idnits 2.17.1 draft-ietf-smime-gost-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 15, 2004) is 7369 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: 'GOSTR3411' is mentioned on line 120, but not defined -- Looks like a reference, but probably isn't: '0' on line 958 == Missing Reference: 'RFC 2633' is mentioned on line 407, but not defined ** Obsolete undefined reference: RFC 2633 (Obsoleted by RFC 3851) -- Looks like a reference, but probably isn't: '1' on line 561 == Unused Reference: 'GOSTR341194' is defined on line 1088, but no explicit reference was found in the text == Unused Reference: 'RFC 3280' is defined on line 1096, but no explicit reference was found in the text == Unused Reference: 'RFC 3279' is defined on line 1101, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3280 (Obsoleted by RFC 5280) ** Obsolete normative reference: RFC 3369 (ref. 'CMS') (Obsoleted by RFC 3852) == Outdated reference: A later version (-04) exists of draft-popov-cryptopro-cpalgs-00 Summary: 7 errors (**), 0 flaws (~~), 8 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 S/MIME Working Group Serguei Leontiev, CRYPTO-PRO 2 Internet Draft Gregory Chudov, CRYPTO-PRO 3 Expires August 15, 2004 February 15, 2004 4 Intended Category: Informational 6 Using the GOST 28147-89, GOST R 34.11-94, 7 GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the 8 Cryptographic Message Syntax (CMS) 10 12 Status of this Memo 14 This document is an Internet-Draft and is subject to all provisions 15 of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or made obsolete by other documents at 24 any time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/1id-abstracts.html 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html 33 Abstract 35 This document describes the conventions for using cryptographic 36 algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 37 34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is 38 used for digital signature, digest, authentication and encryption 39 arbitrary message contents. 41 Table of Contents 42 1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2 43 1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 3 44 2 Message Digest Algorithms. . . . . . . . . . . . . . . . 3 45 2.1 Message Digest Algorithm GOST R 34.11-94 . . . . . . . . 3 46 3 Signature Algorithms . . . . . . . . . . . . . . . . . . 4 47 3.1 Signature Algorithm GOST R 34.10-94. . . . . . . . . . . 4 48 3.2 Signature Algorithm GOST R 34.10-2001. . . . . . . . . . 4 49 4 Key Management Algorithms. . . . . . . . . . . . . . . . 5 50 4.1 Key Agreement Algorithms . . . . . . . . . . . . . . . . 5 51 4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94/2001 52 Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 5 53 4.2 Key Transport Algorithms. .. . . . . . . . . . . . . . . 6 54 4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001 55 Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 7 56 5 Content Encryption Algorithms. . . . . . . . . . . . . . 8 57 5.1 Key-Encryption Key Algorithm GOST 28147-89 . . . . . . . 8 58 6 MAC Algorithms . . . . . . . . . . . . . . . . . . . . . 8 59 6.1 HMAC with GOST R 34.11-94. . . . . . . . . . . . . . . . 9 60 7 Using with S/MIME. . . . . . . . . . . . . . . . . . . . 9 61 7.1 Parameter micalg . . . . . . . . . . . . . . . . . . . . 9 62 7.2 Atribute SMIMECapabilities . . . . . . . . . . . . . . . 9 63 8 Security Considerations. . . . . . . . . . . . . . . . . 10 64 9 Appendix Examples. . . . . . . . . . . . . . . . . . . . 11 65 9.1 Signed message . . . . . . . . . . . . . . . . . . . . . 11 66 9.2 Enveloped message using Key Agreement. . . . . . . . . . 12 67 9.2 Enveloped message using Key Transport. . . . . . . . . . 15 68 10 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 17 69 10.1 Gost28147-89-EncryptionSyntax. . . . . . . . . . . . . . 17 70 10.2 GostR3410-EncryptionSyntax . . . . . . . . . . . . . . . 19 71 10.3 GostR3410-94-SignatureSyntax . . . . . . . . . . . . . . 21 72 10.4 GostR3410-2001-SignatureSyntax . . . . . . . . . . . . . 22 73 10 References . . . . . . . . . . . . . . . . . . . . . . . 23 74 11 Acknowledgments. . . . . . . . . . . . . . . . . . . . . 25 75 Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 25 76 Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 27 78 1 Introduction 80 The Cryptographic Message Syntax [CMS] is used for digital signature, 81 digest, authentication and encryption arbitrary message contents. 82 This companion specification describes the usage of cryptographic 83 algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and hash 84 algorithm GOST R 34.11-94 in CMS, proposed by CRYPTO-PRO Company for 85 "Russian Cryptographic Software Compatibility Agreement" community. 86 This document does not describe those cryptographic algorithms; they 87 are defined in corresponding national standards. 89 The CMS values are generated using ASN.1 [X.208-88], using BER- 90 encoding [X.209-88]. Algorithm identifiers (which include ASN.1 91 object identifiers) identify cryptographic algorithms, and some 92 algorithms require additional parameters. When needed, parameters 93 are specified with an ASN.1 structure. The algorithm identifier for 94 each algorithm is specified, and when needed, the parameter structure 95 is specified. The fields in the CMS employed by each algorithm are 96 identified. 98 1.2 Terminology 100 In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, 101 SHOULD NOT, RECOMMENDED, and MAY are to be interpreted as described 102 in [RFC 2119]. 104 2 Message Digest Algorithms 106 This section specifies the conventions for using digest algorithm 107 GOST R 34.11-94 employed by CMS. 109 Digest values are located in the DigestedData digest field and the 110 Message Digest authenticated attribute. In addition, digest values 111 are input to signature algorithms. 