idnits 2.17.1 draft-ietf-pkix-gost-cppk-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([RFC3280], [RFC3279]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 547 has weird spacing: '...modules gostR...' == Line 553 has weird spacing: '...modules gostR...' == Line 557 has weird spacing: '...modules gostR...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 9, 2004) is 7382 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'GOST3411' is mentioned on line 102, but not defined == Missing Reference: 'GOST341094' is mentioned on line 117, but not defined == Missing Reference: 'GOST34102001' is mentioned on line 118, but not defined == Missing Reference: 'GOSTR3411' is mentioned on line 149, but not defined -- Looks like a reference, but probably isn't: '0' on line 429 -- Looks like a reference, but probably isn't: '63' on line 434 == Unused Reference: 'GOST28147' is defined on line 903, but no explicit reference was found in the text == Unused Reference: 'GOSTR341194' is defined on line 922, but no explicit reference was found in the text == Unused Reference: 'TLS' is defined on line 952, but no explicit reference was found in the text -- No information found for draft-popov-crypto-pro-cpalgs - is the name correct? ** Obsolete normative reference: RFC 3280 (Obsoleted by RFC 5280) ** Obsolete normative reference: RFC 2246 (ref. 'TLS') (Obsoleted by RFC 4346) Summary: 6 errors (**), 0 flaws (~~), 12 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 PKIX Working Group Serguei Leontiev, CRYPTO-PRO 3 Internet Draft Dennis Shefanovskij, DEMOS Co Ltd 4 Expires August 9, 2004 February 9, 2004 5 Intended Category: Informational 7 Algorithms and Identifiers for the Internet X.509 Public Key 8 Infrastructure 9 Certificate and Certificate Revocation List (CRL) Profile, corresponding 10 to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94 12 14 Status of this Memo 16 This document is an Internet-Draft and is in full conformance with 17 all provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering 20 Task Force (IETF), its areas, and its working groups. Note that 21 other groups may also distribute working documents as Internet- 22 Drafts. 24 Internet-Drafts are draft documents valid for a maximum of six months 25 and may be updated, replaced, or obsoleted by other documents at any 26 time. It is inappropriate to use Internet-Drafts as reference 27 material or to cite them other than as "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/ietf/1id-abstracts.txt 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html. 35 Comments or suggestions for improvement may be done via "ietf-pkix" 36 mailing list, or directly to the authors. 38 Abstract 40 This document describes identifiers and appropriate parameters for 41 the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94, 42 and also ASN.1 encoding scheme for digital signatures and public 43 keys, used in Internet X.509 Public Key Infrastructure (PKI). This 44 specification extends [RFC3279], "Algorithms and Identifiers for the 45 Internet X.509 Public Key Infrastructure Certificate and Certificate 46 Revocation List (CRL) Profile" and, correspondingly, [RFC3280], 47 "Internet X.509 Public Key Infrastructure: Certificate and 48 Certificate Revocation List (CRL) Profile". All implementations of 49 this specification MUST also satisfy the requirements of [RFC3280]. 51 Table of Contents 53 1 Introduction. . . . . . . . . . . . . . . . . . . . . . 2 54 2 Algorithm Support . . . . . . . . . . . . . . . . . . . 3 55 2.1 One-way Hash Function . . . . . . . . . . . . . . . . . 4 56 2.1.1 One-way Hash Function GOST R 34.11-94 . . . . . . . . . 4 57 2.2 Signature Algorithms. . . . . . . . . . . . . . . . . . 4 58 2.2.1 Signature Algorithm GOST R 34.10-94 . . . . . . . . . . 5 59 2.2.2 Signature Algorithm GOST R 34.10-2001 . . . . . . . . . 6 60 2.3 Subject Public Key Algorithms . . . . . . . . . . . . . 7 61 2.3.1 GOST R 34.10-94 Keys. . . . . . . . . . . . . . . . . . 7 62 2.3.2 GOST R 34.10-2001 Keys. . . . . . . . . . . . . . . . . 9 63 3 Security Considerations . . . . . . . . . . . . . . . . 14 64 4 Appendix ASN.1 Modules. . . . . . . . . . . . . . . . . 14 65 4.1 Cryptographic-Gost-Useful-Definitions . . . . . . . . . 14 66 4.2 GostR3411-94-DigestSyntax . . . . . . . . . . . . . . . 17 67 4.3 GostR3410-94-PKISyntax. . . . . . . . . . . . . . . . . 21 68 4.4 GostR3410-2001-PKISyntax. . . . . . . . . . . . . . . . 33 69 5 References. . . . . . . . . . . . . . . . . . . . . . . 41 70 Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . 42 71 Author's Addresses . . . . . . . . . . . . . . . . . . . . . . 43 72 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 44 74 1 Introduction 76 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 77 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 78 document are to be interpreted as described in [RFC2119]. 80 This document defines identifiers and corresponding algorithm 81 parameters and attributes proposed by CRYPTO-PRO Company within 82 "Russian Cryptographic Software Compatibility Agreement" community 83 for the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 84 34.11-94, key establishment algorithms based on GOST R 34.10-94 85 public keys, key establishment algorithms based on GOST R 34.10-2001 86 public keys, and also ASN.1 encoding [X.660] for digital signatures 87 and public keys, used in Internet X.509 Public Key Infrastructure 88 (PKI). 90 This specification extends [RFC3279], "Algorithms and Identifiers for 91 the Internet X.509 Public Key Infrastructure Certificate and 92 Certificate Revocation List (CRL) Profile" and, correspondingly, 93 [RFC3280], "Internet X.509 Public Key Infrastructure: Certificate and 94 Certificate Revocation List (CRL) Profile". All implementations of 95 this specification MUST also satisfy the requirements of [RFC3280]. 