id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= 535 { id-tc26-gost-3410-2012-256-constants paramSetA(1) } 537 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 538 -- "Set B" 539 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 540 { id-tc26-gost-3410-2012-256-constants paramSetB(2) } 542 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 543 -- "Set C" 544 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 545 { id-tc26-gost-3410-2012-256-constants paramSetC(3) } 547 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 548 -- "Set D" 549 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 550 { id-tc26-gost-3410-2012-256-constants paramSetD(4) } 552 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 553 -- "Test set" 554 id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= 555 { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } 557 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 558 -- "Set A" 559 id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= 560 { id-tc26-gost-3410-2012-512-constants paramSetA(1) } 561 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 562 -- "Set B" 563 id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= 564 { id-tc26-gost-3410-2012-512-constants paramSetB(2) } 566 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 567 -- "Set C" 568 id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= 569 { id-tc26-gost-3410-2012-512-constants paramSetC(3) } 571 -- Public key GOST R 34.10-2012 / 256 bits 572 GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) 573 -- Public key GOST R 34.10-2012 / 512 bits 574 GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) 575 -- Public key GOST R 34.10-2012 576 GostR3410-PublicKey ::= OCTET STRING (SIZE (64 | 128)) 578 -- Public key parameters GOST R 34.10-2012 579 GostR3410-2012-PublicKeyParameters ::= 580 SEQUENCE { 581 publicKeyParamSet OBJECT IDENTIFIER, 582 digestParamSet OBJECT IDENTIFIER OPTIONAL 583 } 585 END -- GostR3410-2012-PKISyntax 587 Appendix B. Public key parameters 589 Here we define three new object identifiers for three existing public 590 key parameter sets defined in [RFC4357]. These object identifiers 591 MUST be used with GOST R 34.10-2012 public keys only. 593 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 594 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 595 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 596 gost-3410-12-256-constants(1) paramSetB(2)}. 598 The elliptic curve of this parameter set is the same as of id- 599 GostR3410-2001-CryptoPro-A-ParamSet which can be found in [RFC4357]. 601 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 602 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 603 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 604 gost-3410-12-256-constants(1) paramSetC(3)}. 606 The elliptic curve of this parameter set is the same as of id- 607 GostR3410-2001-CryptoPro-B-ParamSet which can be found in [RFC4357]. 609 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 610 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 611 ru(643) rosstandart(7) tc26(1) constants(2) sign-constants(1) 612 gost-3410-12-256-constants(1) paramSetD(4)}. 614 The elliptic curve of this parameter set is the same as of id- 615 GostR3410-2001-CryptoPro-C-ParamSet which can be found in [RFC4357]. 617 Appendix C. Test Examples 619 C.1. GOST R 34.10-2001 Test parameters (256 bit private key length) 621 This example uses curve defined in Section 7.1 of [RFC7091]. 623 Private key is 625 d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 627 Public key is 629 X = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B 630 Y = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA 632 C.1.1. Certificate request 633 -----BEGIN CERTIFICATE REQUEST----- 634 MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq 635 hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b 636 cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB 637 AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN 638 ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== 639 -----END CERTIFICATE REQUEST----- 641 0 