113 2.1 Message Digest Algorithm GOST R 34.11-94 115 Hash function GOST R 34.11-94 has been developed by "GUBS of Federal 116 Agency Government Communication and Information" and "All-Russian 117 Scientific and Research Institute of Standardization". The algorithm 118 GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite 119 bit length input. This document does not contain GOST R 34.11-94 full 120 specification, which can be found in [GOSTR3411] in Russian. 121 [Schneier95] ch. 18.11, p. 454. contain the brief technical 122 description in English. 124 id-CryptoPro OBJECT IDENTIFIER ::= 125 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } 127 id-CryptoPro-algorithms OBJECT IDENTIFIER ::= 128 id-CryptoPro 130 The hash algorithm GOST R 34.11-94 has the following identifier: 132 id-GostR3411-94 OBJECT IDENTIFIER ::= 133 { id-CryptoPro-algorithms gostr3411(9) } 135 The AlgorithmIdentifier parameters field MUST be present, and the 136 parameters field MUST contain NULL. Implementations MAY accept the 137 GOST R 34.11-94 AlgorithmIdentifiers with absent parameters as well 138 as NULL parameters. 140 When Message Digest authenticated attribute is present, DigestedData 141 digest contains 32-byte digest in little-endian representation: 143 GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) 145 3 Signature Algorithms 147 This section specifies the CMS procedures for GOST R 34.10-94 and 148 GOST R 34.10-2001 signature algorithms. 150 Signature algorithm identifiers are located in the SignerInfo 151 signatureAlgorithm field of SignedData. Also, signature algorithm 152 identifiers are located in the SignerInfo signatureAlgorithm field of 153 countersignature attributes. 155 Signature values are located in the SignerInfo signature field of 156 SignedData. Also, signature values are located in the SignerInfo 157 signature field of countersignature attributes. 159 3.1 Signature Algorithm GOST R 34.10-94 161 GOST R 34.10-94 has been developed by "GUBS of Federal Agency 162 Government Communication and Information" and "All-Russian Scientific 163 and Research Institute of Standardization". This signature algorithm 164 MUST be used conjointly with GOST R 34.11-94 message digest 165 algorithm. This document does not contain GOST R 34.10-94 standard 166 description, which is fully described in [GOSTR341094] in Russian, 167 and brief description in English could be found in [Schneier95] ch. 168 20.3, p. 495. 170 For a signature algorithm identifier, GOST R 34.10-94 public key 171 algorithm OID [CPPK] is used: 173 id-GostR3410-94-signatute OBJECT IDENTIFIER ::= id-GostR3410-94 175 Signature algorithm GOST R 34.10-94 generates digital signature in 176 the form of a binary 512-bit vector (256||256). 177 signatureValue contains its little endian representation. 179 GostR3410-94-Signature ::= OCTET STRING (SIZE (64)) 181 3.2 Signature Algorithm GOST R 34.10-2001 183 GOST R 34.10-2001 has been developed by "GUBS of Federal Agency 184 Government Communication and Information" and "All-Russian Scientific 185 and Research Institute of Standardization". This signature algorithm 186 MUST be used conjointly with GOST R 34.11-94. This document does not 187 contain GOST R 34.10-2001 standard description, which is fully 188 described in [GOSTR34102001]. 190 For a signature algorithm identifier, GOST R 34.10-2001 public key 191 algorithm OID [CPPK] is used: 193 id-GostR3410-2001-signatute OBJECT IDENTIFIER ::= id-GostR3410-2001 195 Signature algorithm GOST R 34.10-2001 generates digital signature in 196 the form of a binary 512-bit vector (256||256). 197 signatureValue contains its little endian representation. 199 GostR3410-2001-Signature ::= OCTET STRING (SIZE (64)) 201 4 Key Management Algorithms 203 This chapter describes the key agreement and key transport 204 algorithms, based on key establishment algorithms VKO GOST R 34.10-94 205 and VKO GOST R 34.10-2001, described in [CPALGS]. They can be used 206 only with content encryption algorithm GOST 28147-89, defined in 207 section 5 of this document. 209 4.1 Key Agreement Algorithms 211 This section specifies the conventions employed by CMS 212 implementations that support key agreement using both VKO GOST R 213 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in section 5 214 of [CPALGS]. 216 Key agreement algorithm identifiers are located in the EnvelopedData 217 RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and 218 AuthenticatedData RecipientInfos KeyAgreeRecipientInfo 219 keyEncryptionAlgorithm fields. 221 Wrapped content-encryption keys are located in the EnvelopedData 222 RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys 223 encryptedKey field. Wrapped message-authentication keys are located 224 in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo 225 RecipientEncryptedKeys encryptedKey field. 227 4.1.1 Key Agreement Algorithm Based on GOST R 34.10-94/2001 Public Keys 229 The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used 230 as follows: 232 version MUST be 3. 234 originator MUST be the originatorKey alternative. The 235 originatorKey algorithm field MUST contain the object identifier 236 id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters 237 (defined in sections 2.3.1, 2.3.2 of [CPPK]). 239 The originatorKey publicKey field MUST contain the sender's public 240 key. 242 keyEncryptionAlgorithm algorithm field MUST be identical to the 243 recipient public key algorithm identifier. 245 keyEncryptionAlgorithm parameters MUST encapsulate 246 GostR3410-TransportParameters, containing encryptionParamSet (GOST 247 28147-89 algorithm parameters used for key encryption), and UKM. 248 GostR3410-TransportParameters ephemeralPublicKey MUST NOT be 249 present. 251 GostR3410-TransportParameters ::= SEQUENCE { 252 encryptionParamSet OBJECT IDENTIFIER, 253 ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, 254 ukm OCTET STRING 255 } 257 KeyAgreeRecipientInfo ukm MUST be absent, 258 GostR3410-TransportParameters ukm is used instead and is not 259 optional. 