97 This specification defines the content of the signatureAlgorithm, 98 signatureValue, signature, and subjectPublicKeyInfo fields within 99 Internet X.509 certificates and CRLs. 101 This document defines the use of one-way hash-function GOST R 102 34.11-94 [GOST3411] with digital signatures. This algorithm is used 103 in conjunction with digital signature algorithms. 105 This specification describes the encoding of digital signatures, 106 generated with the following cryptographic algorithms: 108 * GOST R 34.10-94; 109 * GOST R 34.10-2001. 111 This document also defines the contents of the subjectPublicKeyInfo 112 field for Internet X.509 certificates. For each algorithm, the 113 appropriate alternatives for the keyUsage extension are provided. 114 This specification describes encoding formats for public keys used 115 with the following cryptographic algorithms: 117 * GOST R 34.10-94 [GOST341094]; 118 * GOST R 34.10-2001 [GOST34102001]; 119 * Key establishment algorithm VKO GOST R 34.10-94 [CPALGS]; 120 * Key establishment algorithm VKO GOST R 34.10-2001 [CPALGS]; 122 2 Algorithm Support 124 This section is an overview of cryptographic algorithms, that may be 125 used within the Internet X.509 certificates and CRL profile 126 [RFC3280]. It describes one-way hash functions and digital signature 127 algorithms, that may be used to sign certificates and CRLs, and 128 identifies OIDs and ASN.1 encoding for public keys contained in a 129 certificate. 131 The conforming CAs and/or applications MUST fully support digital 132 signatures and public keys for at least one of the specified 133 algorithms. 135 2.1 One-way Hash Function 137 This section identifies the use of one-way, collision free hash 138 function GOST R 34.11-94 - the only one that can be used in digital 139 signature algorithms GOST R 34.10-94/2001. The data that is hashed 140 for certificates and CRL signing is fully described in [RFC3280]. 142 2.1.1 One-way Hash Function GOST R 34.11-94 144 GOST R 34.11-94 has been developed by "GUBS of Federal Agency 145 Government Communication and Information" and "All-Russian Scientific 146 and Research Institute of Standardization". The algorithm GOST R 147 34.11-94 produces a 256-bit hash value of the arbitrary finite bit 148 length input. This document does not contain GOST R 34.11-94 full 149 specification, which can be found in [GOSTR3411] in Russian. It's 150 brief technical description in english can be found in [Schneier95], 151 ch. 18.11, p. 454. 153 Parameters for this function are defined in section 6.2 of [CPALGS]. 155 2.2 Signature Algorithms 157 Conforming CAs may use GOST R 34.10-94 or GOST R 34.10-2001 signature 158 algorithms to sign certificates and CRLs. The signatureAlgorithm 159 field of Certificate or CertificateList indicates the signature 160 algorithm ID, and associated parameters. This section also defines 161 algorithm identifiers and parameters that MUST be used in the 162 signatureAlgorithm field in a Certificate or CertificateList. 164 Signature algorithms are always used conjointly with a one-way hash 165 function GOST R 34.11-94 as indicated in [GOSTR341094] and 166 [GOSTR34102001]. 168 This section identifies OIDs for GOST R 34.10-94 and GOST R 169 34.10-2001 algorithms. The contents of the parameters component for 170 each algorithm may vary and details are provided below for each 171 algorithm separately. 173 2.2.1 Signature Algorithm GOST R 34.10-94 175 GOST R 34.10-94 has been developed by "GUBS of Federal Agency 176 Government Communication and Information" and "All-Russian Scientific 177 and Research Institute of Standardization". This signature algorithm 178 MUST be used conjointly with one-way, collision free hash function 179 GOST R 34.11-94. This document does not contain GOST R 34.10-94 180 standard description, which is fully described in [GOSTR341094] in 181 Russian, and brief description in English could be found in 182 [Schneier95] ch. 20.3, p. 495. 184 The ASN.1 OID used to identify GOST R 34.10-94 signature algorithm in 185 fields signatureAlgorithm in Certificate and CertificateList is: 187 id-CryptoPro-algorithms OBJECT IDENTIFIER ::= 188 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } 190 id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::= 191 { id-CryptoPro-algorithms gostR3411-94-with-gostR3410-94(4)} 193 GostR3410-94-CertificateSignatureAlgorithms 194 ALGORITHM-IDENTIFIER ::= { 195 { NULL IDENTIFIED BY 196 id-GostR3411-94-with-GostR3410-94 } | 197 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 198 id-GostR3411-94-with-GostR3410-94 } } 200 GostR3410-94-PublicKeyParameters are defined in section 2.3.1. 202 When the id-GostR3411-94-with-GostR3410-94 algorithm identifier 203 appears in an AlgorithmIdentifier and parameters are omitted, the 204 parameters from the public key of the signer's certificate MUST be 205 used. If the parameters from the public key of the signer's 206 certificate are also omited, and it's issuer's certificate has the 207 same public key algorithm, parameters from the public key of the 208 issuer's certificate MUST be used, and so on. 210 Signature algorithm GOST R 34.10-94 generates digital signature in 211 the form of a binary 512-bit vector (256||256). That is, the 212 least-significant (1-st) bit of signatureValue BIT STRING contains 213 the least-significant (1-st) bit of , and the most-significant 214 (512th) bit of signatureValue contains the most-significant (256th) 215 bit of . 