idnits 2.17.1 draft-deremin-rfc4491-bis-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (23 November 2021) is 875 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '0' on line 1225 -- Looks like a reference, but probably isn't: '3' on line 1271 Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force D. Baryshkov, Ed. 3 Internet-Draft Linaro Ltd. 4 Intended status: Informational V. Nikolaev 5 Expires: 27 May 2022 CryptoPro 6 A. Chelpanov 7 InfoTeCS JSC 8 23 November 2021 10 Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms with the 11 Internet X.509 Public Key Infrastructure 12 draft-deremin-rfc4491-bis-08 14 Abstract 16 This document describes encoding formats, identifiers, and parameter 17 formats for the algorithms GOST R 34.10-2012 and GOST R 34.11-2012 18 for use in Internet X.509 Public Key Infrastructure (PKI). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on 27 May 2022. 37 Copyright Notice 39 Copyright (c) 2021 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 44 license-info) in effect on the date of publication of this document. 45 Please review these documents carefully, as they describe your rights 46 and restrictions with respect to this document. Code Components 47 extracted from this document must include Revised BSD License text as 48 described in Section 4.e of the Trust Legal Provisions and are 49 provided without warranty as described in the Revised BSD License. 51 Table of Contents 53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 54 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 55 2. Signature algorithm support . . . . . . . . . . . . . . . . . 3 56 3. Hash functions support . . . . . . . . . . . . . . . . . . . 4 57 4. Subject Public Keys Information Fields . . . . . . . . . . . 5 58 4.1. Public Key identifiers . . . . . . . . . . . . . . . . . 5 59 4.2. Public Key parameters . . . . . . . . . . . . . . . . . . 5 60 4.3. Public Key encoding . . . . . . . . . . . . . . . . . . . 6 61 4.4. Key usage extension . . . . . . . . . . . . . . . . . . . 7 62 5. Qualified certificates extensions . . . . . . . . . . . . . . 7 63 5.1. Distinguished Name additions . . . . . . . . . . . . . . 8 64 5.2. Certificate policies . . . . . . . . . . . . . . . . . . 9 65 5.3. Subject Sign Tool . . . . . . . . . . . . . . . . . . . . 9 66 5.4. Issuer Sign Tool . . . . . . . . . . . . . . . . . . . . 9 67 6. Historical Considerations . . . . . . . . . . . . . . . . . . 10 68 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 69 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 70 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 71 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 72 9.2. Informative References . . . . . . . . . . . . . . . . . 11 73 Appendix A. GostR3410-2012-PKISyntax . . . . . . . . . . . . . . 12 74 Appendix B. GostR3410-2012-RuCertsSyntax . . . . . . . . . . . . 14 75 Appendix C. Public key parameters . . . . . . . . . . . . . . . 17 76 Appendix D. Test Examples . . . . . . . . . . . . . . . . . . . 17 77 D.1. GOST R 34.10-2001 Test parameters (256 bit private key 78 length) . . . . . . . . . . . . . . . . . . . . . . . . . 17 79 D.1.1. Certificate request . . . . . . . . . . . . . . . . . 17 80 D.1.2. Certificate . . . . . . . . . . . . . . . . . . . . . 19 81 D.1.3. Certificate Revocation List . . . . . . . . . . . . . 20 82 D.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private 83 key length) . . . . . . . . . . . . . . . . . . . . . . . 21 84 D.2.1. Certificate request . . . . . . . . . . . . . . . . . 22 85 D.2.2. Certificate . . . . . . . . . . . . . . . . . . . . . 23 86 D.2.3. Certificate Revocation List . . . . . . . . . . . . . 24 87 D.3. GOST R 34.10-2012 Test parameters (512 bit private key 88 length) . . . . . . . . . . . . . . . . . . . . . . . . . 25 89 D.3.1. Certificate request . . . . . . . . . . . . . . . . . 26 90 D.3.2. Certificate . . . . . . . . . . . . . . . . . . . . . 27 91 D.3.3. Certificate Revocation List . . . . . . . . . . . . . 29 92 Appendix E. GOST R 34.10-2012 Test parameters (curve 93 definition) . . . . . . . . . . . . . . . . . . . . . . . 30 94 E.1. Elliptic Curve Modulus . . . . . . . . . . . . . . . . . 30 95 E.2. Elliptic Curve Coefficients . . . . . . . . . . . . . . . 31 96 E.3. Elliptic Curve Points Group Order . . . . . . . . . . . . 31 97 E.4. Order of Cyclic Subgroup of Elliptic Curve Points 98 Group . . . . . . . . . . . . . . . . . . . . . . . . . . 31 99 E.5. Elliptic Curve Point Coordinates . . . . . . . . . . . . 31 100 Appendix F. Contributors . . . . . . . . . . . . . . . . . . . . 32 101 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 103 1. Introduction 105 This document describes the conventions for using the GOST R 106 34.10-2012 [GOSTR3410-2012] (see [RFC7091]) signature algorithm and 107 GOST R 34.11-2012 [GOSTR3411-2012] (see [RFC6986]) hash function in 108 the Internet X.509 Public Key Infrastructure (PKI) [RFC5280]. 110 This specification defines the contents of the signatureAlgorithm, 111 signatureValue, signature, and subjectPublicKeyInfo fields within 112 X.509 Certificates and CRLs. For each algorithm, the appropriate 113 alternatives for the keyUsage certificate extension are provided. 115 1.1. Requirements Language 117 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 118 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 119 "OPTIONAL" in this document are to be interpreted as described in BCP 120 14 [RFC2119] [RFC8174] when, and only when, they appear in all 121 capitals, as shown here. 123 2. Signature algorithm support 125 Conforming CAs MAY use GOST R 34.10-2012 signature algorithm to sign 126 certificates and CRLs. This signature algorithm MUST always be used 127 with GOST R 34.11-2012 hash function. It may use keys length of 128 either 256 bits or 512 bits. 130 The ASN.1 object identifier used to identify GOST R 34.10-2012 131 signature algorithm with 256-bit key length and GOST R 34.11-2012 132 hash function with 256-bit hash code is: 134 id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= 135 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 136 algorithms(1) signwithdigest(3) gost3410-12-256(2)} 