261 encryptedKey MUST encapsulate Gost28147-89-EncryptedKey. 263 Gost28147-89-EncryptedKey ::= SEQUENCE { 264 encryptedKey Gost28147-89-Key, 265 macKey Gost28147-89-MAC 266 } 268 Using the secret key, corresponding to originatorKey publicKey, and 269 sender's public key are used to produce an exchange key, algorithm 270 VKO GOST R 34.10-94 or VKO GOST R 34.10-2001 (described in section 5 271 of [CPALGS]) is applied as follows: GostR3410-TransportParameters 272 encryptionParamSet is used for all encryption operations, and 273 GostR3410-TransportParameters ukm is used as synchrovector. Keywrap 274 mode is selected based on encryptionParamSet. The resulting encoded 275 key (SK_enc) is placed in Gost28147-89-EncryptedKey encryptedKey 276 field, and it's mac (SK_mac) is placed in Gost28147-89-EncryptedKey 277 macKey field. 279 4.2 Key Transport Algorithms 281 This section specifies the conventions employed by CMS 282 implementations that support key transport using both VKO GOST R 283 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in section 5 284 of [CPALGS]. 286 Key transport algorithm identifiers are located in the EnvelopedData 287 RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. 289 Key transport encrypted content-encryption keys are located in the 290 EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey 291 field. 293 4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001 Public Keys 295 The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used 296 as follows: 298 version MUST be 0 or 3. 300 keyEncryptionAlgorithm and parameters MUST be identical to the 301 recipient public key algorithm and parameters. 303 encryptedKey encapsulates 304 GostR3410-KeyTransportEncryptedKeyOctetString, which contains 305 encrypted content-encryption key, it's MAC, GOST 28147-89 306 algorithm parameters used for key encryption, sender's ephemeral 307 public key, and UKM (UserKeyingMaterial, see [CMS], 10.2.6). 309 transportParameters MUST be present. 311 ephemeralPublicKey MUST be present, and its parameters, if 312 present, MUST be equal to the recipient public key parameters; 314 GostR3410-KeyTransportEncryptedKeyOctetString ::= SEQUENCE { 315 sessionEncryptedKey Gost28147-89-EncryptedKey, 316 transportParameters 317 [0] IMPLICIT GostR3410-TransportParameters OPTIONAL 318 } 320 GostR3410-TransportParameters ::= SEQUENCE { 321 encryptionParamSet OBJECT IDENTIFIER, 322 ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, 323 ukm OCTET STRING 324 } 326 Using the secret key, corresponding to GostR3410-TransportParameters 327 ephemeralPublicKey, and sender's public key are used to produce an 328 exchange key, algorithm VKO GOST R 34.10-94 or VKO GOST R 34.10-2001 329 (described in section 5 of [CPALGS]) is applied as follows: 330 GostR3410-TransportParameters encryptionParamSet is used for all 331 encryption operations, and GostR3410-TransportParameters ukm is used 332 as synchrovector. Keywrap mode is selected based on 333 encryptionParamSet. The resulting encoded key (SK_enc) is placed in 334 Gost28147-89-EncryptedKey encryptedKey field, and it's mac (SK_mac) 335 is placed in Gost28147-89-EncryptedKey macKey field. 337 5 Content Encryption Algorithms 339 This section specifies the conventions employed by CMS 340 implementations that support content encryption using GOST 28147-89. 342 Content encryption algorithm identifiers are located in the 343 EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the 344 EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields. 346 Content encryption algorithms are used to encipher the content 347 located in the EnvelopedData EncryptedContentInfo encryptedContent 348 field and the EncryptedData EncryptedContentInfo encryptedContent 349 field. 351 5.1 Content Encryption Algorithm GOST 28147-89 353 This section specifies the use of GOST 28147-89 algorithm for data 354 encipherment. 356 GOST 28147-89 is fully described in [GOST28147] (in Russian). 358 This document specifies the following OID for this algorithm: 360 id-Gost28147-89 OBJECT IDENTIFIER ::= 361 { id-CryptoPro-algorithms gost28147-89(21) } 363 Algorithm parameters MUST be present and have the following 364 structure: 366 Gost28147-89-Parameters ::= 367 SEQUENCE { 368 iv Gost28147-89-IV, 369 encryptionParamSet OBJECT IDENTIFIER 370 } 372 Gost28147-89-IV ::= OCTET STRING (SIZE (8)) 374 encryptionParamSet specifies the set of corresponding 375 Gost28147-89-ParamSetParameters (see section 6.1 of [CPALGS]) 377 6 MAC Algorithms 379 This section specifies the conventions employed by CMS 380 implementations that support the message authentication code (MAC) 381 based on GOST R 34.11-94 HMAC. This MAC can also be used as a 382 pseudo-random function with 256 bits (32 bytes) internal state size, 383 which can be used to derive keys. 385 MAC algorithm identifiers are located in the AuthenticatedData 386 macAlgorithm field. 388 MAC values are located in the AuthenticatedData mac field 390 6.1 HMAC with GOST R 34.11-94 392 HMAC_GOSTR3411 (K,text) function is based on hash function GOST R 393 34.11-94, as defined in [HMAC]. See [CPALGS], section 3 for details. 395 OID for HMAC_GOSTR3411, defined by this document: 397 id-HMACGostR3411-94 OBJECT IDENTIFIER ::= 398 { id-CryptoPro-algorithms hmacgostr3411(10) } 400 This algorithm has the same parameters, as GOST R 34.11-94 digest 401 algorithm, and uses the same OIDs for their identification (see 402 [CPPK]). 404 7 Using with S/MIME 406 This section defines use of the algorithms defined in this document 407 together with S/MIME [RFC 2633]. 409 7.1 Parameter micalg 411 When using the algorithms defined in this document, micalg parameter 412 SHOULD be set to "gostr3411-94" or MAY be set to "unknown". 