217 2.2.2 Signature Algorithm GOST R 34.10-2001 219 GOST R 34.10-2001 was developed by "GUBS of Federal Agency Government 220 Communication and Information" and "All-Russian Scientific and 221 Research Institute of Standardization". This signature algorithm 222 MUST be used conjointly with one-way, collision free hash function 223 GOST R 34.11-94. This document does not contain GOST R 34.10-2001 224 standard description, which is fully described in [GOSTR34102001]. 226 The ASN.1 OID used to identify GOST R 34.10-2001 signature algorithm 227 in fields signatureAlgorithm of Certificate and CertificateList is: 229 id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::= 230 { id-CryptoPro-algorithms gostR3411-94-with-gostR3410-2001(3) } 232 GostR3410-2001-CertificateSignatureAlgorithms 233 ALGORITHM-IDENTIFIER ::= { 234 { NULL IDENTIFIED BY 235 id-GostR3411-94-with-GostR3410-2001 } | 236 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 237 id-GostR3411-94-with-GostR3410-2001 } } 239 GostR3410-2001-PublicKeyParameters are defined in section 2.3.2. 241 When the id-GostR3411-94-with-GostR3410-2001 algorithm identifier 242 appears in an AlgorithmIdentifier and parameters are omitted, the 243 parameters from the public key of the signer's certificate MUST be 244 used. If the parameters from the public key of the signer's 245 certificate are also omited, and it's issuer's certificate has the 246 same public key algorithm, parameters from the public key of the 247 issuer's certificate MUST be used, and so on. 249 Signature algorithm GOST R 34.10-2001 generates digital signature in 250 the form of a binary 512-bit vector (256||256). That is, the 251 least-significant (1-st) bit of signatureValue BIT STRING contains 252 the least-significant (1-st) bit of , and the most-significant 253 (512th) bit of signatureValue contains the most-significant (256th) 254 bit of . 256 2.3 Subject Public Key Algorithms 258 In according to [RFC3280] the certificates may contain a public key 259 for any algorithm. Within the framework of this specification the 260 only GOST R 34.10-94 and GOST R 34.10-2001 public key algorithms 261 defined. The algorithm and associated parameters are definable as OID 262 in certificate through ASN.1 structure AlgorithmIdentifier. 264 This section identifies defines OID and public key parameters for the 265 GOST R 34.10-94 and GOST R 34.10-2001 algorithms. The appropriate CA 266 MUST use the predefined OID issuing certificates containing public 267 keys for these algorithms. The appropriate applications supporting 268 any of these algorithms MUST fully recognize the OID identified in 269 this section 271 2.3.1 GOST R 34.10-94 Keys 273 This section defines OID and parameter encoding for inclusion of GOST 274 R 34.10-94 public key in certificate. Such public key can be used 275 for digital signature validation algorithm GOST R 34.10-94 276 [GOSTR341094], and for key establishment algorithm VKO GOST R 277 34.10-94 [CPALGS]. 279 An assumed cryptographic key usage MAY be specified by keyUsage 280 extension [RFC3280]. The usage of the same key for signature and key 281 establishment is NOT RECOMMENDED, but possible. 283 Public key OID for GOST R 34.10-94 declared in this document is: 285 id-GostR3410-94 OBJECT IDENTIFIER ::= 286 { id-CryptoPro-algorithms gostR3410-94(20) } 288 SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for 289 GOST R 34.10-94 keys MUST be id-GostR3410-94; 291 SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the 292 following structure: 294 GostR3410-94-PublicKeyParameters ::= 295 SEQUENCE { 296 publicKeyParamSet 297 OBJECT IDENTIFIER, 298 digestParamSet 299 OBJECT IDENTIFIER, 300 encryptionParamSet 301 OBJECT IDENTIFIER OPTIONAL 302 } 304 where: 305 * publicKeyParamSet - public key parameters identifier for GOST R 306 34.10-94 (see section 6.3 of [CPALGS]) 307 * digestParamSet - parameters identifier for GOST R 34.11-94 (see 308 section 6.2 of [CPALGS]) 309 * encryptionParamSet - optional parameters identifier for GOST 310 28147-89 (see section 6.1 of [CPALGS]) MAY be present in any 311 certificate and MUST be present if keyUsage includes keyAgreement or 312 keyEnchiperment. 314 If GOST R 34.10-94 algorithm parameters are omitted in 315 subjectPublicKeyInfo, and CA signs subject certificate using GOST R 316 34.10-94, then GOST R 34.10-94 parameters taken from 317 subjectPublicKeyInfo field of issuer certificate are applicable to 318 public key of GOST R 34.10-94 subject. That is, cryptographic 319 parameters inheritance takes place. If subjectPublicKeyInfo 320 AlgorithmIdentifier field contain no parameters, but CA sign 321 certificate using signature algorithm different from GOST R 34.10-94, 322 such certificate MUST be rejected by conforming applications. 324 Public key GOST R 34.10-94 MUST be ASN.1 encoded in following way. 326 In GOST R 34.10-94 public key is a number y = a^x (mod p), where a 327 and p - parameters, and y is a bit-vector (1024), at that 328 encoding should present 1024 (BIT STRING) as a vector holding 329 data in a little-endian. At first, a key is presented as an OCTET 330 STRING, and then, being DER-encoded, presented as a BIT STRING. 332 GostR3410-94-PublicKey ::= BIT STRING 334 GostR3410-94-PublicKeyOctetString ::= OCTET STRING 336 If the keyUsage extension is present in an end-entity certificate, 337 which contains a GOST R 34.10-94 public key, the following values MAY 338 be present: 340 digitalSignature; 341 nonRepudiation. 342 keyEncipherment; 343 keyAgreement. 345 If the keyAgreement or keyEnchiperment extension is present in a 346 certificate GOST R 34.10-94 public key, the following values MAY be 347 present as well: 349 encipherOnly; 350 decipherOnly. 