211: SEQUENCE { 642 3 129: SEQUENCE { 643 6 1: INTEGER 0 644 9 18: SEQUENCE { 645 11 16: SET { 646 13 14: SEQUENCE { 647 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) 648 20 7: PrintableString 'Example' 649 : } 650 : } 651 : } 652 29 102: SEQUENCE { 653 31 31: SEQUENCE { 654 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 655 43 19: SEQUENCE { 656 45 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 657 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 658 : } 659 : } 660 64 67: BIT STRING, encapsulates { 661 67 64: OCTET STRING 662 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 663 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 664 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 665 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 666 : } 667 : } 668 133 0: [0] {} 669 : } 670 135 10: SEQUENCE { 671 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 672 : } 673 147 65: BIT STRING 674 : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 675 : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A 676 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 677 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 678 : } 680 C.1.2. Certificate 682 -----BEGIN CERTIFICATE----- 683 MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 684 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 685 YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv 686 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 687 lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB 688 AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k 689 GXQFNVSkJ2e4OtBD/TncBJM= 690 -----END CERTIFICATE----- 692 0 301: SEQUENCE { 693 4 219: SEQUENCE { 694 7 3: [0] { 695 9 1: INTEGER 2 696 : } 697 12 1: INTEGER 10 698 15 10: SEQUENCE { 699 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 700 : } 701 27 18: SEQUENCE { 702 29 16: SET { 703 31 14: SEQUENCE { 704 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 705 38 7: PrintableString 'Example' 706 : } 707 : } 708 : } 709 47 32: SEQUENCE { 710 49 13: UTCTime 01/01/2001 00:00:00 GMT 711 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 712 : } 713 81 18: SEQUENCE { 714 83 16: SET { 715 85 14: SEQUENCE { 716 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 717 92 7: PrintableString 'Example' 718 : } 719 : } 720 : } 721 101 102: SEQUENCE { 722 103 31: SEQUENCE { 723 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 724 115 19: SEQUENCE { 725 117 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 726 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 727 : } 728 : } 729 136 67: BIT STRING, encapsulates { 730 139 64: OCTET STRING 731 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 732 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 733 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 734 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 735 : } 736 : } 737 205 19: [3] { 738 207 17: SEQUENCE { 739 209 15: SEQUENCE { 740 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 741 216 1: BOOLEAN TRUE 742 219 5: OCTET STRING, encapsulates { 743 221 3: SEQUENCE { 744 223 1: BOOLEAN TRUE 745 : } 746 : } 747 : } 748 : } 749 : } 750 : } 751 226 10: SEQUENCE { 752 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 753 : } 754 238 65: BIT STRING 755 : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF 756 : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C 757 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 758 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 759 : } 761 C.1.3. Certificate Revocation List 762 -----BEGIN X509 CRL----- 763 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 764 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ 765 RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD 766 /TncBJM= 767 -----END X509 CRL----- 769 0 146: SEQUENCE { 770 3 65: SEQUENCE { 771 5 1: INTEGER 1 772 8 10: SEQUENCE { 773 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 774 : } 775 20 18: SEQUENCE { 776 22 16: SET { 777 24 14: SEQUENCE { 778 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 779 31 7: PrintableString 'Example' 780 : } 781 : } 782 : } 783 40 13: UTCTime 01/01/2014 00:00:00 GMT 784 55 13: UTCTime 02/01/2014 00:00:00 GMT 785 : } 786 70 10: SEQUENCE { 787 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 788 : } 789 82 65: BIT STRING 790 : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F 791 : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 792 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 793 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 794 : } 796 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private key 797 length) 799 This example uses curve defined in Section A.2 of [RFC7836]. 