414 7.2 Attribute SMIMECapabilities 416 S/MIME message, which uses the algorithms defined in this document, 417 should contain the list of algorithm identifiers for digest and 418 encryption algorithms, defined in this document, with their 419 parameters, in it's SMIMECapabilities attribute. 421 The SMIMECapability value to indicate support for the GOST R 34.11-94 422 digest algorithm is the SEQUENCE with the capabilityID field 423 containing the object identifier id-GostR3411-94 and no parameters. 424 The DER encoding is: 426 30 08 06 06 2A 85 03 02 02 09 428 The SMIMECapability value to indicate support for the GOST 28147-89 429 encryption algorithm is the SEQUENCE with the capabilityID field 430 containing the object identifier id-Gost28147-89 and no parameters. 431 The DER encoding is: 433 30 08 06 06 2A 85 03 02 02 09 435 If the sender wishes to indicate support for specific parameter set, 436 SMIMECapability parameters MUST contain Gost28147-89-Parameters 437 structure. Recipient MUST ignore the Gost28147-89-Parameters iv 438 field, and assume that the sender supports parameters, specified in 439 Gost28147-89-Parameters encryptionParamSet field. 441 The DER encoding for the SMIMECapability, indicating support for GOST 442 28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]) is: 444 30 1D 06 06 2A 85 03 02 02 15 30 13 04 08 00 00 445 00 00 00 00 00 00 06 07 2A 85 03 02 02 1F 01 447 8 Security Considerations 449 Conforming applications MUST use unique values for ukm and iv. 450 Recipients MAY verify that ukm and iv, specified by the sender, are 451 unique. 453 It is RECCOMENDED, that applications verify signature values and 454 subject public keys to conform to [GOSTR34102001], [GOSTR341094] 455 standards prior to their use. 457 Cryptographic algorithm parameters affect rigidity of algorithms. 458 The use of parameters, which are not listed in [CPALGS], is NOT 459 RECOMENDED (see Security Considerations section of [CPALGS]). 461 When signed CMS document is used as analogue to a manual signing, in 462 the context of Russian Federal Digital Signature Law [RFDSL], signer 463 certificate MUST contain keyUsage extension, it MUST be critical, and 464 keyUsage MUST NOT include keyEncipherment and keyAgreement. It SHOULD 465 be submited for examination by an authorized agency in appropriate 466 levels of target_of_evaluation (TOE), according to [RFDSL], [RFLLIC] 467 and [CRYPTOLIC]. 469 9 Appendix Examples 471 9.1 Signed message 473 0 30 272: SEQUENCE { 474 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 475 15 A0 257: [0] { 476 19 30 254: SEQUENCE { 477 22 02 1: INTEGER 1 478 25 31 12: SET { 479 27 30 10: SEQUENCE { 480 29 06 6: OBJECT IDENTIFIER GOST R 34.11-94 (1 2 643 2 2 9) 481 37 05 0: NULL 482 : } 483 : } 484 39 30 18: SEQUENCE { 485 41 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 486 52 A0 5: [0] { 487 54 04 3: OCTET STRING 488 : 2A 0D 0A 489 : } 490 : } 491 59 31 214: SET { 492 62 30 211: SEQUENCE { 493 65 02 1: INTEGER 1 494 68 30 116: SEQUENCE { 495 70 30 102: SEQUENCE { 496 72 31 11: SET { 497 74 30 9: SEQUENCE { 498 76 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 499 81 13 2: PrintableString 'RU' 500 : } 501 : } 502 85 31 15: SET { 503 87 30 13: SEQUENCE { 504 89 06 3: OBJECT IDENTIFIER localityName (2 5 4 7) 505 94 13 6: PrintableString 'Moscow' 506 : } 507 : } 508 102 31 23: SET { 509 104 30 21: SEQUENCE { 510 106 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 511 111 13 14: PrintableString 'OOO Crypto-Pro' 512 : } 513 : } 514 127 31 20: SET { 515 129 30 18: SEQUENCE { 516 131 06 3: OBJECT IDENTIFIER 517 : organizationalUnitName (2 5 4 11) 518 136 13 11: PrintableString 'Development' 519 : } 520 : } 521 149 31 23: SET { 522 151 30 21: SEQUENCE { 523 153 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 524 158 13 14: PrintableString 'CP CSP Test CA' 525 : } 526 : } 527 : } 528 174 02 10: INTEGER 529 : 1A 02 A9 9D 00 03 00 00 0F 60 530 : } 531 186 30 10: SEQUENCE { 532 188 06 6: OBJECT IDENTIFIER GOST R 34.11-94 (1 2 643 2 2 9) 533 196 05 0: NULL 534 : } 535 198 30 10: SEQUENCE { 536 200 06 6: OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20) 537 208 05 0: NULL 538 : } 539 210 04 64: OCTET STRING 540 : 6E 7B 56 7C 86 F4 0A 08 30 7E 8F 9D DD 9E 55 B1 541 : F4 7D 9A B3 B8 8D 52 8D 34 46 28 AF 66 48 42 71 542 : 8A 11 5D 45 EE 52 1F FF 81 61 AA 64 A0 D2 DE 80 543 : 96 C4 33 9D BD 87 3E F7 98 1E A8 91 25 FC CF 5A 544 : } 545 : } 546 : } 547 : } 548 : } 550 9.2 Enveloped message using Key Agreement 552 0 30 452: SEQUENCE { 553 4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 554 15 A0 437: [0] { 555 19 30 433: SEQUENCE { 556 23 02 1: INTEGER 2 557 26 31 377: SET { 558 30 A1 373: [1] { 559 34 02 1: INTEGER 3 560 37 A0 168: [0] { 561 40 A1 165: [1] { 562 43 30 28: SEQUENCE { 563 45 06 6: OBJECT IDENTIFIER 564 : GOST R 34.10-94 (1 2 643 2 2 20) 566 53 30 18: SEQUENCE { 567 55 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2' 568 64 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1' 569 : } 570 : } 571 73 03 132: BIT STRING 0 unused bits, encapsulates { 572 77 04 128: OCTET STRING 573 : 4D FC D3 19 15 65 E6 A8 CD 2E F4 94 1D E9 1D 8E 574 : 38 74 EF 67 CD 39 59 DB B3 F4 07 63 A0 A1 0D 72 575 : 1B 88 9A DB FC 0A C6 D6 27 1D 0A 40 8A 4E C7 E8 576 : FE 5B 36 C9 B9 A2 71 13 89 29 09 C7 73 AD 7E 07 577 : CD AB FA 4B FA FC 0D 1B 66 D2 60 49 87 B0 B2 ED 578 : 13 EE BA D2 2F BB 4B E5 DD 84 B7 65 85 10 49 8A 579 : 01 A5 F5 4C 24 FB 49 AB 1D 5D D8 A6 F4 F4 27 9B 580 : F7 F7 97 7A F9 D9 7B DB F5 A0 29 F6 8D C9 AB 46 581 : } 582 : } 583 : } 584 208 30 29: SEQUENCE { 585 210 06 6: OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20) 586 218 30 19: SEQUENCE { 587 220 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1' 588 229 04 8: OCTET STRING 589 : 97 27 17 E0 05 B0 D0 5A 590 : } 591 : } 592 239 30 165: SEQUENCE { 593 242 30 162: SEQUENCE { 594 245 30 116: SEQUENCE { 595 247 30 102: SEQUENCE { 596 249 31 11: SET { 597 251 30 9: SEQUENCE { 598 253 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 