idnits 2.17.1 draft-deremin-rfc4491-bis-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 22, 2020) is 1435 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '0' on line 1061 -- Looks like a reference, but probably isn't: '3' on line 1107 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force D. Baryshkov, Ed. 3 Internet-Draft Mentor Graphics (Ireland) Ltd. 4 Intended status: Informational V. Nikolaev 5 Expires: November 23, 2020 CryptoPro 6 A. Chelpanov 7 InfoTeCS JSC 8 May 22, 2020 10 Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms with the 11 Internet X.509 Public Key Infrastructure 12 draft-deremin-rfc4491-bis-06 14 Abstract 16 This document describes encoding formats, identifiers, and parameter 17 formats for the algorithms GOST R 34.10-2012 and GOST R 34.11-2012 18 for use in Internet X.509 Public Key Infrastructure (PKI). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on November 23, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 56 2. Signature algorithm support . . . . . . . . . . . . . . . . . 3 57 3. Hash functions support . . . . . . . . . . . . . . . . . . . 4 58 4. Subject Public Keys Information Fields . . . . . . . . . . . 5 59 4.1. Public Key identifiers . . . . . . . . . . . . . . . . . 5 60 4.2. Public Key parameters . . . . . . . . . . . . . . . . . . 5 61 4.3. Public Key encoding . . . . . . . . . . . . . . . . . . . 6 62 4.4. Key usage extension . . . . . . . . . . . . . . . . . . . 6 63 5. Qualified certificates extensions . . . . . . . . . . . . . . 7 64 5.1. Distinguished Name additions . . . . . . . . . . . . . . 7 65 5.2. Certificate policies . . . . . . . . . . . . . . . . . . 8 66 5.3. Subject Sign Tool . . . . . . . . . . . . . . . . . . . . 8 67 5.4. Issuer Sign Tool . . . . . . . . . . . . . . . . . . . . 8 68 6. Historical Considerations . . . . . . . . . . . . . . . . . . 9 69 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 70 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 71 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 72 9.1. Normative References . . . . . . . . . . . . . . . . . . 10 73 9.2. Informative References . . . . . . . . . . . . . . . . . 10 74 Appendix A. GostR3410-2012-PKISyntax . . . . . . . . . . . . . . 11 75 Appendix B. Public key parameters . . . . . . . . . . . . . . . 13 76 Appendix C. Test Examples . . . . . . . . . . . . . . . . . . . 14 77 C.1. GOST R 34.10-2001 Test parameters (256 bit private key 78 length) . . . . . . . . . . . . . . . . . . . . . . . . . 14 79 C.1.1. Certificate request . . . . . . . . . . . . . . . . . 14 80 C.1.2. Certificate . . . . . . . . . . . . . . . . . . . . . 16 81 C.1.3. Certificate Revocation List . . . . . . . . . . . . . 17 82 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private 83 key length) . . . . . . . . . . . . . . . . . . . . . . . 18 84 C.2.1. Certificate request . . . . . . . . . . . . . . . . . 19 85 C.2.2. Certificate . . . . . . . . . . . . . . . . . . . . . 20 86 C.2.3. Certificate Revocation List . . . . . . . . . . . . . 21 87 C.3. GOST R 34.10-2012 Test parameters (512 bit private key 88 length) . . . . . . . . . . . . . . . . . . . . . . . . . 22 89 C.3.1. Certificate request . . . . . . . . . . . . . . . . . 23 90 C.3.2. Certificate . . . . . . . . . . . . . . . . . . . . . 24 91 C.3.3. Certificate Revocation List . . . . . . . . . . . . . 26 92 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 27 93 D.1. Elliptic Curve Modulus . . . . . . . . . . . . . . . . . 28 94 D.2. Elliptic Curve Coefficients . . . . . . . . . . . . . . . 28 95 D.3. Elliptic Curve Points Group Order . . . . . . . . . . . . 28 96 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group . 28 97 D.5. Elliptic Curve Point Coordinates . . . . . . . . . . . . 29 98 Appendix E. Contributors . . . . . . . . . . . . . . . . . . . . 29 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29 101 1. Introduction 103 This document describes the conventions for using the GOST R 104 34.10-2012 [GOSTR3410-2012] (see [RFC7091]) signature algorithm and 105 GOST R 34.11-2012 [GOSTR3411-2012] (see [RFC6986]) hash function in 106 the Internet X.509 Public Key Infrastructure (PKI) [RFC5280]. 108 This specification defines the contents of the signatureAlgorithm, 109 signatureValue, signature, and subjectPublicKeyInfo fields within 110 X.509 Certificates and CRLs. For each algorithm, the appropriate 111 alternatives for the keyUsage certificate extension are provided. 113 1.1. Requirements Language 115 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 116 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 117 document are to be interpreted as described in [RFC2119]. 