138 GOST R 34.10-2012 signature algorithm with 256-bit key length 139 generates a digital signature in the form of two 256-bit integers, r 140 and s. Its octet string representation consists of 64 octets, where 141 the first 32 octets contain the big-endian representation of s and 142 the second 32 octets contain the big-endian representation of r. 144 The ASN.1 object identifier used to identify GOST R 34.10-2012 145 signature algorithm with 512-bit key length and GOST R 34.11-2012 146 hash function with 512-bit hash code is: 148 id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= 149 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 150 algorithms(1) signwithdigest(3) gost3410-12-512(3)} 152 GOST R 34.10-2012 signature algorithm with 512-bit key length 153 generates a digital signature in the form of two 512-bit integers, r 154 and s. Its octet string representation consists of 128 octets, where 155 the first 64 octets contain the big-endian representation of s and 156 the second 64 octets contain the big-endian representation of r. 158 When either of these OID is used as the algorithm field in an 159 AlgorithmIdentifier structure, the encoding MUST omit the parameters 160 field. 162 The described definition of a signature value is directly usable in 163 CMS [RFC5652], where such values are represented as octet strings. 164 However, signature values in certificates and CRLs [RFC5280] are 165 represented as bit strings, and thus the octet string representation 166 must be converted. 168 To convert an octet string signature value to a bit string, the most 169 significant bit of the first octet of the signature value SHALL 170 become the first bit of the bit string, and so on through the least 171 significant bit of the last octet of the signature value, which SHALL 172 become the last bit of the bit string. 174 3. Hash functions support 176 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 177 function with 256-bit hash code is: 179 id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= 180 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 181 algorithms(1) digest(2) gost3411-12-256(2)} 183 The ASN.1 object identifier used to identify GOST R 34.11-2012 hash 184 function with 512-bit hash code is: 186 id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= 187 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 188 algorithms(1) digest(2) gost3411-12-512(3)} 190 When either of these OID is used as the algorithm field in an 191 AlgorithmIdentifier structure, the encoding MUST omit the parameters 192 field. 194 4. Subject Public Keys Information Fields 196 4.1. Public Key identifiers 198 GOST R 34.10-2012 public keys with 256 bits private key length are 199 identified by the following OID: 201 id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= 202 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 203 algorithms(1) sign(1) gost3410-12-256(1)} 205 GOST R 34.10-2012 public keys with 512 bits private key length are 206 identified by the following OID: 208 id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= 209 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) 210 algorithms(1) sign(1) gost3410-12-512(2)} 212 4.2. Public Key parameters 214 When either of these identifiers appears as algorithm field in 215 SubjectPublicKeyInfo.algorithm.algorithm field, parameters field MUST 216 have the following structure: 218 GostR3410-2012-PublicKeyParameters ::= SEQUENCE 219 { 220 publicKeyParamSet OBJECT IDENTIFIER, 221 digestParamSet OBJECT IDENTIFIER OPTIONAL 222 } 224 where: 226 * publicKeyParamSet - public key parameters identifier for GOST R 227 34.10-2012 (see Sections 5.1.1 and 5.2.1 of [RFC7836] or 228 Appendix C) or GOST R 34.10-2001 (see Section 8.4 of [RFC4357]) 229 parameters. 231 * digestParamSet - parameter identifier for corresponding GOST R 232 34.11-2012 (See Section 3). 234 The following values when used as publicKeyParamSet define test 235 public key parameter sets and MUST NOT be used outside of testing 236 scenarios: 238 * id-GostR3410-2001-TestParamSet, 240 * id-tc26-gost-3410-2012-512-paramSetTest 242 The field digestParamSet: 244 * SHOULD be omitted if GOST R 34.10-2012 signature algorithm is used 245 with 512-bit key length; 247 * MUST be present and must be equal to id-tc26-digest- 248 gost3411-12-256 if one of the following values is used as 249 publicKeyParamSet: 251 - id-GostR3410-2001-TestParamSet, 253 - id-GostR3410-2001-CryptoPro-A-ParamSet, 255 - id-GostR3410-2001-CryptoPro-B-ParamSet, 257 - id-GostR3410-2001-CryptoPro-C-ParamSet, 259 - id-GostR3410-2001-CryptoPro-XchA-ParamSet, 261 - id-GostR3410-2001-CryptoPro-XchB-ParamSet; 263 * SHOULD be omitted if publicKeyParamSet is equal to: 265 - id-tc26-gost-3410-2012-256-paramSetA; 267 * MUST be omitted if one of the following values is used as 268 publicKeyParamSet: 270 - id-tc26-gost-3410-2012-256-paramSetB, 272 - id-tc26-gost-3410-2012-256-paramSetC, 274 - id-tc26-gost-3410-2012-256-paramSetD. 276 4.3. Public Key encoding 278 The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an 279 OCTET STRING. This encoding SHALL be used as the content (i.e., the 280 value) of the subjectPublicKey field (a BIT STRING) of 281 SubjectPublicKeyInfo structure. 283 GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE(64)) 284 GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) 286 GostR3410-2012-256-PublicKey MUST contain 64 octets, where the first 287 32 octets contain the little-endian representation of x and the 288 second 32 octets contains the little-endian representation of y 289 coordinates of the public key. 291 GostR3410-2012-512-PublicKey MUST contain 128 octets, where the first 292 64 octets contain the little-endian representation of x and the 293 second 64 octets contains the little-endian representation of y 294 coordinates of the public key. 296 4.4. Key usage extension 298 If the KeyUsage extension is present in a certificate with GOST R 299 34.10-2012 public key, the following values MAY be present: 301 * digitalSignature (0), 303 * contentCommitment (1), 305 * keyEncipherment (2), 307 * dataEncipherment (3), 309 * keyAgreement (4), 311 * keyCertSign (5), 313 * cRLSign (6), 315 * encipherOnly (7), 317 * decipherOnly (8). 