599 258 13 2: PrintableString 'RU' 600 : } 601 : } 602 262 31 15: SET { 603 264 30 13: SEQUENCE { 604 266 06 3: OBJECT IDENTIFIER localityName (2 5 4 7) 605 271 13 6: PrintableString 'Moscow' 606 : } 607 : } 608 279 31 23: SET { 609 281 30 21: SEQUENCE { 610 283 06 3: OBJECT IDENTIFIER 611 : organizationName (2 5 4 10) 612 288 13 14: PrintableString 'OOO Crypto-Pro' 613 : } 614 : } 615 304 31 20: SET { 616 306 30 18: SEQUENCE { 617 308 06 3: OBJECT IDENTIFIER 618 : organizationalUnitName (2 5 4 11) 619 313 13 11: PrintableString 'Development' 620 : } 621 : } 622 326 31 23: SET { 623 328 30 21: SEQUENCE { 624 330 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 625 335 13 14: PrintableString 'CP CSP Test CA' 626 : } 627 : } 628 : } 629 351 02 10: INTEGER 630 : 32 C7 ED 5B 00 03 00 00 12 82 631 : } 632 363 04 42: OCTET STRING, encapsulates { 633 365 30 40: SEQUENCE { 634 367 04 32: OCTET STRING 635 : 57 22 EF 5F 03 7C AF AD 74 7E 0C C4 52 9F 0D 96 636 : F2 5B 42 23 0D 6A EC 7A 98 90 7F CC D8 2F E5 72 637 401 04 4: OCTET STRING 638 : C6 E0 DE 69 639 : } 640 : } 641 : } 642 : } 643 : } 644 : } 645 407 30 47: SEQUENCE { 646 409 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 647 420 30 29: SEQUENCE { 648 422 06 6: OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21) 649 430 30 19: SEQUENCE { 650 432 04 8: OCTET STRING 651 : BF 68 D1 74 95 19 F0 13 652 442 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1' 653 : } 654 : } 655 451 80 3: [0] 656 : B1 7F 12 657 : } 658 : } 659 : } 660 : } 662 9.3 Enveloped message using Key Transport 664 0 30 468: SEQUENCE { 665 4 06 9: OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3) 666 15 A0 453: [0] { 667 19 30 449: SEQUENCE { 668 23 02 1: INTEGER 0 669 26 31 393: SET { 670 30 30 389: SEQUENCE { 671 34 02 1: INTEGER 0 672 37 30 116: SEQUENCE { 673 39 30 102: SEQUENCE { 674 41 31 11: SET { 675 43 30 9: SEQUENCE { 676 45 06 3: OBJECT IDENTIFIER countryName (2 5 4 6) 677 50 13 2: PrintableString 'RU' 678 : } 679 : } 680 54 31 15: SET { 681 56 30 13: SEQUENCE { 682 58 06 3: OBJECT IDENTIFIER localityName (2 5 4 7) 683 63 13 6: PrintableString 'Moscow' 684 : } 685 : } 686 71 31 23: SET { 687 73 30 21: SEQUENCE { 688 75 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 689 80 13 14: PrintableString 'OOO Crypto-Pro' 690 : } 691 : } 692 96 31 20: SET { 693 98 30 18: SEQUENCE { 694 100 06 3: OBJECT IDENTIFIER 695 : organizationalUnitName (2 5 4 11) 696 105 13 11: PrintableString 'Development' 697 : } 698 : } 699 118 31 23: SET { 700 120 30 21: SEQUENCE { 701 122 06 3: OBJECT IDENTIFIER commonName (2 5 4 3) 702 127 13 14: PrintableString 'CP CSP Test CA' 703 : } 704 : } 705 : } 706 143 02 10: INTEGER 707 : 1A 04 13 2F 00 03 00 00 0F 61 708 : } 709 155 30 28: SEQUENCE { 710 157 06 6: OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20) 711 165 30 18: SEQUENCE { 712 167 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2' 713 176 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1' 714 : } 715 : } 716 185 04 235: OCTET STRING, encapsulates { 717 188 30 232: SEQUENCE { 718 191 30 40: SEQUENCE { 719 193 04 32: OCTET STRING 720 : 6B B6 75 7D 48 FD FC 6C B1 51 48 4F 0D 92 1F B0 721 : 5D 3A 93 11 DC 8A 13 0D 42 77 6C DC 1A 5E 87 F7 722 227 04 4: OCTET STRING 723 : 0A A3 26 A0 724 : } 725 233 A0 187: [0] { 726 236 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1' 727 245 A0 165: [0] { 728 248 30 28: SEQUENCE { 729 250 06 6: OBJECT IDENTIFIER 730 : GOST R 34.10-94 (1 2 643 2 2 20) 731 258 30 18: SEQUENCE { 732 260 06 7: OBJECT IDENTIFIER '1 2 643 2 2 32 2' 733 269 06 7: OBJECT IDENTIFIER '1 2 643 2 2 30 1' 734 : } 735 : } 736 278 03 132: BIT STRING 0 unused bits, encapsulates { 737 282 04 128: OCTET STRING 738 : 47 A6 19 5E D6 FF E2 6A 6C 32 94 9D 6D 8C 1A 82 739 : C2 C4 0D 73 09 4E 01 3B B0 32 FE EE 79 1F C7 CC 740 : DB 27 B0 52 4F E1 10 B1 26 B9 22 51 37 64 F2 06 741 : 33 13 00 D0 31 3F E4 B6 D2 D6 F7 31 B9 63 4F 02 742 : 05 DD 16 E1 AD 0E E4 B7 CC B8 89 D1 20 D3 EA 45 743 : 53 02 8C 03 21 7C F2 0C BE BB 0D 7F 4E 04 E5 A5 744 : 3D F6 7F 2A 1E 17 40 59 4D 9D C5 4A ED 03 15 93 745 : B9 76 E6 41 BC 3B 70 18 90 B7 4A 7C 8F 4B 06 7D 746 : } 747 : } 748 413 04 8: OCTET STRING 749 : CA CD 7B 87 B9 60 17 68 750 : } 751 : } 752 : } 753 : } 754 : } 755 423 30 47: SEQUENCE { 756 425 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 757 436 30 29: SEQUENCE { 758 438 06 6: OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21) 759 446 30 19: SEQUENCE { 760 448 04 8: OCTET STRING 761 : 56 9C 94 5C 37 0F B2 59 762 458 06 7: OBJECT IDENTIFIER '1 2 643 2 2 31 1' 763 : } 764 : } 765 467 80 3: [0] 766 : E5 CE CA 767 : } 768 : } 769 : } 770 : } 772 10 Appendix ASN.1 Modules 774 10.1 Gost28147-89-EncryptionSyntax 776 Gost28147-89-EncryptionSyntax 777 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 778 other(1) modules(1) gost28147-89-EncryptionSyntax(4) 1 } 779 DEFINITIONS EXPLICIT TAGS ::= 780 BEGIN 781 -- EXPORTS All -- 782 -- The types and values defined in this module are exported for 783 -- use in the other ASN.1 modules contained within the Russian 784 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 785 -- of other applications which will use them to access Russian 786 -- Cryptography services. Other applications may use them for 787 -- their own purposes, but this will not constrain extensions and 788 -- modifications needed to maintain or improve the Russian 789 -- Cryptography service. 