352 The keyUsage extension MUST NOT assert both encipherOnly and 353 decipherOnly. 355 If the keyUsage extension is present in an CA or CRL signer 356 certificate which contain a GOST R 34.10-94 public key, the following 357 values MAY be present: 359 digitalSignature; 360 nonRepudiation; 361 keyCertSign; 362 cRLSign. 364 2.3.2 GOST R 34.10-2001 Keys 366 This section defines OID and parameter encoding for inclusion of GOST 367 R 34.10-2001 public key in certificate. Such public key can be used 368 for digital signature validation algorithm GOST R 34.10-2001 369 [GOSTR34102001], and for key establishment algorithm VKO GOST R 370 34.10-2001 [CPALGS]. 372 An assumed cryptographic key usage MAY be specified by keyUsage 373 extension [RFC3280]. The usage of the same key for signature and key 374 establishment is NOT RECOMMENDED, but possible. 376 Public key OID for GOST R 34.10-2001 declared in this document is: 378 id-GostR3410-2001 OBJECT IDENTIFIER ::= 379 { id-CryptoPro-algorithms gostR3410-2001(19) } 381 SubjectPublicKeyInfo.algorithm.algorithm field (see [RFC3280]) for 382 GOST R 34.10-2001 keys MUST be id-GostR3410-2001; 384 SubjectPublicKeyInfo.algorithm.parameters in this case MUST have the 385 following structure: 387 GostR3410-2001-PublicKeyParameters ::= 388 SEQUENCE { 389 publicKeyParamSet 390 OBJECT IDENTIFIER, 391 digestParamSet 392 OBJECT IDENTIFIER, 393 encryptionParamSet 394 OBJECT IDENTIFIER OPTIONAL 395 } 397 where: 398 * publicKeyParamSet - public key parameters identifier for GOST R 399 34.10-2001 (see section 6.4 of [CPALGS]) 400 * digestParamSet - parameters identifier for GOST R 34.11-94 (see 401 section 6.2 of [CPALGS]) 402 * encryptionParamSet - optional parameters identifier for GOST 403 28147-89 (see section 6.1 of [CPALGS]) MAY be present in any 404 certificate and MUST be present if keyUsage includes keyAgreement or 405 keyEnchiperment. 407 If GOST R 34.10-2001 algorithm parameters are omitted in 408 subjectPublicKeyInfo, and CA signs subject certificate using GOST R 409 34.10-2001, then GOST R 34.10-2001 parameters taken from 410 subjectPublicKeyInfo field of issuer certificate are applicable to 411 public key of GOST R 34.10-2001 subject. That is, cryptographic 412 parameters inheritance takes place. If subjectPublicKeyInfo 413 AlgorithmIdentifier field contain no parameters, but CA sign 414 certificate using signature algorithm different from GOST R 415 34.10-2001, such certificate MUST be rejected by conforming 416 applications. 418 GOST R 34.10-2001 public key MUST be ASN.1 encoded in a following 419 way. GOST R 34.10-2001 specifies that public key is a point on the 420 elliptic curve Q = dP, where d is a private key, P is a base point, 421 and Q presents in a way of 512-bit vector (256||256). This 422 vector is DER-encoded as two data blocks. At first, 256 block, 423 then 256 block. subjectPublicKey field BIT STRING type is 424 presented as a taken up object GostR3410-2001-PublicKeyOctetString. 426 At that, least-significant of the first octet 427 (GostR3410-2001-PublicKeyOctetString[0]) corresponds to least- 428 significant (1-st) of vector 256||256 (Yq1 = 429 (GostR3410-2001-PublicKeyOctetString[0] & 1)). 431 Whereas most-significant of 64-th octet 432 (GostR3410-2001-PublicKeyOctetString[63]) corresponds to most- 433 significant (512-d) of vector 256||256 (Xq256 = 434 ((GostR3410-2001-PublicKeyOctetString[63] & 0x80)>>7)). 436 In other words, 256||256 vector is stored in little-endian, 437 that correspond binary vector form and their concatenation in GOST R 438 34.10-2001 ch. 5.3. At first, key is placed in OCTET STRING, than is 439 DER-encoded and placed in BIT STRING. 441 GostR3410-2001-PublicKey ::= BIT STRING 443 GostR3410-2001-PublicKeyOctetString ::= OCTET STRING 445 If the keyUsage extension is present in an end-entity certificate, 446 which conveys a GOST R 34.10-2001 public key, the following values 447 MAY be present: 449 digitalSignature; 450 nonRepudiation. 451 keyEncipherment; 452 keyAgreement. 454 If the keyAgreement or keyEnchiperment extension is present in a 455 certificate, the following values MAY be present: 457 encipherOnly; 458 decipherOnly. 460 The keyUsage extension MUST NOT assert both encipherOnly and 461 decipherOnly. 463 If the keyUsage extension is present in an CA or CRL signer 464 certificate which contain a GOST R 34.10-2001 public key, the 465 following values MAY be present: 467 digitalSignature; 468 nonRepudiation; 469 keyCertSign; 470 cRLSign. 472 3 Security Considerations 474 When certificate is used as analogue to a manual signing, in the 475 context of Russian Federal Digital Signature Law [RFDSL], certificate 476 MUST contain keyUsage extension, it MUST be critical, and keyUsage 477 MUST NOT include keyEncipherment and keyAgreement. 479 For security discussion concerning use of algorithm parameters, see 480 section Security Considerations from [CPALGS]. 482 4 Appendix ASN.1 Moduls 484 4.1 Cryptographic-Gost-Useful-Definitions 486 Cryptographic-Gost-Useful-Definitions 487 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 488 other(1) modules(1) cryptographic-Gost-Useful-Definitions(0) 489 1 } 490 DEFINITIONS ::= 491 BEGIN 492 -- EXPORTS All -- 493 -- The types and values defined in this module are exported for 494 -- use in the other ASN.1 modules contained within the Russian 495 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 496 -- of other applications which will use them to access Russian 497 -- Cryptography services. Other applications may use them for 498 -- their own purposes, but this will not constrain extensions and 499 -- modifications needed to maintain or improve the Russian 500 -- Cryptography service. 