119 2. Signature algorithm support 121 Conforming CAs MAY use GOST R 34.10-2012 signature algorithm to sign 122 certificates and CRLs. This signature algorithm MUST always be used 123 with GOST R 34.11-2012 hash function. It may use keys length of 124 either 256 bits or 512 bits. 126 The ASN.1 object identifier used to identify GOST R 34.10-2012 127 signature algorithm with 256-bit key length and GOST R 34.11-2012 128 hash function with 256-bit hash code is: 130 id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= 131 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 132 algorithms(1) signwithdigest(3) gost3410-12-256(2)} 134 GOST R 34.10-2012 signature algorithm with 256-bit key length 135 generates a digital signature in the form of two 256-bit numbers, r 136 and s. Its octet string representation consists of 64 octets, where 137 the first 32 octets contain the big-endian representation of s and 138 the second 32 octets contain the big-endian representation of r. 140 The ASN.1 object identifier used to identify GOST R 34.10-2012 141 signature algorithm with 512-bit key length and GOST R 34.11-2012 142 hash function with 512-bit hash code is: 144 id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= 145 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 146 algorithms(1) signwithdigest(3) gost3410-12-512(3)} 148 GOST R 34.10-2012 signature algorithm with 512-bit key length 149 generates a digital signature in the form of two 512-bit numbers, r 150 and s. Its octet string representation consists of 128 octets, where 151 the first 64 octets contain the big-endian representation of s and 152 the second 64 octets contain the big-endian representation of r. 154 When either of these OID is used as the algorithm field in an 155 AlgorithmIdentifier structure, the encoding MUST omit the parameters 156 field. 158 The described definition of a signature value is directly usable in 159 CMS [RFC5652], where such values are represented as octet strings. 160 However, signature values in certificates and CRLs [RFC5280] are 161 represented as bit strings, and thus the octet string representation 162 must be converted. 164 To convert an octet string signature value to a bit string, the most 165 significant bit of the first octet of the signature value SHALL 166 become the first bit of the bit string, and so on through the least 167 significant bit of the last octet of the signature value, which SHALL 168 become the last bit of the bit string. 170 3. Hash functions support 172 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 173 function with 256-bit hash code is: 175 id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= 176 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 177 algorithms(1) digest(2) gost3411-12-256(2)} 179 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 180 function with 512-bit hash code is: 182 id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= 183 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 184 algorithms(1) digest(2) gost3411-12-512(3)} 186 When either of these OID is used as the algorithm field in an 187 AlgorithmIdentifier structure, the encoding MUST omit the parameters 188 field. 190 4. Subject Public Keys Information Fields 192 4.1. Public Key identifiers 194 GOST R 34.10-2012 public keys with 256 bits private key length are 195 identified by the following OID: 197 id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= 198 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 199 algorithms(1) sign(1) gost3410-12-256(1)} 201 GOST R 34.10-2012 public keys with 512 bits private key length are 202 identified by the following OID: 204 id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= 205 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 206 algorithms(1) sign(1) gost3410-12-512(2)} 208 4.2. Public Key parameters 210 When either of these identifiers appears as algorithm field in 211 SubjectPublicKeyInfo.algorithm.algorithm field, parameters field MUST 212 have the following structure: 214 GostR3410-2012-PublicKeyParameters ::= SEQUENCE 215 { 216 publicKeyParamSet OBJECT IDENTIFIER, 217 digestParamSet OBJECT IDENTIFIER OPTIONAL 218 } 220 where: 222 o "publicKeyParamSet" - public key parameters identifier for GOST R 223 34.10-2012 (see Sections 5.1 and 5.2 of [RFC7836] or Appendix B) 224 or GOST R 34.10-2001 (see Section 8.4 of [RFC4357]) parameters. 226 o "digestParamSet" - parameter identifier for corresponding GOST R 227 34.11-2012 (See Section 3). 229 The field digestParamSet: 231 o SHOULD be omitted if GOST R 34.10-2012 signature algorithm is used 232 with 512-bit key length; 234 o MUST be present and must be equal to "id-tc26-digest- 235 gost3411-12-256" if one of the following values is used as 236 "publicKeyParamSet": 238 * "id-GostR3410-2001-CryptoPro-A-ParamSet", 240 * "id-GostR3410-2001-CryptoPro-B-ParamSet", 242 * "id-GostR3410-2001-CryptoPro-C-ParamSet", 244 * "id-GostR3410-2001-CryptoPro-XchA-ParamSet", 246 * "id-GostR3410-2001-CryptoPro-XchB-ParamSet"; 248 o SHOULD be omitted if publicKeyParamSet is equal to: 250 * "id-tc26-gost-3410-2012-256-paramSetA"; 252 o MUST be omitted if one of the following values is used as 253 publicKeyParamSet: 255 * "id-tc26-gost-3410-2012-256-paramSetB", 257 * "id-tc26-gost-3410-2012-256-paramSetC", 259 * "id-tc26-gost-3410-2012-256-paramSetD". 261 4.3. Public Key encoding 263 The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an 264 OCTET STRING. This encoding SHALL be used as the content (i.e., the 265 value) of the subjectPublicKey field (a BIT STRING) of 266 SubjectPublicKeyInfo structure. 268 GostR3410-2012-256-PublicKey ::= OCTET STRING (64), 269 GostR3410-2012-512-PublicKey ::= OCTET STRING (128). 271 "GostR3410-2012-256-PublicKey" MUST contain 64 octets, where the 272 first 32 octets contain the little-endian representation of "x" and 273 the second 32 octets contains the little-endian representation of "y" 274 coordinates of the public key. 276 "GostR3410-2012-512-PublicKey" MUST contain 128 octets, where the 277 first 64 octets contain the little-endian representation of "x" and 278 the second 64 octets contains the little-endian representation of "y" 279 coordinates of the public key. 281 4.4. Key usage extension 283 If the KeyUsage extension is present in a certificate with GOST R 284 34.10-2012 public key, the following values MAY be present: 286 o "digitalSignature" (0), 288 o "contentCommitment" (1), 290 o "keyAgreement" (4), 292 o "keyCertSign" (5), 294 o "cRLSign" (6), 296 o "encipherOnly" (7), 298 o "decipherOnly" (8). 