319 Note that contentCommitment was named nonRepudiation in previous 320 versions of X.509. 322 If the key is going to be used for key agreement, flag keyAgreement 323 MUST be present in KeyUsage extension with encipherOnly and 324 decipherOnly flags being optional. However flags encipherOnly and 325 decipherOnly flags MUST NOT be present simultaneously. 327 5. Qualified certificates extensions 329 This section defines additional object identifiers (OIDs) for use in 330 qualified certificates for checking digital signatures. 332 5.1. Distinguished Name additions 334 OGRN is the main state registration number of juridical entities. 336 OGRN ::= NUMERIC STRING (SIZE(13)) 338 Corresponding OID is 1.2.643.100.1. 340 SNILS is the individual insurance account number. 342 SNILS ::= NUMERIC STRING (SIZE(11)) 344 Corresponding OID is 1.2.643.100.3. 346 INNLE is the individual taxpayer number (ITN) of the Legal Entity. 348 INNLE ::= NUMERIC STRING (SIZE(10)) 350 Corresponding OID is 1.2.643.100.4. 352 OGRNIP is the main state registration number of individual 353 enterpreneurs (sole traders). 355 OGRNIP ::= NUMERIC STRING (SIZE(15)) 357 Corresponding OID is 1.2.643.100.5. 359 IdentificationKind represents the way the receiver of the certificate 360 was identified by the CA. 362 IdentificationKind ::= INTEGER { personal(0), remote-cert(1), 363 remote-passport(2), remote-system(3) } 365 Corresponding OID is 1.2.643.100.114. 367 INN is the individual taxpayer number (ITN). 369 INN ::= NUMERIC STRING (SIZE(12)) 371 Corresponding OID is 1.2.643.3.131.1.1. 373 5.2. Certificate policies 375 Russian national regulation body for cryptography defines several 376 security levels of cryptographic tools. Depending on the class of 377 cryptographic token used by certificate owner the following OIDs must 378 be included into certificate policies. Certificate should include 379 OIDs starting from the lowest one (KC1) up to the strongest 380 applicable. 382 * 1.2.643.100.113.1 - class KC1, 384 * 1.2.643.100.113.2 - class KC2, 386 * 1.2.643.100.113.3 - class KC3, 388 * 1.2.643.100.113.4 - class KB1, 390 * 1.2.643.100.113.5 - class KB2, 392 * 1.2.643.100.113.6 - class KA1. 394 5.3. Subject Sign Tool 396 To denote the token or software type used by certificate owner 397 following non-critical SubjectSignTool extension with OID 398 1.2.643.100.111 should be included. It is defined as 400 SubjectSignTool ::= UTF8String(SIZE(1..200)) . 402 5.4. Issuer Sign Tool 404 To denote the tools used to generate key pair and tools used by CA to 405 sign certificate following non-critical IssuerSignTool extension with 406 OID 1.2.643.100.112 should be included. It is defined as 408 IssuerSignTool ::= SEQUENCE { 409 signTool UTF8String(SIZE(1..200)), 410 cATool UTF8String(SIZE(1..200)), 411 signToolCert UTF8String(SIZE(1..100)), 412 cAToolCert UTF8String(SIZE(1..100)) } 414 where: 416 * signTool identifies tools used to create key pair, 418 * cATool identifies tools used by certificate authority, 419 * signToolCert and cAToolCert contain the notice of respective tools 420 conformance to Russian federal law on digital signature. 422 6. Historical Considerations 424 Note that for the significant period of time there were no documents 425 describing GostR3410-2012-PublicKeyParameters. Several old 426 implementations have used GostR3410-2001-PublicKeyParameters instead. 427 These implementations will return an error if digestParamSet field is 428 not included into public key parameters. Thus an implementation 429 wishing to collaborate with old implementations might want to include 430 digestParamSet equal to id-tc26-digest-gost3411-12-512 if one of the 431 following values is used as publicKeyParamSet: 433 * id-tc26-gost-3410-12-512-paramSetA, 435 * id-tc26-gost-3410-12-512-paramSetB. 437 Note, that usage of keyEncipherment and dataEncipherment values for 438 the KeyUsage extension is not fully defined for the GOST R 34.10-2012 439 public keys, so they SHOULD be used with additional care. 441 7. IANA Considerations 443 This memo includes no request to IANA. 445 8. Security Considerations 447 It is RECOMMENDED that applications verify signature values and 448 subject public keys to conform to [GOSTR3410-2012] standard 449 ([RFC7091]) prior to their use. 451 It is RECOMMENDED that CAs and applications make sure that the 452 private key for creating signatures is not used for more than its 453 allowed validity period (typically 15 months for GOST R 34.10-2012 454 algorithm). 456 Test parameter sets (id-GostR3410-2001-TestParamSet and id-tc26-gost- 457 3410-2012-512-paramSetTest) MUST NOT be used outside of testing 458 scenarios. Use or parameter sets not described herein is NOT 459 RECOMMENDED. When different parameters are used, it is RECOMMENDED 460 that they be subjected to examination by an authorized agency with 461 approved methods of cryptographic analysis. 463 For security discussion concerning use of algorithm parameters, see 464 [ANS17] and the Security Considerations sections in [RFC4357], 465 [RFC7836]. 467 9. References 469 9.1. Normative References 471 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 472 Requirement Levels", BCP 14, RFC 2119, 473 DOI 10.17487/RFC2119, March 1997, 474 . 476 [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional 477 Cryptographic Algorithms for Use with GOST 28147-89, GOST 478 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 479 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, 480 . 482 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 483 Housley, R., and W. Polk, "Internet X.509 Public Key 484 Infrastructure Certificate and Certificate Revocation List 485 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 486 . 488 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 489 RFC 5652, DOI 10.17487/RFC5652, September 2009, 490 . 492 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012: 493 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August 494 2013, . 496 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012: 497 Digital Signature Algorithm", RFC 7091, 498 DOI 10.17487/RFC7091, December 2013, 499 . 