501 -- Crypto-Pro OID branch 502 id-CryptoPro OBJECT IDENTIFIER ::= 503 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } 504 id-CryptoPro-algorithms OBJECT IDENTIFIER ::= 505 id-CryptoPro 506 id-CryptoPro-modules OBJECT IDENTIFIER ::= 507 { id-CryptoPro other(1) modules(1) } 508 id-CryptoPro-hashes OBJECT IDENTIFIER ::= 509 { id-CryptoPro-algorithms hashes(30) } 510 id-CryptoPro-encrypts OBJECT IDENTIFIER ::= 511 { id-CryptoPro-algorithms encrypts(31) } 512 id-CryptoPro-signs OBJECT IDENTIFIER ::= 513 { id-CryptoPro-algorithms signs(32) } 514 id-CryptoPro-exchanges OBJECT IDENTIFIER ::= 515 { id-CryptoPro-algorithms exchanges(33) } 516 id-CryptoPro-extensions OBJECT IDENTIFIER ::= 517 { id-CryptoPro extensions(34) } 518 id-CryptoPro-ecc-signs OBJECT IDENTIFIER ::= 519 { id-CryptoPro-algorithms ecc-signs(35) } 520 id-CryptoPro-ecc-exchanges OBJECT IDENTIFIER ::= 521 { id-CryptoPro-algorithms ecc-exchanges(36) } 522 id-CryptoPro-private-keys OBJECT IDENTIFIER ::= 523 { id-CryptoPro-algorithms private-keys(37) } 524 id-CryptoPro-policyQt OBJECT IDENTIFIER ::= 525 { id-CryptoPro policyQt(39) } 526 id-CryptoPro-policyIds OBJECT IDENTIFIER ::= 527 { id-CryptoPro policyIds(38) } 528 id-CryptoPro-attributes OBJECT IDENTIFIER ::= 529 { id-CryptoPro-algorithms attributes(38) } 531 id-CryptoPro-pkixcmp-infos OBJECT IDENTIFIER ::= 532 { id-CryptoPro-algorithms pkixcmp-infos(41) } 533 -- ASN.1 modules of Russian Cryptography "GOST" & "GOST R" 534 -- Specifications 535 cryptographic-Gost-Useful-Definitions OBJECT IDENTIFIER ::= 536 { id-CryptoPro-modules 537 cryptographic-Gost-Useful-Definitions(0) 1 } 538 -- GOST R 34.11-94 540 gostR3411-94-DigestSyntax OBJECT IDENTIFIER ::= 541 { id-CryptoPro-modules gostR3411-94-DigestSyntax(1) 1 } 542 gostR3411-94-ParamSetSyntax OBJECT IDENTIFIER ::= 543 { id-CryptoPro-modules gostR3411-94-ParamSetSyntax(7) 1 } 544 -- GOST R 34.10-94 546 gostR3410-94-PKISyntax OBJECT IDENTIFIER ::= 547 { id-CryptoPro-modules gostR3410-94-PKISyntax(2) 1 } 548 gostR3410-94-SignatureSyntax OBJECT IDENTIFIER ::= 549 { id-CryptoPro-modules gostR3410-94-SignatureSyntax(3) 1 } 550 gostR3410-94-EncryptionSyntax OBJECT IDENTIFIER ::= 551 { id-CryptoPro-modules gostR3410-94-EncryptionSyntax(5) 2 } 552 gostR3410-94-ParamSetSyntax OBJECT IDENTIFIER ::= 553 { id-CryptoPro-modules gostR3410-94-ParamSetSyntax(8) 1 } 554 -- GOST R 34.10-2001 556 gostR3410-2001-PKISyntax OBJECT IDENTIFIER ::= 557 { id-CryptoPro-modules gostR3410-2001-PKISyntax(9) 1 } 558 gostR3410-2001-SignatureSyntax OBJECT IDENTIFIER ::= 559 { id-CryptoPro-modules 560 gostR3410-2001-SignatureSyntax(10) 1 } 561 gostR3410-2001-EncryptionSyntax OBJECT IDENTIFIER ::= 562 { id-CryptoPro-modules 563 gostR3410-2001-EncryptionSyntax(11) 2 } 564 gostR3410-2001-ParamSetSyntax OBJECT IDENTIFIER ::= 565 { id-CryptoPro-modules 566 gostR3410-2001-ParamSetSyntax(12) 1 } 567 -- GOST 28147-89 569 gost28147-89-EncryptionSyntax OBJECT IDENTIFIER ::= 570 { id-CryptoPro-modules gost28147-89-EncryptionSyntax(4) 1 } 571 gost28147-89-ParamSetSyntax OBJECT IDENTIFIER ::= 572 { id-CryptoPro-modules gost28147-89-ParamSetSyntax(6) 1 } 573 -- Extended Key Usage for Crypto-Pro 575 gost-CryptoPro-ExtendedKeyUsage OBJECT IDENTIFIER ::= 576 { id-CryptoPro-modules 577 gost-CryptoPro-ExtendedKeyUsage(13) 1 } 578 -- Crypto-Pro Private keys 579 gost-CryptoPro-PrivateKey OBJECT IDENTIFIER ::= 580 { id-CryptoPro-modules gost-CryptoPro-PrivateKey(14) 1 } 581 -- Crypto-Pro Policy 582 gost-CryptoPro-Policy OBJECT IDENTIFIER ::= 583 { id-CryptoPro-modules gost-CryptoPro-Policy(15) 1 } 584 -- Crypto-Pro PKIXCMP structures 586 gost-CryptoPro-PKIXCMP OBJECT IDENTIFIER ::= 587 { id-CryptoPro-modules gost-CryptoPro-PKIXCMP(16) 1 } 589 -- External ASN.1 modules for Russian Cryptography 590 id-external-PKIX1Explicit93 OBJECT IDENTIFIER ::= 591 { iso(1) identified-organization(3) 592 dod(6) internet(1) security(5) mechanisms(5) pkix(7) 593 id-mod(0) id-pkix1-explicit-93(3) 594 } 595 -- Useful types 596 ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER 597 AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= 598 SEQUENCE { 599 algorithm 600 ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), 601 parameters 602 ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) 603 OPTIONAL 604 } 605 END -- Cryptographic-Gost-Useful-Definitions 607 4.2 GostR3411-94-DigestSyntax 609 GostR3411-94-DigestSyntax 610 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 611 other(1) modules(1) gostR3411-94-DigestSyntax(1) 1 } 612 DEFINITIONS ::= 613 BEGIN 614 -- EXPORTS All -- 615 -- The types and values defined in this module are exported for 616 -- use in the other ASN.1 modules contained within the Russian 617 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 618 -- of other applications which will use them to access Russian 619 -- Cryptography services. Other applications may use them for 620 -- their own purposes, but this will not constrain extensions and 621 -- modifications needed to maintain or improve the Russian 622 -- Cryptography service. 