801 Private key is 803 d = 0x3A929ADE789BB9BE10ED359DD39A72C10B87C83F80BE18B85C041F4325B62EC1 805 Public key is 807 X = 0x99C3DF265EA59350640BA69D1DE04418AF3FEA03EC0F85F2DD84E8BED4952774 808 Y = 0xE218631A69C47C122E2D516DA1C09E6BD19344D94389D1F16C0C4D4DCF96F578 810 C.2.1. Certificate request 812 -----BEGIN CERTIFICATE REQUEST----- 813 MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF 814 AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP 815 TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq 816 Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH 817 em9bOg4Jcxjnrm7naQ== 818 -----END CERTIFICATE REQUEST----- 820 0 202: SEQUENCE { 821 3 121: SEQUENCE { 822 5 1: INTEGER 0 823 8 18: SEQUENCE { 824 10 16: SET { 825 12 14: SEQUENCE { 826 14 3: OBJECT IDENTIFIER commonName (2 5 4 3) 827 19 7: PrintableString 'Example' 828 : } 829 : } 830 : } 831 28 94: SEQUENCE { 832 30 23: SEQUENCE { 833 32 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 834 42 11: SEQUENCE { 835 44 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 836 : } 837 : } 838 55 67: BIT STRING, encapsulates { 839 58 64: OCTET STRING 840 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 841 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 842 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 843 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 844 : } 845 : } 846 124 0: [0] {} 847 : } 848 126 10: SEQUENCE { 849 128 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 850 : } 851 138 65: BIT STRING 852 : 1B DC 2A 13 17 67 9B 66 23 2F 63 EA 16 FF 7C 64 853 : CC AA B9 AD 85 5F C6 E1 80 91 66 1D B7 9D 48 12 854 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 855 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 856 : } 858 C.2.2. Certificate 860 -----BEGIN CERTIFICATE----- 861 MIIBJTCB06ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 862 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 863 YW1wbGUwXjAXBggqhQMHAQEBATALBgkqhQMHAQIBAQEDQwAEQHQnldS+6ITd8oUP 864 7APqP68YROAdnaYLZFCTpV4m38OZePWWz01NDGzx0YlD2UST0WuewKFtUS0uEnzE 865 aRpjGOKjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoUDBwEBAwIDQQAUC02pEksJ 866 yw1c6Sjuh0JzoxASlJLsDik2njt5EkhXjB0OHaW+NHxvG1JWx66sIArWSsd6b1s6 867 DglzGOeubudp 868 -----END CERTIFICATE----- 870 0 293: SEQUENCE { 871 4 211: SEQUENCE { 872 7 3: [0] { 873 9 1: INTEGER 2 874 : } 875 12 1: INTEGER 10 876 15 10: SEQUENCE { 877 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 878 : } 879 27 18: SEQUENCE { 880 29 16: SET { 881 31 14: SEQUENCE { 882 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 883 38 7: PrintableString 'Example' 884 : } 885 : } 886 : } 887 47 32: SEQUENCE { 888 49 13: UTCTime 01/01/2001 00:00:00 GMT 889 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 890 : } 891 81 18: SEQUENCE { 892 83 16: SET { 893 85 14: SEQUENCE { 894 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 895 92 7: PrintableString 'Example' 896 : } 897 : } 898 : } 899 101 94: SEQUENCE { 900 103 23: SEQUENCE { 901 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 902 115 11: SEQUENCE { 903 117 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 904 : } 905 : } 907 128 67: BIT STRING, encapsulates { 908 131 64: OCTET STRING 909 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 910 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 911 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 912 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 913 : } 914 : } 915 197 19: [3] { 916 199 17: SEQUENCE { 917 