501 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V., 502 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines 503 on the Cryptographic Algorithms to Accompany the Usage of 504 Standards GOST R 34.10-2012 and GOST R 34.11-2012", 505 RFC 7836, DOI 10.17487/RFC7836, March 2016, 506 . 508 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 509 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 510 May 2017, . 512 9.2. Informative References 514 [ANS17] Alekseev, E.K., Nikolaev, V.D., and S.V. Smyshlyaev, "On 515 the security properties of Russian standardized elliptic 516 curves.", Mathematical Aspects of Cryptography 9:3. P. 517 5-32., DOI 10.4213/mvk260, 2018, 518 . 520 [GOSTR3410-2012] 521 Federal Agency on Technical Regulating and Metrology, 522 "Information technology. Cryptographic data security. 523 Signature and verification processes of [electronic] 524 digital signature", GOST R 34.10-2012, 2012. 526 [GOSTR3411-2012] 527 Federal Agency on Technical Regulating and Metrology, 528 "Information technology. Cryptographic Data Security. 529 Hashing function", GOST R 34.11-2012, 2012. 531 Appendix A. GostR3410-2012-PKISyntax 533 GostR3410-2012-PKISyntax 534 { iso(1) member-body(2) ru(643) rosstandart(7) 535 tc26(1) modules(0) gostR3411-2012-PKISyntax(2) } 537 DEFINITIONS ::= 538 BEGIN 539 -- EXPORTS All -- 541 -- ASN.1 TC 26 root 542 id-tc26 OBJECT IDENTIFIER ::= 543 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } 545 -- Signature algorithm 546 id-tc26-sign OBJECT IDENTIFIER ::= 547 { id-tc26 algorithms(1) sign(1) } 549 -- Hash algorithm 550 id-tc26-digest OBJECT IDENTIFIER ::= 551 { id-tc26 algorithms(1) digest(2) } 553 -- Public key identifiers 554 id-tc26-sign-constants OBJECT IDENTIFIER ::= 555 { id-tc26 constants(2) sign(1) } 557 -- Public key algorithm GOST R 34.10-2012 / 256 bits identifiers 558 id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= 559 { id-tc26-sign-constants gost-3410-2012-256(1) } 561 -- Public key algorithm GOST R 34.10-2012 / 512 bits identifiers 562 id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= 563 { id-tc26-sign-constants gost-3410-2012-512(2) } 565 -- GOST R 34.10-2012 / 256 bits signature algorithm 566 id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= 567 { id-tc26-sign gost3410-12-256(1) } 569 -- GOST R 34.10-2012 / 512 bits signature algorithm 570 id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= 571 { id-tc26-sign gost3410-12-512(2) } 573 -- GOST R 34.11-2012 / 256 bits hash algorithm 574 id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= 575 { id-tc26-digest gost3411-12-256(2)} 577 -- GOST R 34.11-2012 / 512 bits hash algorithm 578 id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= 579 { id-tc26-digest gost3411-12-512(3)} 581 -- GOST R 34.10-2012 / GOST R 34.11-2012 sign/hash algorithm 582 id-tc26-signwithdigest OBJECT IDENTIFIER ::= 583 { id-tc26 algorithms(1) signwithdigest(3) } 585 -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits 586 -- with GOST R 34.11-2012 587 id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= 588 { id-tc26-signwithdigest gost3410-12-256(2) } 590 -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits 591 -- with GOST R 34.11-2012 592 id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= 593 { id-tc26-signwithdigest gost3410-12-512(3) } 595 -- GOST R 34.10-2012 / 256 bits Signature algorithm parameters ID: 596 -- "Set A" 597 id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= 598 { id-tc26-gost-3410-2012-256-constants paramSetA(1) } 600 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 601 -- "Set B" 602 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 603 { id-tc26-gost-3410-2012-256-constants paramSetB(2) } 605 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 606 -- "Set C" 607 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 608 { id-tc26-gost-3410-2012-256-constants paramSetC(3) } 609 -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: 610 -- "Set D" 611 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 612 { id-tc26-gost-3410-2012-256-constants paramSetD(4) } 614 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 615 -- "Test set" 616 id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= 617 { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } 619 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 620 -- "Set A" 621 id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= 622 { id-tc26-gost-3410-2012-512-constants paramSetA(1) } 624 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 625 -- "Set B" 626 id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= 627 { id-tc26-gost-3410-2012-512-constants paramSetB(2) } 629 -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: 630 -- "Set C" 631 id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= 632 { id-tc26-gost-3410-2012-512-constants paramSetC(3) } 634 -- Public key GOST R 34.10-2012 / 256 bits 635 GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) 636 -- Public key GOST R 34.10-2012 / 512 bits 637 GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) 638 -- Public key GOST R 34.10-2012 639 GostR3410-2012-PublicKey ::= OCTET STRING (SIZE (64 | 128)) 641 -- Public key parameters GOST R 34.10-2012 642 GostR3410-2012-PublicKeyParameters ::= 643 SEQUENCE { 644 publicKeyParamSet OBJECT IDENTIFIER, 645 digestParamSet OBJECT IDENTIFIER OPTIONAL 646 } 648 END -- GostR3410-2012-PKISyntax 650 Appendix B. GostR3410-2012-RuCertsSyntax 651 RuStrongCertsSyntax 652 { iso(1) member-body(2) ru(643) rosstandart(7) 653 tc26(1) modules(0) ruStrongCertsSyntax(6) } 655 DEFINITIONS ::= 656 BEGIN 657 -- EXPORTS All -- 659 id-ca OBJECT IDENTIFIER ::= 660 { iso(1) member-body(2) ru(643) ca(3) } 662 id-fss OBJECT IDENTIFIER ::= 663 { iso(1) member-body(2) ru(643) fss(100) } 665 id-fns OBJECT IDENTIFIER ::= 666 { id-ca fns(131) } 668 -- The main state registration number of juridical entities. 669 OGRN ::= NumericString(SIZE (13)) 671 id-ORGN OBJECT IDENTIFIER ::= 672 { id-fss orgn(1) } 674 -- The individual insurance account number 675 SNILS ::= NumericString(SIZE (11)) 677 id-SNILS OBJECT IDENTIFIER ::= 678 { id-fss snils(3) } 680 -- The main state registration number of 681 -- individual enterpreneurs (sole traders). 