623 IMPORTS 624 id-CryptoPro-algorithms, id-CryptoPro-hashes, 625 gost28147-89-EncryptionSyntax, 626 cryptographic-Gost-Useful-Definitions 627 FROM Cryptographic-Gost-Useful-Definitions 628 { iso(1) member-body(2) ru(643) rans(2) 629 cryptopro(2) other(1) modules(1) 630 cryptographic-Gost-Useful-Definitions(0) 1 } 631 Gost28147-89-Data, Gost28147-89-UZ 632 FROM Gost28147-89-EncryptionSyntax 633 gost28147-89-EncryptionSyntax 634 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 635 FROM Cryptographic-Gost-Useful-Definitions 636 cryptographic-Gost-Useful-Definitions 637 ; 638 -- GOST R 34.11-94 OID 639 id-GostR3411-94 OBJECT IDENTIFIER ::= 640 { id-CryptoPro-algorithms gostR3411-94(9) } 641 -- GOST R 34.11-94 Cryptographic Parameters Set OIDs 642 id-GostR3411-94-TestParamSet OBJECT IDENTIFIER ::= 643 { id-CryptoPro-hashes test(0) } 644 id-GostR3411-94-CryptoProParamSet OBJECT IDENTIFIER ::= 645 { id-CryptoPro-hashes cryptopro(1) } 646 -- GOST R 34.11-94 Data Types 647 GostR3411-94-Data ::= Gost28147-89-Data 648 GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) 649 -- GOST R 34.11-94 Digest Parameters & Algorithms 650 GostR3411-94-DigestParameters ::= 651 OBJECT IDENTIFIER ( 652 id-GostR3411-94-TestParamSet | -- Only for tests use 653 id-GostR3411-94-CryptoProParamSet 654 ) 655 GostR3411-94-DigestAlgorithms ALGORITHM-IDENTIFIER ::= { 656 { NULL IDENTIFIED BY id-GostR3411-94 } | 657 -- Assume id-GostR3411-94-CryptoProParamSet 658 { GostR3411-94-DigestParameters 659 IDENTIFIED BY id-GostR3411-94 } 660 } 661 END -- GostR3411-94-DigestSyntax 663 4.3 GostR3410-94-PKISyntax 665 GostR3410-94-PKISyntax 666 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 667 other(1) modules(1) gostR3410-94-PKISyntax(2) 1 } 668 DEFINITIONS ::= 669 BEGIN 670 -- EXPORTS All -- 671 -- The types and values defined in this module are exported for 672 -- use in the other ASN.1 modules contained within the Russian 673 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 674 -- of other applications which will use them to access Russian 675 -- Cryptography services. Other applications may use them for 676 -- their own purposes, but this will not constrain extensions and 677 -- modifications needed to maintain or improve the Russian 678 -- Cryptography service. 679 IMPORTS 680 id-CryptoPro-algorithms, 681 id-CryptoPro-signs, id-CryptoPro-exchanges, 682 gost28147-89-EncryptionSyntax, 683 gostR3411-94-DigestSyntax, 684 cryptographic-Gost-Useful-Definitions 685 FROM Cryptographic-Gost-Useful-Definitions 686 { iso(1) member-body(2) ru(643) rans(2) 687 cryptopro(2) other(1) modules(1) 688 cryptographic-Gost-Useful-Definitions(0) 1 } 689 id-Gost28147-89-TestParamSet, 690 id-Gost28147-89-CryptoPro-A-ParamSet, 691 id-Gost28147-89-CryptoPro-B-ParamSet, 692 id-Gost28147-89-CryptoPro-C-ParamSet, 693 id-Gost28147-89-CryptoPro-D-ParamSet, 694 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 695 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 696 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 697 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 698 FROM Gost28147-89-EncryptionSyntax 699 gost28147-89-EncryptionSyntax 700 id-GostR3411-94-TestParamSet, 701 id-GostR3411-94-CryptoProParamSet 702 FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax 703 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 704 FROM Cryptographic-Gost-Useful-Definitions 705 cryptographic-Gost-Useful-Definitions 706 ; 707 -- GOST R 34.10-94 OIDs 708 id-GostR3410-94 OBJECT IDENTIFIER ::= 709 { id-CryptoPro-algorithms gostR3410-94(20) } 710 id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::= 711 { id-CryptoPro-algorithms 712 gostR3411-94-with-gostR3410-94(4) } 713 -- GOST R 34.10-94 Public Key Cryptographic Parameters Set OIDs 714 id-GostR3410-94-TestParamSet OBJECT IDENTIFIER ::= 715 { id-CryptoPro-signs test(0) } 716 id-GostR3410-94-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= 717 { id-CryptoPro-signs cryptopro-A(2) } 718 id-GostR3410-94-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= 719 { id-CryptoPro-signs cryptopro-B(3) } 720 id-GostR3410-94-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= 721 { id-CryptoPro-signs cryptopro-C(4) } 722 id-GostR3410-94-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::= 723 { id-CryptoPro-signs cryptopro-D(5) } 724 id-GostR3410-94-CryptoPro-XchA-ParamSet OBJECT IDENTIFIER ::= 725 { id-CryptoPro-exchanges cryptopro-XchA(1) } 726 id-GostR3410-94-CryptoPro-XchB-ParamSet OBJECT IDENTIFIER ::= 727 { id-CryptoPro-exchanges cryptopro-XchB(2) } 728 id-GostR3410-94-CryptoPro-XchC-ParamSet OBJECT IDENTIFIER ::= 729 { id-CryptoPro-exchanges cryptopro-XchC(3) } 730 -- GOST R 34.10-94 Data Types 731 GostR3410-94-CertificateSignature ::= 732 BIT STRING ( SIZE(256..512) ) 733 GostR3410-94-PublicKeyOctetString ::= 734 OCTET STRING ( SIZE( 735 64 | -- Only for tests use 736 128 737 ) ) 738 GostR3410-94-PublicKey ::= 739 BIT STRING ( SIZE(16..1048) ) 740 -- Container for GostR3410-94-PublicKeyOctetString 741 GostR3410-94-PublicKeyParameters ::= 742 SEQUENCE { 743 publicKeyParamSet 744 OBJECT IDENTIFIER ( 745 id-GostR3410-94-TestParamSet | -- Only for tests use 746 id-GostR3410-94-CryptoPro-A-ParamSet | 747 id-GostR3410-94-CryptoPro-B-ParamSet | 748 id-GostR3410-94-CryptoPro-C-ParamSet | 749 id-GostR3410-94-CryptoPro-D-ParamSet | 750 id-GostR3410-94-CryptoPro-XchA-ParamSet | 751 id-GostR3410-94-CryptoPro-XchB-ParamSet | 752 id-GostR3410-94-CryptoPro-XchC-ParamSet 753 ), 754 digestParamSet 755 OBJECT IDENTIFIER ( 756 id-GostR3411-94-TestParamSet | -- Only for tests use 757 id-GostR3411-94-CryptoProParamSet 758 ), 759 encryptionParamSet 760 OBJECT IDENTIFIER ( 761 id-Gost28147-89-TestParamSet | -- Only for tests use 762 id-Gost28147-89-CryptoPro-A-ParamSet | 763 id-Gost28147-89-CryptoPro-B-ParamSet | 764 id-Gost28147-89-CryptoPro-C-ParamSet | 765 id-Gost28147-89-CryptoPro-D-ParamSet | 766 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 767 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 768 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 769 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 770 ) OPTIONAL 772 } 773 GostR3410-94-PublicKeyAlgorithms ALGORITHM-IDENTIFIER ::= { 774 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 775 id-GostR3410-94 } 776 } 777 GostR3410-94-CertificateSignatureAlgorithms 778 ALGORITHM-IDENTIFIER ::= { 779 { NULL