790 IMPORTS 791 id-CryptoPro-algorithms, id-CryptoPro-encrypts, 792 cryptographic-Gost-Useful-Definitions 793 FROM Cryptographic-Gost-Useful-Definitions 794 { iso(1) member-body(2) ru(643) rans(2) 795 cryptopro(2) other(1) modules(1) 796 cryptographic-Gost-Useful-Definitions(0) 1 } 797 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 798 FROM Cryptographic-Gost-Useful-Definitions 799 cryptographic-Gost-Useful-Definitions 800 ; 801 -- GOST 28147-89 OID 802 id-Gost28147-89 OBJECT IDENTIFIER ::= 803 { id-CryptoPro-algorithms gost28147-89(21) } 804 -- GOST 28147-89 Cryptographic Parameter Sets OIDs 805 id-Gost28147-89-TestParamSet OBJECT IDENTIFIER ::= 806 { id-CryptoPro-encrypts test(0) } 807 id-Gost28147-89-CryptoPro-A-ParamSet OBJECT IDENTIFIER ::= 808 { id-CryptoPro-encrypts cryptopro-A(1) } 809 id-Gost28147-89-CryptoPro-B-ParamSet OBJECT IDENTIFIER ::= 810 { id-CryptoPro-encrypts cryptopro-B(2) } 811 id-Gost28147-89-CryptoPro-C-ParamSet OBJECT IDENTIFIER ::= 812 { id-CryptoPro-encrypts cryptopro-C(3) } 813 id-Gost28147-89-CryptoPro-D-ParamSet OBJECT IDENTIFIER ::= 814 { id-CryptoPro-encrypts cryptopro-D(4) } 815 id-Gost28147-89-CryptoPro-Simple-A-ParamSet 816 OBJECT IDENTIFIER ::= 817 { id-CryptoPro-encrypts cryptopro-Simple-A(6) } 818 id-Gost28147-89-CryptoPro-Simple-B-ParamSet 819 OBJECT IDENTIFIER ::= 820 { id-CryptoPro-encrypts cryptopro-Simple-B(7) } 821 id-Gost28147-89-CryptoPro-Simple-C-ParamSet 822 OBJECT IDENTIFIER ::= 823 { id-CryptoPro-encrypts cryptopro-Simple-C(8) } 824 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 825 OBJECT IDENTIFIER ::= 826 { id-CryptoPro-encrypts cryptopro-Simple-D(9) } 827 -- GOST 28147-89 Types 828 Gost28147-89-Data ::= OCTET STRING (SIZE (0..4294967294)) 829 Gost28147-89-EncryptedData ::= 830 OCTET STRING (SIZE (0..4294967294)) 831 Gost28147-89-UZ ::= OCTET STRING (SIZE (64)) 832 Gost28147-89-IV ::= OCTET STRING (SIZE (8)) 833 Gost28147-89-Key ::= OCTET STRING (SIZE (32)) 834 Gost28147-89-MAC ::= OCTET STRING (SIZE (1..4)) 835 Gost28147-89-EncryptedKey ::= 836 SEQUENCE { 837 encryptedKey Gost28147-89-Key, 838 macKey Gost28147-89-MAC (SIZE (4)) 839 } 840 -- GOST 28147-89 encryption algorithm parameters 841 Gost28147-89-Parameters ::= 842 SEQUENCE { 843 encryptionParamSet 844 OBJECT IDENTIFIER ( 845 id-Gost28147-89-TestParamSet | -- Only for tests use 846 id-Gost28147-89-CryptoPro-A-ParamSet | 847 id-Gost28147-89-CryptoPro-B-ParamSet | 848 id-Gost28147-89-CryptoPro-C-ParamSet | 849 id-Gost28147-89-CryptoPro-D-ParamSet | 850 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 851 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 852 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 853 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 855 ), 856 iv Gost28147-89-IV 857 } 858 Gost28147-89-Algorithms ALGORITHM-IDENTIFIER ::= { 859 { Gost28147-89-Parameters IDENTIFIED BY 860 id-Gost28147-89 } 861 } 862 END -- Gost28147-89-EncryptionSyntax 864 10.2 GostR3410-EncryptionSyntax 866 GostR3410-EncryptionSyntax 867 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 868 other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 } 869 DEFINITIONS ::= 870 BEGIN 871 -- EXPORTS All -- 872 -- The types and values defined in this module are exported for 873 -- use in the other ASN.1 modules contained within the Russian 874 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 875 -- of other applications which will use them to access Russian 876 -- Cryptography services. Other applications may use them for 877 -- their own purposes, but this will not constrain extensions and 878 -- modifications needed to maintain or improve the Russian 879 -- Cryptography service. 880 IMPORTS 881 id-CryptoPro-algorithms, 882 gost28147-89-EncryptionSyntax, 883 gostR3410-94-PKISyntax, 884 gostR3410-2001-PKISyntax, 885 cryptographic-Gost-Useful-Definitions 886 FROM Cryptographic-Gost-Useful-Definitions 887 { iso(1) member-body(2) ru(643) rans(2) 888 cryptopro(2) other(1) modules(1) 889 cryptographic-Gost-Useful-Definitions(0) 1 } 890 id-GostR3410-94, 891 GostR3410-94-PublicKeyParameters, 892 GostR3410-94-PublicKeyAlgorithms 893 FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax 894 id-GostR3410-2001, 895 GostR3410-2001-PublicKeyParameters, 896 GostR3410-2001-PublicKeyAlgorithms 897 FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax 898 id-Gost28147-89-TestParamSet, 899 id-Gost28147-89-CryptoPro-A-ParamSet, 900 id-Gost28147-89-CryptoPro-B-ParamSet, 901 id-Gost28147-89-CryptoPro-C-ParamSet, 902 id-Gost28147-89-CryptoPro-D-ParamSet, 903 id-Gost28147-89-CryptoPro-Simple-A-ParamSet, 904 id-Gost28147-89-CryptoPro-Simple-B-ParamSet, 905 id-Gost28147-89-CryptoPro-Simple-C-ParamSet, 906 id-Gost28147-89-CryptoPro-Simple-D-ParamSet, 907 Gost28147-89-EncryptedKey 908 FROM Gost28147-89-EncryptionSyntax 909 gost28147-89-EncryptionSyntax 910 -- id-external-PKIX1Explicit93, 911 SubjectPublicKeyInfo, AlgorithmIdentifier, ALGORITHM-IDENTI 912 FIER 913 FROM PKIX1Explicit88 {iso(1) identified-organization(3) 914 dod(6) internet(1) security(5) mechanisms(5) pkix(7) 915 id-mod(0) id-pkix1-explicit(1)} 916 ; 917 -- CMS/PKCS#7 Key transport OID, Algorithm & Parameters 918 -- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from 919 -- GostR3410-94-PKISyntax or id-GostR3410-2001 from 920 -- GostR3410-2001-PKISyntax 921 -- Parameters for CMS/PKCS#7 Key transport is 922 -- GostR3410-94-PublicKeyParameters from 923 -- GostR3410-94-PKISyntax with encryptionParameterOID or 924 -- GostR3410-2001-PublicKeyParameters from 925 -- GostR3410-2001-PKISyntax with encryptionParameterOID 926 -- Algorithm for CMS/PKCS#7 Key transport is 927 -- GostR3410-94-PublicKeyAlgorithms from 928 -- GostR3410-94-PKISyntax or 929 -- GostR3410-2001-PublicKeyAlgorithms from 930 -- GostR3410-2001-PKISyntax 931 -- SMIMECapability for CMS/PKCS#7 Key transport is 932 -- id-GostR3410-94 from GostR3410-94-PKISyntax or 933 -- id-GostR3410-2001 from GostR3410-2001-PKISyntax 934 id-GostR3410-94-KeyTransportSMIMECapability 935 OBJECT IDENTIFIER ::= id-GostR3410-94 936 id-GostR3410-2001-KeyTransportSMIMECapability 937 OBJECT IDENTIFIER ::= id-GostR3410-2001 938 GostR3410-KeyTransportEncryptedKeyOctetString ::= 939 SEQUENCE { 940 sessionEncryptedKey Gost28147-89-EncryptedKey, 941 transportParameters [0] IMPLICIT GostR3410-TransportPar 942 ameters OPTIONAL 943 } 944 GostR3410-TransportParameters ::= 945 SEQUENCE { 946 encryptionParamSet 947 OBJECT IDENTIFIER ( 948 id-Gost28147-89-TestParamSet | -- Only for tests use 949 id-Gost28147-89-CryptoPro-A-ParamSet | 950 id-Gost28147-89-CryptoPro-B-ParamSet | 951 id-Gost28147-89-CryptoPro-C-ParamSet | 952 id-Gost28147-89-CryptoPro-D-ParamSet | 953 id-Gost28147-89-CryptoPro-Simple-A-ParamSet | 954 id-Gost28147-89-CryptoPro-Simple-B-ParamSet | 955 id-Gost28147-89-CryptoPro-Simple-C-ParamSet | 956 id-Gost28147-89-CryptoPro-Simple-D-ParamSet 957 ), 958 ephemeralPublicKey [0] IMPLICIT SubjectPublicKeyInfo 959 OPTIONAL, 960 ukm OCTET STRING ( SIZE(8) ) 961 } 962 GostR3410-KeyEncryptionAlgorithms 963 ALGORITHM-IDENTIFIER ::= { 964 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 965 id-GostR3410-94 } | 966 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 967 id-GostR3410-2001 } 968 } 969 END -- GostR3410-94-EncryptionSyntax 971 10.3 GostR3410-94-SignatureSyntax 973 GostR3410-94-SignatureSyntax 974 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 975 other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 } 976 DEFINITIONS ::= 977 BEGIN 978 -- EXPORTS All -- 979 -- The types and values defined in this module are exported for 980 -- use in the other ASN.1 modules contained within the Russian 981 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 982 -- of other applications which will use them to access Russian 983 -- Cryptography services. Other applications may use them for 984 -- their own purposes, but this will not constrain extensions and 985 -- modifications needed to maintain or improve the Russian 986 -- Cryptography service. 987 IMPORTS 988 gostR3411-94-DigestSyntax, 989 gostR3410-94-PKISyntax, 990 cryptographic-Gost-Useful-Definitions 991 FROM Cryptographic-Gost-Useful-Definitions 992 { iso(1) member-body(2) ru(643) rans(2) 993 cryptopro(2) other(1) modules(1) 994 cryptographic-Gost-Useful-Definitions(0) 1 } 995 id-GostR3411-94, GostR3411-94-Digest, 996 GostR3411-94-DigestParameters, 997 id-GostR3411-94-TestParamSet, 998 id-GostR3411-94-CryptoProParamSet 999 FROM GostR3411-94-DigestSyntax gostR3411-94-DigestSyntax 1000 id-GostR3410-94, 1001 GostR3410-94-PublicKeyParameters, 1002 id-GostR3410-94-TestParamSet, 1003 id-GostR3410-94-CryptoPro-A-ParamSet, 1004 id-GostR3410-94-CryptoPro-B-ParamSet, 1005 id-GostR3410-94-CryptoPro-C-ParamSet, 1006 id-GostR3410-94-CryptoPro-D-ParamSet, 1007 id-GostR3410-94-CryptoPro-XchA-ParamSet, 1008 id-GostR3410-94-CryptoPro-XchB-ParamSet, 1009 id-GostR3410-94-CryptoPro-XchC-ParamSet 1010 FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax 1011 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1012 FROM Cryptographic-Gost-Useful-Definitions 1013 cryptographic-Gost-Useful-Definitions 1014 ; 1015 -- GOST R 34.10-94 Signature Data Type 1016 GostR3410-94-Signature ::= 1017 OCTET STRING (SIZE (64)) 1018 -- GOST R 34.10-94 Signature Parameters & Algorithm 1019 GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= { 1020 { GostR3410-94-PublicKeyParameters IDENTIFIED BY 1021 id-GostR3410-94 } 1022 } 1024 END -- GostR3410-94-SignatureSyntax 1026 10.4 GostR3410-2001-SignatureSyntax 1028 GostR3410-2001-SignatureSyntax 1029 { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) 1030 other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 } 1031 DEFINITIONS ::= 1032 BEGIN 1033 -- EXPORTS All -- 1034 -- The types and values defined in this module are exported for 1035 -- use in the other ASN.1 modules contained within the Russian 1036 -- Cryptography "GOST" & "GOST R" Specifications, and for the use 1037 -- of other applications which will use them to access Russian 1038 -- Cryptography services. Other applications may use them for 1039 -- their own purposes, but this will not constrain extensions and 1040 -- modifications needed to maintain or improve the Russian 1041 -- Cryptography service. 1042 IMPORTS 1043 gostR3410-2001-PKISyntax, 1044 cryptographic-Gost-Useful-Definitions 1045 FROM Cryptographic-Gost-Useful-Definitions 1046 { iso(1) member-body(2) ru(643) rans(2) 1047 cryptopro(2) other(1) modules(1) 1048 cryptographic-Gost-Useful-Definitions(0) 1 } 1049 id-GostR3410-2001, 1050 GostR3410-2001-PublicKeyParameters 1051 FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax 1052 AlgorithmIdentifier, ALGORITHM-IDENTIFIER 1053 FROM Cryptographic-Gost-Useful-Definitions 1054 cryptographic-Gost-Useful-Definitions 1055 ; 1056 -- GOST R 34.10-2001 Signature Data Type 1057 GostR3410-2001-Signature ::= 1058 OCTET STRING (SIZE (64)) 1059 -- GOST R 34.10-2001 Signature Parameters & Algorithm 1060 GostR3410-2001-CMSSignatureAlgorithms 1061 ALGORITHM-IDENTIFIER ::= { 1062 { GostR3410-2001-PublicKeyParameters IDENTIFIED BY 1063 id-GostR3410-2001 } 1064 } 1065 END -- GostR3410-2001-SignatureSyntax 1067 11 References 1069 [GOST28147] "Cryptographic Protection for Data Processing Sys- 1070 tem", GOST 28147-89, Gosudarstvennyi Standard of 1071 USSR, Government Committee of the USSR for Standards, 1072 1989. (In Russian); 1074 [GOSTR341094] "Information technology. Cryptographic Data Security. 1075 Produce and check procedures of Electronic Digital 1076 Signatures based on Asymmetric Cryptographic Algo- 1077 rithm.", GOST R 34.10-94, Gosudarstvennyi Standard of 1078 Russian Federation, Government Committee of the Rus- 1079 sia for Standards, 1994. (In Russian); 1081 [GOSTR34102001] "Information technology. Cryptographic data security. 1082 Signature and verification processes of [electronic] 1083 digital signature.", GOST R 34.10-2001, Gosudarstven- 1084 nyi Standard of Russian Federation, Government Com- 1085 mittee of the Russia for Standards, 2001. (In Rus- 1086 sian); 1088 [GOSTR341194] "Information technology. Cryptographic Data Security. 