201 15: SEQUENCE { 918 203 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 919 208 1: BOOLEAN TRUE 920 211 5: OCTET STRING, encapsulates { 921 213 3: SEQUENCE { 922 215 1: BOOLEAN TRUE 923 : } 924 : } 925 : } 926 : } 927 : } 928 : } 929 218 10: SEQUENCE { 930 220 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 931 : } 932 230 65: BIT STRING 933 : 14 0B 4D A9 12 4B 09 CB 0D 5C E9 28 EE 87 42 73 934 : A3 10 12 94 92 EC 0E 29 36 9E 3B 79 12 48 57 8C 935 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 936 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 937 : } 939 C.2.3. Certificate Revocation List 940 -----BEGIN X509 CRL----- 941 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 942 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBABS9aAh8O5A8eqKL 943 B/6y571v4JY/VjJnNZ9c2Oq0UFmtHQ4dpb40fG8bUlbHrqwgCtZKx3pvWzoOCXMY 944 565u52k= 945 -----END X509 CRL----- 947 0 146: SEQUENCE { 948 3 65: SEQUENCE { 949 5 1: INTEGER 1 950 8 10: SEQUENCE { 951 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 952 : } 953 20 18: SEQUENCE { 954 22 16: SET { 955 24 14: SEQUENCE { 956 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 957 31 7: PrintableString 'Example' 958 : } 959 : } 960 : } 961 40 13: UTCTime 01/01/2014 00:00:00 GMT 962 55 13: UTCTime 02/01/2014 00:00:00 GMT 963 : } 964 70 10: SEQUENCE { 965 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 966 : } 967 82 65: BIT STRING 968 : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD 969 : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD 970 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 971 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 972 : } 974 C.3. GOST R 34.10-2012 Test parameters (512 bit private key length) 976 This example uses curve defined in Appendix D. 978 Private key is 980 d = 0x0BA6048AADAE241BA40936D47756D7C93091A0E8514669700EE7508E508B1020\\ 981 72E8123B2200A0563322DAD2827E2714A2636B7BFD18AADFC62967821FA18DD4 983 Public key is 985 X = 0x115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1815B5C320C854621DD\\ 986 5A515856D13314AF69BC5B924C8B4DDFF75C45415C1D9DD9DD33612CD530EFE1 987 Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0E2634FA0503B3D52639F5D7FB72AFD61\\ 988 EA199441D943FFE7F0C70A2759A3CDB84C114E1F9339FDF27F35ECA93677BEEC 990 C.3.1. Certificate request 992 -----BEGIN CERTIFICATE REQUEST----- 993 MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG 994 CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR 995 Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R 996 TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH 997 N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q 998 wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e 999 PGie5RKjyC7g3MJkPHjuqPys01SSVYSGsg8cnsGXyQaZhQJgyTvLzZxcMxfhk0Th 1000 c642 1001 -----END CERTIFICATE REQUEST----- 1003 0 335: SEQUENCE { 1004 4 188: SEQUENCE { 1005 7 1: INTEGER 0 1006 10 18: SEQUENCE { 1007 12 16: SET { 1008 14 14: SEQUENCE { 1009 16 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1010 21 7: PrintableString 'Example' 1011 : } 1012 : } 1013 : } 1014 30 160: SEQUENCE { 1015 33 23: SEQUENCE { 1016 35 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1017 45 11: SEQUENCE { 1018 47 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1019 : } 1020 : } 1021 58 132: BIT STRING, encapsulates { 1022 62 128: OCTET STRING 1023 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1024 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1025 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1026 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1027 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1028 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1029 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1030 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1031 : } 1032 : } 1033 193 0: [0] {} 1034 : } 1035 195 10: SEQUENCE { 1036 197 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1037 : } 1038 207 129: BIT STRING 1039 : 43 3B 1D 6C E4 0A 51 F1 E5 73 7E B1 6A A2 C6 83 1040 : 82 9A 40 5B 9D 91 27 E2 12 60 FC 9D 6A C0 5D 87 1041 : BF 24 E2 6C 45 