IDENTIFIED BY 780 id-GostR3411-94-with-GostR3410-94 } | 781 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 782 id-GostR3411-94-with-GostR3410-94 } 783 } 784 END -- GostR3410-94-PKISyntax 786 4.4 GostR3410-2001-PKISyntax 788 GostR3410-2001-PKISyntax 789 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 790 other(1) modules(1) gostR3410-2001-PKISyntax(9) 1 } 791 DEFINITIONS ::= 792 BEGIN 793 -- EXPORTS All -- 794 -- The types and values defined in this module are exported for 795 -- use in the other ASN.1 modules contained within the Russian 796 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 797 -- of other applications which will use them to access Russian 798 -- Cryptography services. Other applications may use them for 799 -- their own purposes, but this will not constrain extensions and 800 -- modifications needed to maintain or improve the Russian 801 -- Cryptography service. 802 IMPORTS 803 id-CryptoPro-algorithms, 804 id-CryptoPro-ecc-signs, id-CryptoPro-ecc-exchanges, 805 gost28147-89-EncryptionSyntax, 806 gostR3411-94-DigestSyntax, 807 cryptographic-Gost-Useful-Definitions 808 FROM Cryptographic-Gost-Useful-Definitions 809 { iso(1) member-body(2) ru(643) rans(2) 810 cryptopro(2) other(1) modules(1) 811 cryptographic-Gost-Useful-Definitions(0) 1 } 812 id-Gost28147-89-TestParamSet, 813 id-Gost28147-89-CryptoPro-A-ParamSet, 814 id-Gost28147-89-CryptoPro-B-ParamSet, 815 id-Gost28147-89-CryptoPro-C-ParamSet, 816 id-Gost28147-89-CryptoPro-D-ParamSet, 817 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 818 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 819 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 820 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 821 FROM Gost28147-89-EncryptionSyntax 822 gost28147-89-EncryptionSyntax 823 id-GostR3411-94-TestParamSet, 824 id-GostR3411-94-CryptoProParamSet 825 FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax 826 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 827 FROM Cryptographic-Gost-Useful-Definitions 828 cryptographic-Gost-Useful-Definitions 829 ; 830 -- GOST R 34.10-2001 OIDs 831 id-GostR3410-2001 OBJECT IDENTIFIER ::= 832 { id-CryptoPro-algorithms gostR3410-2001(19) } 833 id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::= 834 { id-CryptoPro-algorithms 835 gostR3411-94-with-gostR3410-2001(3) } 836 -- GOST R 34.10-2001 Public Key Cryptographic Parameters Set OIDs 837 id-GostR3410-2001-TestParamSet OBJECT IDENTIFIER ::= 838 { id-CryptoPro-ecc-signs test(0) } 839 id-GostR3410-2001-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= 840 { id-CryptoPro-ecc-signs cryptopro-A(1) } 841 id-GostR3410-2001-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= 842 { id-CryptoPro-ecc-signs cryptopro-B(2) } 843 id-GostR3410-2001-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= 844 { id-CryptoPro-ecc-signs cryptopro-C(3) } 845 id-GostR3410-2001-CryptoPro-XchA-ParamSet 846 OBJECT IDENTIFIER ::= 847 { id-CryptoPro-ecc-exchanges cryptopro-XchA(0) } 848 id-GostR3410-2001-CryptoPro-XchB-ParamSet 849 OBJECT IDENTIFIER ::= 850 { id-CryptoPro-ecc-exchanges cryptopro-XchB(1) } 851 -- GOST R 34.10-2001 Data Types 852 GostR3410-2001-CertificateSignature ::= 853 BIT STRING ( SIZE(256..512) ) 854 GostR3410-2001-PublicKeyOctetString ::= 855 OCTET STRING ( SIZE(64) ) 856 GostR3410-2001-PublicKey ::= 857 BIT STRING ( SIZE(16..524) ) 858 -- Container for GostR3410-2001-PublicKeyOctetString 859 GostR3410-2001-PublicKeyParameters ::= 860 SEQUENCE { 861 publicKeyParamSet 862 OBJECT IDENTIFIER ( 863 id-GostR3410-2001-TestParamSet | -- Only for tests use 864 id-GostR3410-2001-CryptoPro-A-ParamSet | 865 id-GostR3410-2001-CryptoPro-B-ParamSet | 866 id-GostR3410-2001-CryptoPro-C-ParamSet | 867 id-GostR3410-2001-CryptoPro-XchA-ParamSet | 868 id-GostR3410-2001-CryptoPro-XchB-ParamSet 869 ), 870 digestParamSet 871 OBJECT IDENTIFIER ( 872 id-GostR3411-94-TestParamSet | -- Only for tests use 873 id-GostR3411-94-CryptoProParamSet 874 ), 875 encryptionParamSet 876 OBJECT IDENTIFIER ( 877 id-Gost28147-89-TestParamSet | -- Only for tests use 878 id-Gost28147-89-CryptoPro-A-ParamSet | 879 id-Gost28147-89-CryptoPro-B-ParamSet | 880 id-Gost28147-89-CryptoPro-C-ParamSet | 881 id-Gost28147-89-CryptoPro-D-ParamSet | 882 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 883 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 884 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 885 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 886 ) OPTIONAL 887 } 888 GostR3410-2001-PublicKeyAlgorithms ALGORITHM-IDENTIFIER ::= { 889 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 890 id-GostR3410-2001 } 891 } 892 GostR3410-2001-CertificateSignatureAlgorithms 893 ALGORITHM-IDENTIFIER ::= { 894 { NULL IDENTIFIED BY 895 id-GostR3411-94-with-GostR3410-2001 } | 896 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 897 id-GostR3411-94-with-GostR3410-2001 } 898 } 899 END -- GostR3410-2001-PKISyntax 901 5 References 903 [GOST28147] "Cryptographic Protection for Data Processing Sys- 904 tem", GOST 28147-89, Gosudarstvennyi Standard of 905 USSR, Government Committee of the USSR for Standards, 906 1989. (In Russian); 908 [GOSTR341094] "Information technology. Cryptographic Data Security. 909 Produce and check procedures of Electronic Digital 910 Signatures based on Asymmetric Cryptographic Algo- 911 rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of 912 Russian Federation, Government Committee of the Rus- 913 sia for Standards, 1994. (In Russian); 915 [GOSTR34102001] "Information technology. Cryptographic data security. 