1089 Hashing function.", GOST R 34.10-94, Gosudarstvennyi 1090 Standard of Russian Federation, Government Committee 1091 of the Russia for Standards, 1994. (In Russian); 1093 [Schneier95] B. Schneier, Applied cryptography, second edition, 1094 John Wiley & Sons, Inc., 1995; 1096 [RFC 3280] Housley, R., Polk, W., Ford, W. and D. Solo, 1097 "Internet X.509 Public Key Infrastructure Certificate 1098 and Certificate Revocation List (CRL) Profile", RFC 1099 3280, April 2002. 1101 [RFC 3279] Algorithms and Identifiers for the Internet X.509 1102 Public Key Infrastructure Certificate and Certificate 1103 Revocation List (CRL) Profile. L. Bassham, W. 1104 Polk, R. Housley. April 2002. 1106 [RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indi- 1107 cateRequirement Levels", BCP 14, RFC 2119, March 1108 1997. 1110 [CMS] R. Housley, "Cryptographic Message Syntax", RFC 3369, 1111 August 2002 1113 [X.208-88] CCITT. Recommendation X.208: Specification of 1114 Abstract Syntax Notation One (ASN.1). 1988. 1116 [X.209-88] CCITT. Recommendation X.209: Specification of Basic 1117 Encoding Rules for Abstract Syntax Notation One 1118 (ASN.1). 1988.. 1120 [CPPK] S. Leontiev, D. Shefanovskij, "Algorithms and Identi- 1121 fiers for the Internet X.509 Public Key Infrastruc- 1122 ture Certificates and Certificate Revocation List 1123 (CRL), corresponding to the algorithms GOST R 1124 34.10-94, GOST R 34.10-2001, GOST R 34.11-94", draft- 1125 leontiev-cryptopro-cppk-00.txt 1127 [CPALGS] V. Popov, I. Kurepkin, S. Leontiev "Additional cryp- 1128 tographic algorithms for use with GOST 28147-89, GOST 1129 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 1130 algorithms.", draft-popov-cryptopro-cpalgs-00.txt 1132 [HMAC] H. Krawczyk, M. Bellare, R. Canetti, "HMAC: Keyed- 1133 Hashing for Message Authentication", RFC 2104 Febru- 1134 ary 1997. 1136 [RFDSL] "Russian Federal Digital Signature Law", 10 Jan 2002 1137 N1-FZ 1139 [RFLLIC] "Russian Federal Law on Licensing of Selected Activ- 1140 ity Categories", 08 Aug 2001 N 128-FZ 1142 [CRYPTOLIC] "Russian Federal Goverment Regulation on Licensing of 1143 Selected Activity Categories in Cryptography Area", 1144 23 Sep 2002 N 691 1146 Acknowledgments 1148 This document was created in accordance with "Russian Cryptographic 1149 Software Compatibility Agreement", signed by FGUE STC "Atlas", 1150 CRYPTO-PRO, Factor-TC, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI), 1151 Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual 1152 compatibility of the products and solutions. 1154 The authors wish to thank: 1156 Microsoft Corporation Russia for provided information about 1157 company products and solutions, and also for technical consulting 1158 in PKI. 1160 RSA Security Russia and Demos Co Ltd for active collaboration and 1161 critical help in creation of this document. 1163 Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and 1164 Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative, 1165 creating this document. 1167 This document is based on a contribution of CRYPTO-PRO Company. Any 1168 substantial use of the text from this document must acknowledge 1169 CRYPTO-PRO. CRYPTO-PRO requests that all material mentioning or 1170 referencing this document identify this as "CRYPTO-PRO CPCMS". 1172 Author's Addresses 1173 Serguei Leontiev 1174 CRYPTO-PRO 1175 38, Obraztsova, 1176 Moscow, 127018, Russian Federation 1177 EMail: lse@cryptopro.ru 1179 Vladimir Popov 1180 CRYPTO-PRO 1181 38, Obraztsova, 1182 Moscow, 127018, Russian Federation 1183 EMail: vpopov@cryptopro.ru 1185 Gregory Chudov 1186 CRYPTO-PRO 1187 38, Obraztsova, 1188 Moscow, 127018, Russian Federation 1189 EMail: chudov@cryptopro.ru 1191 Alexandr Afanasiev 1192 Factor-TC 1193 office 711, 14, Presnenskij val, 1194 Moscow, 123557, Russian Federation 1195 EMail: aaaf@factor-ts.ru 1197 Nikolaj Nikishin 1198 Infotecs GmbH 1199 p/b 35, 80-5, Leningradskij prospekt, 1200 Moscow, 125315, Russian Federation 1201 EMail: nikishin@infotecs.ru 1203 Boleslav Izotov 1204 FGUE STC "Atlas" 1205 38, Obraztsova, 1206 Moscow, 127018, Russian Federation 1207 EMail: izotov@stcnet.ru 1209 Elena Minaeva 1210 MD PREI 1211 build 3, 6A, Vtoroj Troitskij per., 1212 Moscow, Russian Federation 1213 EMail: evminaeva@mo.msk.ru 1215 Serguei Murugov 1216 R-Alpha 1217 4/1, Raspletina, 1218 Moscow, 123060, Russian Federation 1219 EMail: msm@office.ru 1220 Igori Ustinov 1221 Cryptocom 1222 office 239, 51, Leninskij prospekt, 1223 Moscow, 119991, Russian Federation 1224 EMail: igus@cryptocom.ru 1226 Anatolij Erkin 1227 SPRCIS (SPbRCZI) 1228 1, Obrucheva, 1229 St.Petersburg, 195220, Russian Federation 1230 EMail: erkin@nevsky.net 1232 Full Copyright Statement 1234 Copyright (C) The Internet Society (2003). All Rights Reserved. 1236 This document and translations of it may be copied and furnished to 1237 others, and derivative works that comment on or otherwise explain it 1238 or assist in its implementation may be prepared, copied, published 1239 and distributed, in whole or in part, without restriction of any 1240 kind, provided that the above copyright notice and this paragraph are 1241 included on all such copies and derivative works. However, this 1242 document itself may not be modified in any way, such as by removing 1243 the copyright notice or references to the Internet Society or other 1244 Internet organizations, except as needed for the purpose of 1245 developing Internet standards in which case the procedures for 1246 copyrights defined in the Internet Standards process must be 1247 followed, or as required to translate it into languages other than 1248 English. 1250 The limited permissions granted above are perpetual and will not be 1251 revoked by the Internet Society or its successors or assigns. 1253 This document and the information contained herein is provided on an 1254 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1255 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1256 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1257 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1258 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.