27 8A 5C 21 92 A7 5B A9 49 93 AB 1042 : D6 07 4E 7F F1 BF 03 FD 2F 53 97 AF A1 D9 45 58 1043 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1044 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1045 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1046 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1047 : } 1049 C.3.2. Certificate 1051 -----BEGIN CERTIFICATE----- 1052 MIIBqjCCARagAwIBAgIBCzAKBggqhQMHAQEDAzASMRAwDgYDVQQDEwdFeGFtcGxl 1053 MCAXDTAxMDEwMTAwMDAwMFoYDzIwNTAxMjMxMDAwMDAwWjASMRAwDgYDVQQDEwdF 1054 eGFtcGxlMIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz 1055 3dmdHVxBRVz3302LTJJbvGmvFDPRVlhRWt0hRoUMMlxbgcEzvmVaqMTUQOe5io1Z 1056 SHsMdpa8xV0R7L53NqnsNX/y/TmTH04RTLjNo1knCsfw5/9D2UGUGeph/Sq3f12f 1057 Y1I9O1CgT2PioM9Rt8E63CFWDwvUDMnHN6MTMBEwDwYDVR0TAQH/BAUwAwEB/zAK 1058 BggqhQMHAQEDAwOBgQBBVwPYkvGl8/aMQ1MYmn7iB7gLVjHvnUlSmk1rVCws+hWq 1059 LqzxH0cP3n2VSFaQPDX9j5Ve8wDZXHdTSnJKDu5wL4b6YKCBCRoj3XleHjxonuUS 1060 o8gu4NzCZDx47qj8rNNUklWEhrIPHJ7Bl8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1061 -----END CERTIFICATE----- 1063 0 426: SEQUENCE { 1064 4 278: SEQUENCE { 1065 8 3: [0] { 1066 10 1: INTEGER 2 1067 : } 1068 13 1: INTEGER 11 1069 16 10: SEQUENCE { 1070 18 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1071 : } 1072 28 18: SEQUENCE { 1073 30 16: SET { 1074 32 14: SEQUENCE { 1075 34 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1076 39 7: PrintableString 'Example' 1077 : } 1078 : } 1079 : } 1080 48 32: SEQUENCE { 1081 50 13: UTCTime 01/01/2001 00:00:00 GMT 1082 65 15: GeneralizedTime 31/12/2050 00:00:00 GMT 1083 : } 1084 82 18: SEQUENCE { 1085 84 16: SET { 1086 86 14: SEQUENCE { 1087 88 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1088 93 7: PrintableString 'Example' 1089 : } 1090 : } 1091 : } 1092 102 160: SEQUENCE { 1093 105 23: SEQUENCE { 1094 107 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1095 117 11: SEQUENCE { 1096 119 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1097 : } 1098 : } 1099 130 132: BIT STRING, encapsulates { 1100 134 128: OCTET STRING 1101 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1102 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1103 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1104 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1105 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1106 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1107 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1108 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1109 : } 1110 : } 1111 265 19: [3] { 1112 267 17: SEQUENCE { 1113 269 15: SEQUENCE { 1114 271 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1115 276 1: BOOLEAN TRUE 1116 279 5: OCTET STRING, encapsulates { 1117 281 3: SEQUENCE { 1118 283 1: BOOLEAN TRUE 1119 : } 1120 : } 1121 : } 1122 : } 1123 : } 1124 : } 1125 286 10: SEQUENCE { 1126 288 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1127 : } 1128 298 129: BIT STRING 1129 : 41 57 03 D8 92 F1 A5 F3 F6 8C 43 53 18 9A 7E E2 1130 : 07 B8 0B 56 31 EF 9D 49 52 9A 4D 6B 54 2C 2C FA 1131 : 15 AA 2E AC F1 1F 47 0F DE 7D 95 48 56 90 3C 35 1132 : FD 8F 95 5E F3 00 D9 5C 77 53 4A 72 4A 0E EE 70 1133 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1134 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1135 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1136 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1137 : } 1139 C.3.3. Certificate Revocation List 1140 -----BEGIN X509 CRL----- 1141 MIHTMEECAQEwCgYIKoUDBwEBAwMwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 1142 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAwOBgQA6E/t67NtVYO72 1143 E3z8XdZGkXMuv7NpCh/Ax+ik7uoIMH1kjU3AmGxGqHs/vkx69C6jQ1nHlZVMo5/z 1144 q77ZBR9NL4b6YKCBCRoj3XleHjxonuUSo8gu4NzCZDx47qj8rNNUklWEhrIPHJ7B 1145 l8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1146 -----END X509 CRL----- 1148 0 211: SEQUENCE { 1149 3 65: SEQUENCE { 1150 5 1: INTEGER 1 1151 8 10: SEQUENCE { 1152 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1153 : } 1154 20 18: SEQUENCE { 1155 22 16: SET { 1156 24 14: SEQUENCE { 1157 