916 Signature and verification processes of [electronic] 917 digital signature.", GOST R 34.10-2001, Gosudarstven- 918 nyi Standard of Russian Federation, Government Com- 919 mittee of the Russia for Standards, 2001. (In Rus- 920 sian); 922 [GOSTR341194] "Information technology. Cryptographic Data Security. 923 Hashing function.", GOST R 34.10-94, Gosudarstvennyi 924 Standard of Russian Federation, Government Committee 925 of the Russia for Standards, 1994. (In Russian); 927 [RFDSL] Russian Federal Digital Signature Law, 10 Jan 2002 928 N1-FZ 930 [CPALGS] "Additional cryptographic algorithms for use with 931 GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, 932 and GOST R 34.11-94 algorithms", V. Popov, I. Kurep- 933 kin, S. Leontiev, February 2004, draft-popov-crypto- 934 pro-cpalgs-00.txt work in progress; 936 [Schneier95] B. Schneier, Applied cryptography, second edition, 937 John Wiley & Sons, Inc., 1995; 939 [RFC3280] Housley, R., Polk, W., Ford, W. and D. Solo, 940 "Internet X.509 Public Key Infrastructure Certificate 941 and Certificate Revocation List (CRL) Profile", RFC 942 3280, April 2002. 944 [RFC3279] Algorithms and Identifiers for the Internet X.509 945 Public Key Infrastructure Certificate and Certificate 946 Revocation List (CRL) Profile. L. Bassham, W. 947 Polk, R. Housley. April 2002. 949 [RFC2119] Bradner, S., "Key Words for Use in RFCs to Indicate 950 Requirement Levels", BCP 14, RFC 2119, March 1997. 952 [TLS] The TLS Protocol Version 1.0. T. Dierks, C. Allen. 953 January 1999, RFC 2246. 955 [X.660] ITU-T Recommendation X.660 Information Technology - 956 ASN.1 encoding rules: Specification of Basic Encoding 957 Rules (BER), Canonical Encoding Rules (CER) and Dis- 958 tinguished Encoding Rules (DER), 1997. 960 Acknowledgments 962 This document was created in accordance with "Russian Cryptographic 963 Software Compatibility Agreement", signed by FGUE STC "Atlas", 964 CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), 965 Cryptocom, R-Alpha. The goal of this agreement is to achieve mutual 966 compatibility of the products and solutions. 968 The authors wish to thank: 970 Microsoft Corporation Russia for provided information about 971 company products and solutions, and also for technical consulting 972 in PKI. 974 RSA Security Russia and Demos Co Ltd for active colaboration and 975 critical help in creation of this document. 977 RSA Security Inc for compatibility testing of the proposed data 978 formats while incorporating them into RSA Keon product. 980 Baltimore Technology plc for compatibility testing of the proposed 981 data formats while incorporating them into UniCERT product. 983 Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and 984 Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative 985 creating this document. 987 This document is based on a contribution of CRYPTO-PRO company. Any 988 substantial use of the text from this document must reference CRYPTO- 989 PRO. CRYPTO-PRO requests that all material mentioning or referencing 990 this document identify this as "CRYPTO-PRO CPPK". 992 Author's Addresses 994 Serguei Leontiev 995 CRYPTO-PRO 996 38, Obraztsova, 997 Moscow, 127018, Russian Federation 998 EMail: lse@cryptopro.ru 1000 Dennis Shefanovski 1001 DEMOS Co Ltd 1002 6/1, Ovchinnikovskaja naberezhnaya, 1003 Moscow, 113035, Russian Federation 1004 EMail: sdb@dol.ru 1006 Alexandr Afanasiev 1007 Factor-TC 1008 office 711, 14, Presnenskij val, 1009 Moscow, 123557, Russian Federation 1010 EMail: aaaf@factor-ts.ru 1012 Nikolaj Nikishin 1013 Infotecs GmbH 1014 p/b 35, 80-5, Leningradskij prospekt, 1015 Moscow, 125315, Russian Federation 1016 EMail: nikishin@infotecs.ru 1018 Boleslav Izotov 1019 FGUE STC "Atlas" 1020 38, Obraztsova, 1021 Moscow, 127018, Russian Federation 1022 EMail: izotov@stcnet.ru 1024 Elena Minaeva 1025 MD PREI 1026 build 3, 6A, Vtoroj Troitskij per., 1027 Moscow, Russian Federation 1028 EMail: evminaeva@mo.msk.ru 1030 Serguei Murugov 1031 R-Alpha 1032 4/1, Raspletina, 1033 Moscow, 123060, Russian Federation 1034 EMail: msm@office.ru 1036 Igori Ustinov 1037 Cryptocom 1038 office 239, 51, Leninskij prospekt, 1039 Moscow, 119991, Russian Federation 1040 EMail: igus@cryptocom.ru 1042 Anatolij Erkin 1043 SPRCIS (SPbRCZI) 1044 1, Obrucheva, 1045 St.Petersburg, 195220, Russian Federation 1046 EMail: erkin@nevsky.net 1048 Full Copyright Statement 1049 Copyright (C) The Internet Society (2003). All Rights Reserved. 1051 This document and translations of it may be copied and furnished to 1052 others, and derivative works that comment on or otherwise explain it 1053 or assist in its implementation may be prepared, copied, published 1054 and distributed, in whole or in part, without restriction of any 1055 kind, provided that the above copyright notice and this paragraph are 1056 included on all such copies and derivative works. However, this 1057 document itself may not be modified in any way, such as by removing 1058 the copyright notice or references to the Internet Society or other 1059 Internet organizations, except as needed for the purpose of 1060 developing Internet standards in which case the procedures for 1061 copyrights defined in the Internet Standards process must be 1062 followed, or as required to translate it into languages other than 1063 English. 1065 The limited permissions granted above are perpetual and will not be 1066 revoked by the Internet Society or its successors or assigns. 1068 This document and the information contained herein is provided on an 1069 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1070 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1071 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1072 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1073 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.