682 OGRNIP ::= NumericString(SIZE (15)) 684 id-OGRNIP OBJECT IDENTIFIER ::= 685 { id-fss ogrnip(5) } 687 id-class OBJECT IDENTIFIER ::= 688 { id-fss class(113) } 690 id-class-kc1 OBJECT IDENTIFIER ::= 691 { id-class kc1(1) } 693 id-class-kc2 OBJECT IDENTIFIER ::= 694 { id-class kc2(2) } 696 id-class-kc3 OBJECT IDENTIFIER ::= 697 { id-class kc3(3) } 699 id-class-kb1 OBJECT IDENTIFIER ::= 700 { id-class kb1(4) } 702 id-class-kb2 OBJECT IDENTIFIER ::= 703 { id-class kb2(5) } 705 id-class-ka OBJECT IDENTIFIER ::= 706 { id-class ka(6) } 708 -- The individual taxpayer number (ITN). 709 INN ::= NumericString(SIZE (12)) 711 id-INN OBJECT IDENTIFIER ::= 712 { id-fns ids(1) inn(1) } 714 -- The organization taxpayer number (OTN). 715 INNLE ::= NumericString(SIZE (10)) 717 id-INNLE OBJECT IDENTIFIER ::= 718 { id-fss innle(4) } 720 -- The token or software type used by certificate owner 721 SubjectSignTool ::= UTF8String(SIZE(1..200)) 723 id-SubjectSignTool OBJECT IDENTIFIER ::= 724 { id-fss subjectSignTool(111) } 726 -- the tools used to generate key pair and tools used by CA 727 -- to sign certificate 728 IssuerSignTool ::= SEQUENCE { 729 signTool UTF8String(SIZE(1..200)), 730 cATool UTF8String(SIZE(1..200)), 731 signToolCert UTF8String(SIZE(1..100)), 732 cAToolCert UTF8String(SIZE(1..100)) } 734 id-IssuerSignTool OBJECT IDENTIFIER ::= 735 { id-fss issuerSignTool(112) } 737 -- The method of identifying owner, when it applies/receives 738 -- certificate in the CA 739 IdentificationKind ::= INTEGER { personal(0), remote-cert(1), 740 remote-passport(2), remote-system(3) } 742 id-IdentificationKind OBJECT IDENTIFIER ::= 743 { id-fss identificationKind(114) } 745 END -- RuStrongCertsSyntax 747 Appendix C. Public key parameters 749 Here we define three new object identifiers for three existing public 750 key parameter sets defined in [RFC4357]. These object identifiers 751 MUST be used with GOST R 34.10-2012 public keys only. 753 id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= 754 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 755 sign-constants(1) gost-3410-12-256-constants(1) paramSetB(2)} 757 The elliptic curve of this parameter set is the same as of id- 758 GostR3410-2001-CryptoPro-A-ParamSet (and id-GostR3410-2001-CryptoPro- 759 XchA-ParamSet) which can be found in [RFC4357]. 761 id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= 762 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 763 sign-constants(1) gost-3410-12-256-constants(1) paramSetC(3)} 765 The elliptic curve of this parameter set is the same as of id- 766 GostR3410-2001-CryptoPro-B-ParamSet which can be found in [RFC4357]. 768 id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= 769 { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) 770 sign-constants(1) gost-3410-12-256-constants(1) paramSetD(4)} 772 The elliptic curve of this parameter set is the same as of id- 773 GostR3410-2001-CryptoPro-C-ParamSet (and id-GostR3410-2001-CryptoPro- 774 XchB-ParamSet) which can be found in [RFC4357]. 776 Appendix D. Test Examples 778 D.1. GOST R 34.10-2001 Test parameters (256 bit private key length) 780 This example uses curve defined in Section 7.1 of [RFC7091]. 782 Private key is 784 d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 786 Public key is 788 X = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B 789 Y = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA 791 D.1.1. Certificate request 792 -----BEGIN CERTIFICATE REQUEST----- 793 MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq 794 hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b 795 cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB 796 AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN 797 ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== 798 -----END CERTIFICATE REQUEST----- 800 0 211: SEQUENCE { 801 3 129: SEQUENCE { 802 6 1: INTEGER 0 803 9 18: SEQUENCE { 804 11 16: SET { 805 13 14: SEQUENCE { 806 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) 807 20 7: PrintableString 'Example' 808 : } 809 : } 810 : } 811 29 102: SEQUENCE { 812 31 31: SEQUENCE { 813 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 814 43 19: SEQUENCE { 815 45 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 816 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 817 : } 818 : } 819 64 67: BIT STRING, encapsulates { 820 67 64: OCTET STRING 821 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 822 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 823 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 824 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 825 : } 826 : } 827 133 0: [0] {} 828 : } 829 135 10: SEQUENCE { 830 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 831 : } 832 147 65: BIT STRING 833 : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 834 : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A 835 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 836 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 837 : } 839 D.1.2. Certificate 841 -----BEGIN CERTIFICATE----- 842 MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 843 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 844 YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv 845 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 846 lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB 847 AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k 848 GXQFNVSkJ2e4OtBD/TncBJM= 849 -----END CERTIFICATE----- 851 0 301: SEQUENCE { 852 4 219: SEQUENCE { 853 7 3: [0] { 854 9 1: INTEGER 2 855 : } 856 12 1: INTEGER 10 857 15 10: SEQUENCE { 858 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 859 : } 860 27 18: SEQUENCE { 861 29 16: SET { 862 31 14: SEQUENCE { 863 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 864 38 7: PrintableString 'Example' 865 : } 866 : } 867 : } 868 47 32: SEQUENCE { 869 49 13: UTCTime 01/01/2001 00:00:00 GMT 870 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 871 : } 872 81 18: SEQUENCE { 873 83 16: SET { 874 85 14: SEQUENCE { 875 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 