300 Note that "contentCommitment" was named "nonRepudiation" in previous 301 versions of X.509. 303 If the key is going to be used for key agreement, flag "keyAgreement" 304 MUST be present in "KeyUsage" extension with "encipherOnly" and 305 "decipherOnly" flags being optional. However flags "encipherOnly" 306 and "decipherOnly" flags MUST NOT be present simultaneously. 308 5. Qualified certificates extensions 310 This section defines additional object identifiers (OIDs) for use in 311 qualified certificates for checking digital signatures. 313 5.1. Distinguished Name additions 315 OGRN is the main state registration number of juridical entities. 317 OGRN ::= NUMERIC STRING 13 319 Corresponding OID is "1.2.643.100.1". 321 SNILS is the individual insurance account number. 323 SNILS ::= NUMERIC STRING 11 325 Corresponding OID is "1.2.643.100.3". 327 OGRNIP is the main state registration number of individual 328 enterpreneurs. 330 OGRNIP ::= NUMERIC STRING 15 332 Corresponding OID is "1.2.643.100.5". 334 INN is the individual taxpayer number (ITN). 336 INN ::= NUMERIC STRING 12 338 Corresponding OID is "1.2.643.3.131.1.1". 340 5.2. Certificate policies 342 Russian national regulation body for cryptography defines several 343 security levels of cryptographic tools. Depending on the class of 344 cryptographic token used by certificate owner the following OIDs must 345 be included into certificate policies. Certificate should include 346 OIDs starting from the lowest one (KC1) up to the strongest 347 applicable. 349 o "1.2.643.100.113.1" - class KC1, 351 o "1.2.643.100.113.2" - class KC2, 353 o "1.2.643.100.113.3" - class KC3, 355 o "1.2.643.100.113.4" - class KB1, 357 o "1.2.643.100.113.5" - class KB2, 359 o "1.2.643.100.113.6" - class KA1. 361 5.3. Subject Sign Tool 363 To denote the token or software type used by certificate owner 364 following non-critical "SubjectSignTool" extension with OID 365 "1.2.643.100.111" should be included. It is defined as 367 SubjectSignTool ::= UTF8String SIZE(1..200) . 369 5.4. Issuer Sign Tool 371 To denote the tools used to generate key pair and tools used by CA to 372 sign certificate following non-critical "IssuerSignTool" extension 373 with OID "1.2.643.100.112" should be included. It is defined as 375 IssuerSignTool ::= SEQUENCE { 376 signTool UTF8String SIZE(1..200), 377 cATool UTF8String SIZE(1..200), 378 signToolCert UTF8String SIZE(1..100), 379 cAToolCert UTF8String SIZE(1..100) }, 381 where: 383 o "signTool" identifies tools used to create key pair, 385 o "cATool" identifies tools used by certificate authority, 387 o "signToolCert" and "cAToolCert" contain the notice of respective 388 tools conformance to Russian federal law on digital signature. 390 6. Historical Considerations 392 Note that for the significant period of time there were no documents 393 describing "GostR3410-2012-PublicKeyParameters". Several old 394 implementations have used "GostR3410-2001-PublicKeyParameters" 395 instead. These implementations will return an error if 396 "digestParamSet" field is not included into public key parameters. 397 Thus an implementation wishing to collaborate with old 398 implementations might want to include "digestParamSet" equal to "id- 399 tc26-digest-gost3411-12-512" if one of the following values is used 400 as "publicKeyParamSet": 402 o "id-tc26-gost-3410-12-512-paramSetA", 404 o "id-tc26-gost-3410-12-512-paramSetB". 406 7. IANA Considerations 408 This memo includes no request to IANA. 410 8. Security Considerations 412 It is RECOMMENDED that applications verify signature values and 413 subject public keys to conform to [GOSTR3410-2012] standard 414 ([RFC7091]) prior to their use. 416 It is RECOMMENDED that CAs and applications make sure that the 417 private key for creating signatures is not used for more than its 418 allowed validity period (typically 15 months for GOST R 34.10-2012 419 algorithm). 421 For security discussion concerning use of algorithm parameters, see 422 [ANS17] and the Security Considerations sections in [RFC4357], 423 [RFC7836]. 425 9. References 426 9.1. Normative References 428 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 429 Requirement Levels", BCP 14, RFC 2119, 430 DOI 10.17487/RFC2119, March 1997, 431 . 433 [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional 434 Cryptographic Algorithms for Use with GOST 28147-89, GOST 435 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 436 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, 437 . 439 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 440 Housley, R., and W. Polk, "Internet X.509 Public Key 441 Infrastructure Certificate and Certificate Revocation List 442 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 443 . 445 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 446 RFC 5652, DOI 10.17487/RFC5652, September 2009, 447 . 449 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: 450 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 451 2013, . 453 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: 454 Digital Signature Algorithm", RFC 7091, 455 DOI 10.17487/RFC7091, December 2013, 456 . 