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1158 31 7: PrintableString 'Example' 1159 : } 1160 : } 1161 : } 1162 40 13: UTCTime 01/01/2014 00:00:00 GMT 1163 55 13: UTCTime 02/01/2014 00:00:00 GMT 1164 : } 1165 70 10: SEQUENCE { 1166 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1167 : } 1168 82 129: BIT STRING 1169 : 3A 13 FB 7A EC DB 55 60 EE F6 13 7C FC 5D D6 46 1170 : 91 73 2E BF B3 69 0A 1F C0 C7 E8 A4 EE EA 08 30 1171 : 7D 64 8D 4D C0 98 6C 46 A8 7B 3F BE 4C 7A F4 2E 1172 : A3 43 59 C7 95 95 4C A3 9F F3 AB BE D9 05 1F 4D 1173 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1174 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1175 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1176 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1177 : } 1179 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 1181 The following parameters must be used for digital signature 1182 generation and verification. 1184 D.1. Elliptic Curve Modulus 1186 The following value is assigned to parameter p in this example: 1188 p = 36239861022290036359077887536838743060213209255346786050\\ 1189 8654615045085616662400248258848202227149685402509082360305\\ 1190 8735163734263822371964987228582907372403, 1192 p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1193 F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373. 1195 D.2. Elliptic Curve Coefficients 1197 Parameters a and b take the following values in this example: 1199 a = 7, 1201 a = 0x7, 1203 b = 1518655069210828534508950034714043154928747527740206436\\ 1204 1940188233528099824437937328297569147859746748660416053978836775\\ 1205 96626326413990136959047435811826396, 1207 b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC4\\ 1208 361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC. 1210 D.3. Elliptic Curve Points Group Order 1212 Parameter m takes the following value in this example: 1214 m = 36239861022290036359077887536838743060213209255346786050865461\\ 1215 504508561666239691648983050328630684999614040794379365854558651922\\ 1216 12970734808812618120619743, 1218 m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1219 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1221 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group 1223 Parameter q takes the following value in this example: 1225 q = 36239861022290036359077887536838743060213209255346786050865461\\ 1226 504508561666239691648983050328630684999614040794379365854558651922\\ 1227 12970734808812618120619743, 1229 q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1230 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1232 D.5. Elliptic Curve Point Coordinates 1234 Point P coordinates take the following values in this example: 1236 x = 1928356944067022849399309401243137598997786635459507974357075491\\ 1237 307766592685835441065557681003184874819658004903212332884252335830\\ 1238 250729527632383493573274, 1240 x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762\\ 1241 FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A, 1243 y = 22887286933719728599700121555294784163535623273295061803\\ 1244 144974259311028603015728141419970722717088070665938506503341523818\\ 1245 57347798885864807605098724013854, 1247 y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2\\ 1248 C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E. 1250 Appendix E. Contributors 1252 o Semen Pianov 1253 InfoTeCS JSC 1254 Semen.Pianov@infotecs.ru 1256 o Ekaterina Karelina 1257 InfoTeCS JSC 1258 Ekaterina.Karelina@infotecs.ru 1260 o Dmitry Belyavsky 1261 Cryptocom 1262 beldmit@gmail.com 1264 Authors' Addresses 1266 Dmitry Baryshkov (editor) 1267 Mentor Graphics (Ireland) Ltd. 1268 Pevchesky lane, 12 1269 Saint-Petersburg 197046 1270 Russian Federation 1272 Email: dbaryshkov@gmail.com 1273 Vasily Nikolaev 1274 CryptoPro 1275 18, Suschevsky val 1276 Moscow 127018 1277 Russian Federation 1279 Phone: +7 (495) 995-48-20 1280 Email: nikolaev@cryptopro.ru 1282 Aleksandr Chelpanov 1283 InfoTeCS JSC 1284 Bldg. 1, 1/23, Stary Petrovsko-Razumovskiy Proezd 1285 Moscow 127287 1286 Russian Federation 1288 Phone: +7 (495) 737-61-92 1289 Email: Aleksandr.Chelpanov@infotecs.ru