876 92 7: PrintableString 'Example' 877 : } 878 : } 879 : } 880 101 102: SEQUENCE { 881 103 31: SEQUENCE { 882 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 883 115 19: SEQUENCE { 884 117 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) 885 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' 886 : } 887 : } 888 136 67: BIT STRING, encapsulates { 889 139 64: OCTET STRING 890 : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 891 : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F 892 : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF 893 : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 894 : } 895 : } 896 205 19: [3] { 897 207 17: SEQUENCE { 898 209 15: SEQUENCE { 899 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 900 216 1: BOOLEAN TRUE 901 219 5: OCTET STRING, encapsulates { 902 221 3: SEQUENCE { 903 223 1: BOOLEAN TRUE 904 : } 905 : } 906 : } 907 : } 908 : } 909 : } 910 226 10: SEQUENCE { 911 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 912 : } 913 238 65: BIT STRING 914 : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF 915 : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C 916 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 917 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 918 : } 920 D.1.3. Certificate Revocation List 921 -----BEGIN X509 CRL----- 922 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 923 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ 924 RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD 925 /TncBJM= 926 -----END X509 CRL----- 928 0 146: SEQUENCE { 929 3 65: SEQUENCE { 930 5 1: INTEGER 1 931 8 10: SEQUENCE { 932 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 933 : } 934 20 18: SEQUENCE { 935 22 16: SET { 936 24 14: SEQUENCE { 937 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 938 31 7: PrintableString 'Example' 939 : } 940 : } 941 : } 942 40 13: UTCTime 01/01/2014 00:00:00 GMT 943 55 13: UTCTime 02/01/2014 00:00:00 GMT 944 : } 945 70 10: SEQUENCE { 946 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 947 : } 948 82 65: BIT STRING 949 : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F 950 : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 951 : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 952 : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 953 : } 955 D.2. GOST R 34.10-2012 TC26-256-A parameters (256 bit private key 956 length) 958 This example uses curve defined in Section A.2 of [RFC7836]. 960 Private key is 962 d = 0x3A929ADE789BB9BE10ED359DD39A72C10B87C83F80BE18B85C041F4325B62EC1 964 Public key is 966 X = 0x99C3DF265EA59350640BA69D1DE04418AF3FEA03EC0F85F2DD84E8BED4952774 967 Y = 0xE218631A69C47C122E2D516DA1C09E6BD19344D94389D1F16C0C4D4DCF96F578 969 D.2.1. Certificate request 971 -----BEGIN CERTIFICATE REQUEST----- 972 MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF 973 AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP 974 TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq 975 Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH 976 em9bOg4Jcxjnrm7naQ== 977 -----END CERTIFICATE REQUEST----- 979 0 202: SEQUENCE { 980 3 121: SEQUENCE { 981 5 1: INTEGER 0 982 8 18: SEQUENCE { 983 10 16: SET { 984 12 14: SEQUENCE { 985 14 3: OBJECT IDENTIFIER commonName (2 5 4 3) 986 19 7: PrintableString 'Example' 987 : } 988 : } 989 : } 990 28 94: SEQUENCE { 991 30 23: SEQUENCE { 992 32 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 993 42 11: SEQUENCE { 994 44 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 995 : } 996 : } 997 55 67: BIT STRING, encapsulates { 998 58 64: OCTET STRING 999 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 1000 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 1001 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 1002 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 1003 : } 1004 : } 1005 124 0: [0] {} 1006 : } 1007 126 10: SEQUENCE { 1008 128 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 1009 : } 1010 138 65: BIT STRING 1011 : 1B DC 2A 13 17 67 9B 66 23 2F 63 EA 16 FF 7C 64 1012 : CC AA B9 AD 85 5F C6 E1 80 91 66 1D B7 9D 48 12 1013 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 1014 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 1015 : } 1017 D.2.2. Certificate 1019 -----BEGIN CERTIFICATE----- 1020 MIIBJTCB06ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw 1021 IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 1022 YW1wbGUwXjAXBggqhQMHAQEBATALBgkqhQMHAQIBAQEDQwAEQHQnldS+6ITd8oUP 1023 7APqP68YROAdnaYLZFCTpV4m38OZePWWz01NDGzx0YlD2UST0WuewKFtUS0uEnzE 1024 aRpjGOKjEzARMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoUDBwEBAwIDQQAUC02pEksJ 1025 yw1c6Sjuh0JzoxASlJLsDik2njt5EkhXjB0OHaW+NHxvG1JWx66sIArWSsd6b1s6 1026 DglzGOeubudp 1027 -----END CERTIFICATE----- 1029 0 293: SEQUENCE { 1030 4 211: SEQUENCE { 1031 7 3: [0] { 1032 9 1: INTEGER 2 1033 : } 1034 12 1: INTEGER 10 1035 15 10: SEQUENCE { 1036 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 1037 : } 1038 27 18: SEQUENCE { 1039 29 16: SET { 1040 31 14: SEQUENCE { 1041 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1042 38 7: PrintableString 'Example' 1043 : } 1044 : } 1045 : } 1046 47 32: SEQUENCE { 1047 49 13: UTCTime 01/01/2001 00:00:00 GMT 1048 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT 1049 : } 1050 81 18: SEQUENCE { 1051 83 16: SET { 1052 85 14: SEQUENCE { 1053 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1054 92 7: PrintableString 'Example' 1055 : } 1056 : } 1057 : } 1058 101 94: SEQUENCE { 1059 103 23: SEQUENCE { 1060 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' 1061 115 11: SEQUENCE { 1062 117 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 1 1' 1063 : } 1064 : } 1066 128 67: BIT STRING, encapsulates { 1067 131 64: OCTET STRING 1068 : 74 27 95 D4 BE E8 84 DD F2 85 0F EC 03 EA 3F AF 1069 : 18 44 E0 1D 9D A6 0B 64 50 93 A5 5E 26 DF C3 99 1070 : 78 F5 96 CF 4D 4D 0C 6C F1 D1 89 43 D9 44 93 D1 1071 : 6B 9E C0 A1 6D 51 2D 2E 12 7C C4 69 1A 63 18 E2 1072 : } 1073 : } 1074 197 19: [3] { 1075 199 17: SEQUENCE { 1076 201 15: SEQUENCE { 1077 203 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1078 208 1: BOOLEAN TRUE 1079 211 