458 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., 459 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines 460 on the Cryptographic Algorithms to Accompany the Usage of 461 Standards GOST R 34.10-2012 and GOST R 34.11-2012", 462 RFC 7836, DOI 10.17487/RFC7836, March 2016, 463 . 465 9.2. Informative References 467 [ANS17] Alekseev, E., Nikolaev, V., and S. Smyshlyaev, "On the 468 security properties of Russian standardized elliptic 469 curves.", Mathematical Aspects of Cryptography 9:3. P. 470 5-32., DOI 10.4213/mvk260, 2018. 472 [GOSTR3410-2012] 473 Federal Agency on Technical Regulating and Metrology, 474 "Information technology. Cryptographic data security. 475 Signature and verification processes of [electronic] 476 digital signature", GOST R 34.10-2012, 2012. 478 [GOSTR3411-2012] 479 Federal Agency on Technical Regulating and Metrology, 480 "Information technology. Cryptographic Data Security. 481 Hashing function", GOST R 34.11-2012, 2012. 483 Appendix A. GostR3410-2012-PKISyntax 485 GostR3410-2012-PKISyntax 486 { iso(1) member-body(2) ru(643) rosstandart(7) 487 tc26(1) modules(0) gostR3411-2012-PKISyntax(2) } 489 DEFINITIONS ::= 490 BEGIN 491 -- EXPORTS All -- 493 -- ASN.1 TC 26 root 494 id-tc26 OBJECT IDENTIFIER ::= 495 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } 497 -- Signature algorithm 498 id-tc26-sign OBJECT IDENTIFIER ::= 499 { id-tc26 algorithms(1) sign(1) } 501 -- Signature algorithm parameters 502 id-tc26-sign-constants OBJECT IDENTIFIER ::= 503 { id-tc26 constants(2) sign(1) } 505 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters 506 id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= 507 { id-tc26-sign-constants gost-3410-2012-256(1) } 509 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters 510 id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= 511 { id-tc26-sign-constants gost-3410-2012-512(2) } 513 -- GOST R 34.10-2012 / 256 bits signature algorithm 514 id-tc26-gost3410-2012-256 OBJECT IDENTIFIER ::= 515 { id-tc26-sign gost3410-2012-256(1) } 517 -- GOST R 34.10-2012 / 512 bits signature algorithm 518 id-tc26-gost3410-2012-512 OBJECT IDENTIFIER ::= 519 { id-tc26-sign gost3410-2012-512(2) } 520 -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits 521 -- with GOST R 34.11-2012 522 id-tc26-signwithdigest-gost3410-2012-256 OBJECT IDENTIFIER ::= 523 { id-tc26-signwithdigest gost3410-2012-256(2) } 525 -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits 526 -- with GOST R 34.11-2012 527 id-tc26-signwithdigest-gost3410-2012-512 OBJECT IDENTIFIER ::= 528 { id-tc26-signwithdigest gost3410-2012-512(3) } 530 -- GOST R 34.10-2012 / 256 bits Signature algorithm parameters ID: 531 -- "Set A" 532 id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= 533 { id-tc26-gost-3410-2012-256-constants paramSetA(1) } 535 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 536 -- "Set B" 537 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 538 { id-tc26-gost-3410-2012-256-constants paramSetB(2) } 540 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 541 -- "Set C" 542 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 543 { id-tc26-gost-3410-2012-256-constants paramSetC(3) } 545 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 546 -- "Set D" 547 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 548 { id-tc26-gost-3410-2012-256-constants paramSetD(4) } 550 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 551 -- "Test set" 552 id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= 553 { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } 555 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 556 -- "Set A" 557 id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= 558 { id-tc26-gost-3410-2012-512-constants paramSetA(1) } 560 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 561 -- "Set B" 562 id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= 563 { id-tc26-gost-3410-2012-512-constants paramSetB(2) } 565 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 566 -- "Set C" 567 id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= 568 { id-tc26-gost-3410-2012-512-constants paramSetC(3) } 570 -- Public key GOST R 34.10-2012 / 256 bits 571 GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) 572 -- Public key GOST R 34.10-2012 / 512 bits 573 GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) 574 -- Public key GOST R 34.10-2012 575 GostR3410-PublicKey ::= OCTET STRING (SIZE (64 | 128)) 577 -- Public key parameters GOST R 34.10-2012 578 GostR3410-2012-PublicKeyParameters ::= 579 SEQUENCE { 580 publicKeyParamSet OBJECT IDENTIFIER, 581 digestParamSet OBJECT IDENTIFIER OPTIONAL 582 } 584 END -- GostR3410-2012-PKISyntax 586 Appendix B. Public key parameters 588 Here we define three new object identifiers for three existing public 589 key parameter sets defined in [RFC4357]. These object identifiers 590 MUST be used with GOST R 34.10-2012 public keys only. 592 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 593 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 594 sign-constants(1) gost-3410-12-256-constants(1) paramSetB(2)} 596 The elliptic curve of this parameter set is the same as of id- 597 GostR3410-2001-CryptoPro-A-ParamSet which can be found in [RFC4357]. 599 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 600 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 601 sign-constants(1) gost-3410-12-256-constants(1) paramSetC(3)} 603 The elliptic curve of this parameter set is the same as of id- 604 GostR3410-2001-CryptoPro-B-ParamSet which can be found in [RFC4357]. 