5: OCTET STRING, encapsulates { 1080 213 3: SEQUENCE { 1081 215 1: BOOLEAN TRUE 1082 : } 1083 : } 1084 : } 1085 : } 1086 : } 1087 : } 1088 218 10: SEQUENCE { 1089 220 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 1090 : } 1091 230 65: BIT STRING 1092 : 14 0B 4D A9 12 4B 09 CB 0D 5C E9 28 EE 87 42 73 1093 : A3 10 12 94 92 EC 0E 29 36 9E 3B 79 12 48 57 8C 1094 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 1095 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 1096 : } 1098 D.2.3. Certificate Revocation List 1099 -----BEGIN X509 CRL----- 1100 MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 1101 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBABS9aAh8O5A8eqKL 1102 B/6y571v4JY/VjJnNZ9c2Oq0UFmtHQ4dpb40fG8bUlbHrqwgCtZKx3pvWzoOCXMY 1103 565u52k= 1104 -----END X509 CRL----- 1106 0 146: SEQUENCE { 1107 3 65: SEQUENCE { 1108 5 1: INTEGER 1 1109 8 10: SEQUENCE { 1110 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 1111 : } 1112 20 18: SEQUENCE { 1113 22 16: SET { 1114 24 14: SEQUENCE { 1115 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1116 31 7: PrintableString 'Example' 1117 : } 1118 : } 1119 : } 1120 40 13: UTCTime 01/01/2014 00:00:00 GMT 1121 55 13: UTCTime 02/01/2014 00:00:00 GMT 1122 : } 1123 70 10: SEQUENCE { 1124 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' 1125 : } 1126 82 65: BIT STRING 1127 : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD 1128 : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD 1129 : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A 1130 : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 1131 : } 1133 D.3. GOST R 34.10-2012 Test parameters (512 bit private key length) 1135 This example uses curve defined in Appendix E. 1137 Private key is 1139 d = 0x0BA6048AADAE241BA40936D47756D7C93091A0E8514669700EE7508E508B1020\\ 1140 72E8123B2200A0563322DAD2827E2714A2636B7BFD18AADFC62967821FA18DD4 1142 Public key is 1144 X = 0x115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1815B5C320C854621DD\\ 1145 5A515856D13314AF69BC5B924C8B4DDFF75C45415C1D9DD9DD33612CD530EFE1 1146 Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0E2634FA0503B3D52639F5D7FB72AFD61\\ 1147 EA199441D943FFE7F0C70A2759A3CDB84C114E1F9339FDF27F35ECA93677BEEC 1149 D.3.1. Certificate request 1151 -----BEGIN CERTIFICATE REQUEST----- 1152 MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG 1153 CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR 1154 Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R 1155 TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH 1156 N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q 1157 wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e 1158 PGie5RKjyC7g3MJkPHjuqPys01SSVYSGsg8cnsGXyQaZhQJgyTvLzZxcMxfhk0Th 1159 c642 1160 -----END CERTIFICATE REQUEST----- 1162 0 335: SEQUENCE { 1163 4 188: SEQUENCE { 1164 7 1: INTEGER 0 1165 10 18: SEQUENCE { 1166 12 16: SET { 1167 14 14: SEQUENCE { 1168 16 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1169 21 7: PrintableString 'Example' 1170 : } 1171 : } 1172 : } 1173 30 160: SEQUENCE { 1174 33 23: SEQUENCE { 1175 35 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1176 45 11: SEQUENCE { 1177 47 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1178 : } 1179 : } 1180 58 132: BIT STRING, encapsulates { 1181 62 128: OCTET STRING 1182 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1183 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1184 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1185 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1186 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1187 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1188 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1189 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1190 : } 1191 : } 1193 193 0: [0] {} 1194 : } 1195 195 10: SEQUENCE { 1196 197 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1197 : } 1198 207 129: BIT STRING 1199 : 43 3B 1D 6C E4 0A 51 F1 E5 73 7E B1 6A A2 C6 83 1200 : 82 9A 40 5B 9D 91 27 E2 12 60 FC 9D 6A C0 5D 87 1201 : BF 24 E2 6C 45 27 8A 5C 21 92 A7 5B A9 49 93 AB 1202 : D6 07 4E 7F F1 BF 03 FD 2F 53 97 AF A1 D9 45 58 1203 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1204 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1205 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1206 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1207 : } 1209 D.3.2. Certificate 1211 -----BEGIN CERTIFICATE----- 1212 MIIBqjCCARagAwIBAgIBCzAKBggqhQMHAQEDAzASMRAwDgYDVQQDEwdFeGFtcGxl 1213 MCAXDTAxMDEwMTAwMDAwMFoYDzIwNTAxMjMxMDAwMDAwWjASMRAwDgYDVQQDEwdF 1214 eGFtcGxlMIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz 1215 3dmdHVxBRVz3302LTJJbvGmvFDPRVlhRWt0hRoUMMlxbgcEzvmVaqMTUQOe5io1Z 1216 SHsMdpa8xV0R7L53NqnsNX/y/TmTH04RTLjNo1knCsfw5/9D2UGUGeph/Sq3f12f 1217 Y1I9O1CgT2PioM9Rt8E63CFWDwvUDMnHN6MTMBEwDwYDVR0TAQH/BAUwAwEB/zAK 1218 BggqhQMHAQEDAwOBgQBBVwPYkvGl8/aMQ1MYmn7iB7gLVjHvnUlSmk1rVCws+hWq 1219 LqzxH0cP3n2VSFaQPDX9j5Ve8wDZXHdTSnJKDu5wL4b6YKCBCRoj3XleHjxonuUS 1220 o8gu4NzCZDx47qj8rNNUklWEhrIPHJ7Bl8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1221 -----END CERTIFICATE----- 1223 0 426: SEQUENCE { 1224 4 278: SEQUENCE { 1225 8 3: [0] { 1226 10 1: INTEGER 2 1227 : } 1228 13 1: INTEGER 11 1229 16 10: SEQUENCE { 1230 18 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1231 : } 1232 28 18: SEQUENCE { 1233 30 16: SET { 1234 32 14: SEQUENCE { 1235 34 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1236 39 7: PrintableString 'Example' 1237 : } 1238 : } 1239 : } 1240 48 32: SEQUENCE { 1241 50 13: UTCTime 01/01/2001 00:00:00 GMT 1242 65 15: GeneralizedTime 31/12/2050 00:00:00 GMT 1243 : } 1244 82 18: SEQUENCE { 1245 84 16: SET { 1246 86 14: SEQUENCE { 1247 88 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1248 93 7: PrintableString 'Example' 1249 : } 1250 : } 1251 : } 1252 102 160: SEQUENCE { 1253 105 23: SEQUENCE { 1254 107 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 2' 1255 117 11: SEQUENCE { 1256 119 9: OBJECT IDENTIFIER '1 2 643 7 1 2 1 2 0' 1257 : } 1258 : } 1259 130 132: BIT STRING, encapsulates { 1260 134 128: OCTET STRING 1261 : E1 EF 30 D5 2C 61 33 DD D9 9D 1D 5C 41 45 5C F7 1262 : DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51 5A 1263 : DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A A8 C4 1264 : D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D 11 1265 : EC BE 77 36 A9 EC 35 7F F2 FD 39 93 1F 4E 11 4C 1266 : B8 CD A3 59 27 0A C7 F0 E7 FF 43 D9 41 94 19 EA 1267 : 61 FD 2A B7 7F 5D 9F 63 52 3D 3B 50 A0 4F 63 E2 1268 : A0 CF 51 B7 C1 3A DC 21 56 0F 0B D4 0C C9 C7 37 1269 : } 1270 : } 1271 265 19: [3] { 1272 267 17: SEQUENCE { 1273 269 15: SEQUENCE { 1274 271 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) 1275 276 1: BOOLEAN TRUE 1276 279 5: OCTET STRING, encapsulates { 1277 281 3: SEQUENCE { 1278 283 1: BOOLEAN TRUE 1279 : } 1280 : } 1281 : } 1282 : } 1283 : } 1284 : } 1285 286 10: SEQUENCE { 1286 288 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1287 : } 1288 298 129: BIT STRING 1289 : 41 57 03 D8 92 F1 A5 F3 F6 8C 43 53 18 9A 7E E2 1290 : 07 B8 0B 56 31 EF 9D 49 52 9A 4D 6B 54 2C 2C FA 1291 : 15 AA 2E AC F1 1F 47 0F DE 7D 95 48 56 90 3C 35 1292 : FD 8F 95 5E F3 00 D9 5C 77 53 4A 72 4A 0E EE 70 1293 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1294 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1295 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1296 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1297 : } 1299 D.3.3. Certificate Revocation List 1300 -----BEGIN X509 CRL----- 1301 MIHTMEECAQEwCgYIKoUDBwEBAwMwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx 1302 MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAwOBgQA6E/t67NtVYO72 1303 E3z8XdZGkXMuv7NpCh/Ax+ik7uoIMH1kjU3AmGxGqHs/vkx69C6jQ1nHlZVMo5/z 1304 q77ZBR9NL4b6YKCBCRoj3XleHjxonuUSo8gu4NzCZDx47qj8rNNUklWEhrIPHJ7B 1305 l8kGmYUCYMk7y82cXDMX4ZNE4XOuNg== 1306 -----END X509 CRL----- 1308 0 211: SEQUENCE { 1309 3 65: SEQUENCE { 1310 5 1: INTEGER 1 1311 8 10: SEQUENCE { 1312 10 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1313 : } 1314 20 18: SEQUENCE { 1315 22 16: SET { 1316 24 14: SEQUENCE { 1317 26 3: OBJECT IDENTIFIER commonName (2 5 4 3) 1318 31 7: PrintableString 'Example' 1319 : } 1320 : } 1321 : } 1322 40 13: UTCTime 01/01/2014 00:00:00 GMT 1323 55 13: UTCTime 02/01/2014 00:00:00 GMT 1324 : } 1325 70 10: SEQUENCE { 1326 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 3' 1327 : } 1328 82 129: BIT STRING 1329 : 3A 13 FB 7A EC DB 55 60 EE F6 13 7C FC 5D D6 46 1330 : 91 73 2E BF B3 69 0A 1F C0 C7 E8 A4 EE EA 08 30 1331 : 7D 64 8D 4D C0 98 6C 46 A8 7B 3F BE 4C 7A F4 2E 1332 : A3 43 59 C7 95 95 4C A3 9F F3 AB BE D9 05 1F 4D 1333 : 2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E 1334 : E5 12 A3 C8 2E E0 DC C2 64 3C 78 EE A8 FC AC D3 1335 : 54 92 55 84 86 B2 0F 1C 9E C1 97 C9 06 99 85 02 1336 : 60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36 1337 : } 1339 Appendix E. GOST R 34.10-2012 Test parameters (curve definition) 1341 The following parameters must be used for digital signature 1342 generation and verification. 1344 E.1. Elliptic Curve Modulus 1346 The following value is assigned to parameter p in this example: 1348 p = 36239861022290036359077887536838743060213209255346786050\\ 1349 8654615045085616662400248258848202227149685402509082360305\\ 1350 8735163734263822371964987228582907372403, 1352 p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1353 F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373. 1355 E.2. Elliptic Curve Coefficients 1357 Parameters a and b take the following values in this example: 1359 a = 7, 1361 a = 0x7, 1363 b = 1518655069210828534508950034714043154928747527740206436\\ 1364 1940188233528099824437937328297569147859746748660416053978836775\\ 1365 96626326413990136959047435811826396, 1367 b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC4\\ 1368 361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC. 1370 E.3. Elliptic Curve Points Group Order 1372 Parameter m takes the following value in this example: 1374 m = 36239861022290036359077887536838743060213209255346786050865461\\ 1375 504508561666239691648983050328630684999614040794379365854558651922\\ 1376 12970734808812618120619743, 1378 m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1379 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1381 E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group 1383 Parameter q takes the following value in this example: 1385 q = 36239861022290036359077887536838743060213209255346786050865461\\ 1386 504508561666239691648983050328630684999614040794379365854558651922\\ 1387 12970734808812618120619743, 1389 q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ 1390 A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. 1392 E.5. Elliptic Curve Point Coordinates 1394 Point P coordinates take the following values in this example: 1396 x = 1928356944067022849399309401243137598997786635459507974357075491\\ 1397 307766592685835441065557681003184874819658004903212332884252335830\\ 1398 250729527632383493573274, 1400 x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762\\ 1401 FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A, 1403 y = 22887286933719728599700121555294784163535623273295061803\\ 1404 144974259311028603015728141419970722717088070665938506503341523818\\ 1405 57347798885864807605098724013854, 1407 y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2\\ 1408 C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E. 1410 Appendix F. Contributors 1412 * Semen Pianov 1414 InfoTeCS JSC 1416 Semen.Pianov@infotecs.ru 1418 * Ekaterina Karelina 1420 InfoTeCS JSC 1422 Ekaterina.Karelina@infotecs.ru 1424 * Dmitry Belyavsky 1426 Cryptocom 1428 beldmit@gmail.com 1430 Authors' Addresses 1432 Dmitry Baryshkov (editor) 1433 Linaro Ltd. 1434 Harston Mill Royston Rd 1435 Harston, Cambridge 1436 CB22 7GG 1437 United Kingdom 1439 Email: dbaryshkov@gmail.com 1440 Vasily Nikolaev 1441 CryptoPro 1442 18, Suschevsky val 1443 Moscow 1444 127018 1445 Russian Federation 1447 Phone: +7 (495) 995-48-20 1448 Email: nikolaev@cryptopro.ru 1450 Aleksandr Chelpanov 1451 InfoTeCS JSC 1452 Bldg. 1, 1/23, Stary Petrovsko-Razumovskiy Proezd 1453 Moscow 1454 127287 1455 Russian Federation 1457 Phone: +7 (495) 737-61-92 1458 Email: Aleksandr.Chelpanov@infotecs.ru