606 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 607 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 608 sign-constants(1) gost-3410-12-256-constants(1) paramSetD(4)} 610 The elliptic curve of this parameter set is the same as of id- 611 GostR3410-2001-CryptoPro-C-ParamSet which can be found in [RFC4357]. 613 Appendix C. Test Examples 615 C.1. GOST R 34.10-2001 Test parameters (256 bit private key length) 617 This example uses curve defined in Section 7.1 of [RFC7091]. 619 Private key is 621 d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 623 Public key is 625 X = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B 626 Y = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA 628 C.1.1. Certificate request 629 -----BEGIN CERTIFICATE REQUEST----- 630 MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq 631 hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b 632 cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB 633 AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN 634 ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== 635 -----END CERTIFICATE REQUEST----- 637 0 211: SEQUENCE { 638 3 129: SEQUENCE { 639 6 1: INTEGER 0 640 9 18: SEQUENCE { 641 11 16: SET { 642 13 14: SEQUENCE { 643 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) 644 20 7: PrintableString 'Example' 645 : } 646 : } 647 : } 648 29 102: SEQUENCE { 649 31 31: SEQUENCE { 650 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 651 43 19: SEQUENCE { 652 45 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 653 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 654 : } 655 : } 656 64 67: BIT STRING, encapsulates { 657 67 64: OCTET STRING 658 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 659 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 660 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 661 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 662 : } 663 : } 664 133 0: [0] {} 665 : } 666 135 10: SEQUENCE { 667 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 668 : } 669 147 65: BIT STRING 670 : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 671 : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A 672 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 673 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 674 : } 676 C.1.2. Certificate 678 -----BEGIN CERTIFICATE----- 679 MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 680 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 681 YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv 682 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 683 lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB 684 AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k 685 GXQFNVSkJ2e4OtBD/TncBJM= 686 -----END CERTIFICATE----- 688 0 301: SEQUENCE { 689 4 219: SEQUENCE { 690 7 3: [0] { 691 9 1: INTEGER 2 692 : } 693 12 1: INTEGER 10 694 15 10: SEQUENCE { 695 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 696 : } 697 27 18: SEQUENCE { 698 29 16: SET { 699 31 14: SEQUENCE { 700 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 701 38 7: PrintableString 'Example' 702 : } 703 : } 704 : } 705 47 32: SEQUENCE { 706 49 13: UTCTime 01/01/2001 00:00:00 GMT 707 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 708 : } 709 81 18: SEQUENCE { 710 83 16: SET { 711 85 14: SEQUENCE { 712 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 713 92 7: PrintableString 'Example' 714 : } 715 : } 716 : } 717 101 102: SEQUENCE { 718 103 31: SEQUENCE { 719 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 720 115 19: SEQUENCE { 721 117 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 722 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 723 : } 724 : } 725 136 67: BIT STRING, encapsulates { 726 139 64: OCTET STRING 727 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 728 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 729 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 730 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 731 : } 732 : } 733 205 19: [3] { 734 207 17: SEQUENCE { 735 209 15: SEQUENCE { 736 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 737 216 1: BOOLEAN TRUE 738 219 5: OCTET STRING, encapsulates { 739 221 3: SEQUENCE { 740 223 1: BOOLEAN TRUE 741 : } 742 : } 743 : } 744 : } 745 : } 746 : } 747 226 10: SEQUENCE { 748 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 749 : } 750 238 65: BIT STRING 751 : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF 752 : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C 753 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 754 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 755 : } 757 C.1.3. Certificate Revocation List 758 -----BEGIN X509 CRL----- 759 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 760 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ 761 RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD 762 /TncBJM= 763 -----END X509 CRL----- 765 0 146: SEQUENCE { 766 3 65: SEQUENCE { 767 5 1: INTEGER 1 768 8 10: SEQUENCE { 769 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 770 : } 771 20 18: SEQUENCE { 772 22 16: SET { 773 24 14: SEQUENCE { 774 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 775 31 7: PrintableString 'Example' 776 : } 777 : } 778 : } 779 40 13: UTCTime 01/01/2014 00:00:00 GMT 780 55 13: UTCTime 02/01/2014 00:00:00 GMT 781 : } 782 70 10: SEQUENCE { 783 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 784 : } 785 82 65: BIT STRING 786 : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F 787 : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 788 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 789 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 790 : } 792 C.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private key 793 length) 795 This example uses curve defined in Section A.2 of [RFC7836]. 797 Private key is 799 d = 0x3A929ADE789BB9BE10ED359DD39A72C10B87C83F80BE18B85C041F4325B62EC1 801 Public key is 803 X = 0x99C3DF265EA59350640BA69D1DE04418AF3FEA03EC0F85F2DD84E8BED4952774 804 Y = 0xE218631A69C47C122E2D516DA1C09E6BD19344D94389D1F16C0C4D4DCF96F578 806 C.2.1. Certificate request 808 -----BEGIN CERTIFICATE REQUEST----- 809 MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF 810 AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP 811 TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq 812 Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH 813 em9bOg4Jcxjnrm7naQ== 814 -----END CERTIFICATE REQUEST----- 816 0 202: SEQUENCE { 817 3 121: SEQUENCE { 818 5 1: INTEGER 0 819 8 18: SEQUENCE { 820 10 16: SET { 821 12 14: SEQUENCE { 822 14 3: OBJECT IDENTIFIER commonName (2 5 4 3) 823 19 7: PrintableString 'Example' 824 : } 825 : } 826 : } 827 28 94: SEQUENCE { 828 30 23: SEQUENCE { 829 32 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 830 42 11: SEQUENCE { 831 44 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 832 : } 833 : } 834 55 67: BIT STRING, encapsulates { 835 58 64: OCTET STRING 836 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 837 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 838 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 839 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 840 : } 841 : } 842 124 0: [0] {} 843 : } 844 126 10: SEQUENCE { 845 128 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 846 : } 847 138 65: BIT STRING 848 : 1B DC 2A 13 17 67 9B 66 23 2F 63 EA 16 FF 7C 64 849 : CC AA B9 AD 85 5F C6 E1 80 91 66 1D B7 9D 48 12 850 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 851 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 852 : } 854 C.2.2. Certificate 856 -----BEGIN CERTIFICATE----- 857 MIIBJTCB06ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 858 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 859 YW1wbGUwXjAXBggqhQMHAQEBATALBgkqhQMHAQIBAQEDQwAEQHQnldS+6ITd8oUP 860 7APqP68YROAdnaYLZFCTpV4m38OZePWWz01NDGzx0YlD2UST0WuewKFtUS0uEnzE 861 aRpjGOKjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoUDBwEBAwIDQQAUC02pEksJ 862 yw1c6Sjuh0JzoxASlJLsDik2njt5EkhXjB0OHaW+NHxvG1JWx66sIArWSsd6b1s6 863 DglzGOeubudp 864 -----END CERTIFICATE----- 866 0 293: SEQUENCE { 867 4 211: SEQUENCE { 868 7 3: [0] { 869 9 1: INTEGER 2 870 : } 871 12 1: INTEGER 10 872 15 10: SEQUENCE { 873 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 874 : } 875 27 18: SEQUENCE { 876 29 16: SET { 877 31 14: SEQUENCE { 878 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 879 38 7: PrintableString 'Example' 880 : } 881 : } 882 : } 883 47 32: SEQUENCE { 884 49 13: UTCTime 01/01/2001 00:00:00 GMT 885 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 886 : } 887 81 18: SEQUENCE { 888 83 16: SET { 889 85 14: SEQUENCE { 890 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 891 92 7: PrintableString 'Example' 892 : } 893 : } 894 : } 895 101 94: SEQUENCE { 896 103 23: SEQUENCE { 897 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 898 115 11: SEQUENCE { 899 117 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 900 : } 901 : } 903 128 67: BIT STRING, encapsulates { 904 131 64: OCTET STRING 905 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 906 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 907 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 908 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 909 : } 910 : } 911 197 19: [3] { 912 199 17: SEQUENCE { 913 201 15: SEQUENCE { 914 203 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 915 208 1: BOOLEAN TRUE 916 211 5: OCTET STRING, encapsulates { 917 213 3: SEQUENCE { 918 215 1: BOOLEAN TRUE 919 : } 920 : } 921 : } 922 : } 923 : } 924 : } 925 218 10: SEQUENCE { 926 220 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 927 : } 928 230 65: BIT STRING 929 : 14 0B 4D A9 12 4B 09 CB 0D 5C E9 28 EE 87 42 73 930 : A3 10 12 94 92 EC 0E 29 36 9E 3B 79 12 48 57 8C 931 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 932 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 933 : } 935 C.2.3. Certificate Revocation List 936 -----BEGIN X509 CRL----- 937 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 938 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBABS9aAh8O5A8eqKL 939 B/6y571v4JY/VjJnNZ9c2Oq0UFmtHQ4dpb40fG8bUlbHrqwgCtZKx3pvWzoOCXMY 940 565u52k= 941 -----END X509 CRL----- 943 0 146: SEQUENCE { 944 3 65: SEQUENCE { 945 5 1: INTEGER 1 946 8 10: SEQUENCE { 947 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 948 : } 949 20 18: SEQUENCE { 950 22 16: SET { 951 24 14: SEQUENCE { 952 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 953 31 7: PrintableString 'Example' 954 : } 955 : } 956 : } 957 40 13: UTCTime 01/01/2014 00:00:00 GMT 958 55 13: UTCTime 02/01/2014 00:00:00 GMT 959 : } 960 70 10: SEQUENCE { 961 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 962 : } 963 82 65: BIT STRING 964 : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD 965 : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD 966 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 967 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 968 : } 970 C.3. GOST R 34.10-2012 Test parameters (512 bit private key length) 972 This example uses curve defined in Appendix D. 974 Private key is 976 d = 0x0BA6048AADAE241BA40936D47756D7C93091A0E8514669700EE7508E508B1020\\ 977 72E8123B2200A0563322DAD2827E2714A2636B7BFD18AADFC62967821FA18DD4 979 Public key is 981 X = 0x115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1815B5C320C854621DD\\ 982 5A515856D13314AF69BC5B924C8B4DDFF75C45415C1D9DD9DD33612CD530EFE1 983 Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0E2634FA0503B3D52639F5D7FB72AFD61\\ 984 EA199441D943FFE7F0C70A2759A3CDB84C114E1F9339FDF27F35ECA93677BEEC 986 C.3.1. Certificate request 988 -----BEGIN CERTIFICATE REQUEST----- 989 MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG 990 CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR 991 Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R 992 TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH 993 N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q 994 wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e 995 PGie5RKjyC7g3MJkPHjuqPys01SSVYSGsg8cnsGXyQaZhQJgyTvLzZxcMxfhk0Th 996 c642 997 -----END CERTIFICATE REQUEST----- 999 0 335: SEQUENCE { 1000 4 188: SEQUENCE { 1001 7 1: INTEGER 0 1002 10 18: SEQUENCE { 1003 12 16: SET { 1004 14 14: SEQUENCE { 1005 16 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1006 21 7: PrintableString 'Example' 1007 : } 1008 : } 1009 : } 1010 30 160: SEQUENCE { 1011 33 23: SEQUENCE { 1012 35 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1013 45 11: SEQUENCE { 1014 47 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1015 : } 1016 : } 1017 58 132: BIT STRING, encapsulates { 1018 62 128: OCTET STRING 1019 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1020 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1021 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1022 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1023 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1024 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1025 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1026 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1027 : } 1028 : } 1029 193 0: [0] {} 1030 : } 1031 195 10: SEQUENCE { 1032 197 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1033 : } 1034 207 129: BIT STRING 1035 : 43 3B 1D 6C E4 0A 51 F1 E5 73 7E B1 6A A2 C6 83 1036 : 82 9A 40 5B 9D 91 27 E2 12 60 FC 9D 6A C0 5D 87 1037 : BF 24 E2 6C 45 27 8A 5C 21 92 A7 5B A9 49 93 AB 1038 : D6 07 4E 7F F1 BF 03 FD 2F 53 97 AF A1 D9 45 58 1039 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1040 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1041 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1042 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1043 : } 1045 C.3.2. Certificate 1047 -----BEGIN CERTIFICATE----- 1048 MIIBqjCCARagAwIBAgIBCzAKBggqhQMHAQEDAzASMRAwDgYDVQQDEwdFeGFtcGxl 1049 MCAXDTAxMDEwMTAwMDAwMFoYDzIwNTAxMjMxMDAwMDAwWjASMRAwDgYDVQQDEwdF 1050 eGFtcGxlMIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz 1051 3dmdHVxBRVz3302LTJJbvGmvFDPRVlhRWt0hRoUMMlxbgcEzvmVaqMTUQOe5io1Z 1052 SHsMdpa8xV0R7L53NqnsNX/y/TmTH04RTLjNo1knCsfw5/9D2UGUGeph/Sq3f12f 1053 Y1I9O1CgT2PioM9Rt8E63CFWDwvUDMnHN6MTMBEwDwYDVR0TAQH/BAUwAwEB/zAK 1054 BggqhQMHAQEDAwOBgQBBVwPYkvGl8/aMQ1MYmn7iB7gLVjHvnUlSmk1rVCws+hWq 1055 LqzxH0cP3n2VSFaQPDX9j5Ve8wDZXHdTSnJKDu5wL4b6YKCBCRoj3XleHjxonuUS 1056 o8gu4NzCZDx47qj8rNNUklWEhrIPHJ7Bl8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1057 -----END CERTIFICATE----- 1059 0 426: SEQUENCE { 1060 4 278: SEQUENCE { 1061 8 3: [0] { 1062 10 1: INTEGER 2 1063 : } 1064 13 1: INTEGER 11 1065 16 10: SEQUENCE { 1066 18 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1067 : } 1068 28 18: SEQUENCE { 1069 30 16: SET { 1070 32 14: SEQUENCE { 1071 34 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1072 39 7: PrintableString 'Example' 1073 : } 1074 : } 1075 : } 1076 48 32: SEQUENCE { 1077 50 13: UTCTime 01/01/2001 00:00:00 GMT 1078 65 15: GeneralizedTime 31/12/2050 00:00:00 GMT 1079 : } 1080 82 18: SEQUENCE { 1081 84 16: SET { 1082 86 14: SEQUENCE { 1083 88 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1084 93 7: PrintableString 'Example' 1085 : } 1086 : } 1087 : } 1088 102 160: SEQUENCE { 1089 105 23: SEQUENCE { 1090 107 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1091 117 11: SEQUENCE { 1092 119 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1093 : } 1094 : } 1095 130 132: BIT STRING, encapsulates { 1096 134 128: OCTET STRING 1097 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1098 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1099 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1100 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1101 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1102 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1103 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1104 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1105 : } 1106 : } 1107 265 19: [3] { 1108 267 17: SEQUENCE { 1109 269 15: SEQUENCE { 1110 271 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1111 276 1: BOOLEAN TRUE 1112 279 5: OCTET STRING, encapsulates { 1113 281 3: SEQUENCE { 1114 283 1: BOOLEAN TRUE 1115 : } 1116 : } 1117 : } 1118 : } 1119 : } 1120 : } 1121 286 10: SEQUENCE { 1122 288 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1123 : } 1124 298 129: BIT STRING 1125 : 41 57 03 D8 92 F1 A5 F3 F6 8C 43 53 18 9A 7E E2 1126 : 07 B8 0B 56 31 EF 9D 49 52 9A 4D 6B 54 2C 2C FA 1127 : 15 AA 2E AC F1 1F 47 0F DE 7D 95 48 56 90 3C 35 1128 : FD 8F 95 5E F3 00 D9 5C 77 53 4A 72 4A 0E EE 70 1129 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1130 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1131 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1132 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1133 : } 1135 C.3.3. Certificate Revocation List 1136 -----BEGIN X509 CRL----- 1137 MIHTMEECAQEwCgYIKoUDBwEBAwMwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 1138 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAwOBgQA6E/t67NtVYO72 1139 E3z8XdZGkXMuv7NpCh/Ax+ik7uoIMH1kjU3AmGxGqHs/vkx69C6jQ1nHlZVMo5/z 1140 q77ZBR9NL4b6YKCBCRoj3XleHjxonuUSo8gu4NzCZDx47qj8rNNUklWEhrIPHJ7B 1141 l8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1142 -----END X509 CRL----- 1144 0 211: SEQUENCE { 1145 3 65: SEQUENCE { 1146 5 1: INTEGER 1 1147 8 10: SEQUENCE { 1148 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1149 : } 1150 20 18: SEQUENCE { 1151 22 16: SET { 1152 24 14: SEQUENCE { 1153 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1154 31 7: PrintableString 'Example' 1155 : } 1156 : } 1157 : } 1158 40 13: UTCTime 01/01/2014 00:00:00 GMT 1159 55 13: UTCTime 02/01/2014 00:00:00 GMT 1160 : } 1161 70 10: SEQUENCE { 1162 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1163 : } 1164 82 129: BIT STRING 1165 : 3A 13 FB 7A EC DB 55 60 EE F6 13 7C FC 5D D6 46 1166 : 91 73 2E BF B3 69 0A 1F C0 C7 E8 A4 EE EA 08 30 1167 : 7D 64 8D 4D C0 98 6C 46 A8 7B 3F BE 4C 7A F4 2E 1168 : A3 43 59 C7 95 95 4C A3 9F F3 AB BE D9 05 1F 4D 1169 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1170 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1171 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1172 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1173 : } 1175 Appendix D. GOST R 34.10-2012 Test parameters (curve definition) 1177 The following parameters must be used for digital signature 1178 generation and verification. 1180 D.1. Elliptic Curve Modulus 1182 The following value is assigned to parameter p in this example: 1184 p = 36239861022290036359077887536838743060213209255346786050\\ 1185 8654615045085616662400248258848202227149685402509082360305\\ 1186 8735163734263822371964987228582907372403, 1188 p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1189 F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373. 1191 D.2. Elliptic Curve Coefficients 1193 Parameters a and b take the following values in this example: 1195 a = 7, 1197 a = 0x7, 1199 b = 1518655069210828534508950034714043154928747527740206436\\ 1200 1940188233528099824437937328297569147859746748660416053978836775\\ 1201 96626326413990136959047435811826396, 1203 b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC4\\ 1204 361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC. 1206 D.3. Elliptic Curve Points Group Order 1208 Parameter m takes the following value in this example: 1210 m = 36239861022290036359077887536838743060213209255346786050865461\\ 1211 504508561666239691648983050328630684999614040794379365854558651922\\ 1212 12970734808812618120619743, 1214 m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1215 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1217 D.4. Order of Cyclic Subgroup of Elliptic Curve Points Group 1219 Parameter q takes the following value in this example: 1221 q = 36239861022290036359077887536838743060213209255346786050865461\\ 1222 504508561666239691648983050328630684999614040794379365854558651922\\ 1223 12970734808812618120619743, 1225 q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1226 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1228 D.5. Elliptic Curve Point Coordinates 1230 Point P coordinates take the following values in this example: 1232 x = 1928356944067022849399309401243137598997786635459507974357075491\\ 1233 307766592685835441065557681003184874819658004903212332884252335830\\ 1234 250729527632383493573274, 1236 x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762\\ 1237 FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A, 1239 y = 22887286933719728599700121555294784163535623273295061803\\ 1240 144974259311028603015728141419970722717088070665938506503341523818\\ 1241 57347798885864807605098724013854, 1243 y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2\\ 1244 C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E. 1246 Appendix E. Contributors 1248 o Semen Pianov 1249 InfoTeCS JSC 1250 Semen.Pianov@infotecs.ru 1252 o Ekaterina Karelina 1253 InfoTeCS JSC 1254 Ekaterina.Karelina@infotecs.ru 1256 o Dmitry Belyavsky 1257 Cryptocom 1258 beldmit@gmail.com 1260 Authors' Addresses 1262 Dmitry Baryshkov (editor) 1263 Mentor Graphics (Ireland) Ltd. 1264 Pevchesky lane, 12 1265 Saint-Petersburg 197046 1266 Russian Federation 1268 Email: dbaryshkov@gmail.com 1269 Vasily Nikolaev 1270 CryptoPro 1271 18, Suschevsky val 1272 Moscow 127018 1273 Russian Federation 1275 Phone: +7 (495) 995-48-20 1276 Email: nikolaev@cryptopro.ru 1278 Aleksandr Chelpanov 1279 InfoTeCS JSC 1280 Bldg. 1, 1/23, Stary Petrovsko-Razumovskiy Proezd 1281 Moscow 127287 1282 Russian Federation 1284 Phone: +7 (495) 737-61-92 1285 Email: Aleksandr.Chelpanov@infotecs.ru