idnits 2.17.1 draft-mavrogiannopoulos-pkcs8-validated-parameters-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (March 29, 2018) is 2213 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5208 (Obsoleted by RFC 5958) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group N. Mavrogiannopoulos 3 Internet-Draft Red Hat 4 Intended status: Informational March 29, 2018 5 Expires: September 30, 2018 7 Storing validation parameters in PKCS#8 8 draft-mavrogiannopoulos-pkcs8-validated-parameters-02 10 Abstract 12 This memo describes a method of storing parameters needed for private 13 key validation in the Private-Key Information Syntax Specification as 14 defined in RFC5208 (PKCS#8) format. It is equally applicable the 15 alternative implementation of the Private-Key Information Syntax 16 Specification as defined in RFC 5958. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on September 30, 2018. 35 Copyright Notice 37 Copyright (c) 2018 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 1. Introduction 52 RSA or DSA private keys generated using the Shawe-Taylor prime 53 generation algorithm describled in [FIPS186-4] allow for parameter 54 validation, i.e., verify whether the primes are actually prime, and 55 were correctly generated. That is done by generating the parameters 56 from a known seed and a selected hash algorithm. 58 Storing these parameters in a private key format such as the RSA 59 Private Key Syntax from PKCS#1 [RFC8017], or common representations 60 for DSA private keys, does not allow attaching information on the 61 parameters needed for validation. The purpose of the document is to 62 describe such a method using the Private-Key Information Syntax 63 Specification as defined in [RFC5208], as well as on the alternative 64 specification on [RFC5958]. 66 2. Terminology 68 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 69 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 70 "OPTIONAL" in this document are to be interpreted as described in 71 BCP14 [RFC2119][RFC8174] when, and only when, they appear in all 72 capitals, as shown here. 74 3. ValidationParams attribute 76 The information related to the validation parameters is stored as an 77 attribute in the PrivateKeyInfo structure. The attribute is 78 identified by the id-attr-validation-parameters object identifier and 79 contains as AttributeValue a single ValidationParams structure. 81 id-attr-validation-parameters OBJECT IDENTIFIER ::= 82 {1 3 6 1 4 1 2312 18 8 1} 84 ValidationParams ::= SEQUENCE { 85 hashAlgo OBJECT IDENTIFIER, 86 seed OCTET STRING 87 } 89 The algorithm identifier in the ValidationParams should be a hash 90 algorithm identifier for the [FIPS186-4] methods. The 91 ValidationParams sequence must be DER encoded [CCITT.X690.2002]. 93 4. Example Structure 95 The following structure contains an RSA key generated using the 96 [FIPS186-4] section B.3.3 algorithm with SHA2-384 hash. The seed 97 used is 98 '8af4328c87bebcec31e303b8f5537effcb6a91d947084d99a369823b36f01462' 99 (hex encoded). 101 -----BEGIN PRIVATE KEY----- 102 MIIE/gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpPwXwfhDsWA3q 103 jN2BWg1xfDjvZDVNfgTV/b95g304Aty3z13xPXAhHZ3ROW3pgPxTj9fiq7ZMy4Ua 104 gMpPK81v3pHX1uokC2KcGXbgbAq2Q8ClxSXgEJllRwDENufjEdV10gArt8NlIP0N 105 lota1kQUuI1DMsqc5DTIa35Nq4j1GW+KmLtP0kCrGq9fMGwjDbPEpSp9DTquEMHJ 106 o7kyJIjB+93ikLvBUTgbxr+jcnTLXuhA8rC8r+KXre4NPPNPRyefRcALLt/URvfA 107 rTvFOQfi3vIjNhBZL5FdC+FVAr5QnF3r2+cuDPbnczr4/rr81kzFGWrwyAgF5FWu 108 pFtB5IYDAgMBAAECggEAHZ88vGNsNdmRkfhWupGW4cKCuo+Y7re8Q/H2Jd/4Nin2 109 FKvUPuloaztiSGDbVm+vejama/Nu5FEIumNJRYMeoVJcx2DDuUxO1ZB1aIEwfMct 110 /DWd0/JDzuCXB0Cu5GTWLhlz0zMGHXihIdQ0DtGKt++3Ncg5gy1D+cIqqJB515/z 111 jYdZmb0Wqmz7H3DisuxvnhiCAOuNrjcDau80hpMA9TQlb+XKNGHIBgKpJe6lnB0P 112 MsS/AjDiDoEpP9GG9mv9+96rAga4Nos6avYlwWwbC6d+hHIWvWEWsmrDfcJlm2gN 113 tjvG8omj00t5dAt7qGhfOoNDGr5tvJVo/g96O/0I8QKBgQDdzytVRulo9aKVdAYW 114 /Nj04thtnRaqsTyFH+7ibEVwNIUuld/Bp6NnuGrY+K1siX8+zA9f8mKxuXXV9KK4 115 O89Ypw9js2BxM7VYO9Gmp6e1RY3Rrd8w7pG7/KqoPWXkuixTay9eybrJMWu3TT36 116 q7NheNmBHqcFmSQQuUwEmvp3MQKBgQDDVaisMJkc/sIyQh3XrlfzmMLK+GlPDucD 117 w5e50fHl8Q5PmTcP20zVLhTevffCqeItSyeAno94Xdzc9vZ/rt69410kJEHyBO9L 118 CmhtYz94wvSdRhbqf4VzAl2WU184sIYiIZDGsnGScgIYvo6v6mITjRhc8AMdYoPR 119 rL6xp6frcwKBgFi1+avCj6mFzD+fxqu89nyCmXLFiAI+nmjTy7PM/7yPlNB76qDG 120 Dil2bW1Xj+y/1R9ld6S1CVnxRbqLe+TZLuVS82m5nRHJT3b5fbD8jquGJOE+e+xT 121 DgA0XoCpBa6D8yRt0uVDIyxCUsVd5DL0JusN7VehzcUEaZMyuL+CyDeRAoGBAImB 122 qH6mq3Kc6Komnwlw4ttJ436sxr1vuTKOIyYdZBNB0Zg5PGi+MWU0zl5LDroLi3vl 123 FwbVGBxcvxkSBU63FHhKMQw7Ne0gii+iQQcYQdtKKpb4ezNS1+exd55WTIcExTgL 124 tvYZMhgsh8tRgfLWpXor7kWmdBrgeflFiOxZIL1/AoGAeBP7sdE+gzsh8jqFnVRj 125 7nOg+YllJAlWsf7cTH4pLIy2Eo9D+cNjhL9LK6RaAd7PSZ1adm8HfaROA2cfCm84 126 RI4c7Ue0G+N6LZiFvC0Bfi5SaPVAExXOty8UqjOCoZavSaXBPuNcTXZuzswcgbxI 127 G5/kaJNHoEcdlVsPsYWKRNKgPzA9BgorBgEEAZIIEggBMS8wLQYJYIZIAWUDBAIC 128 BCCK9DKMh7687DHjA7j1U37/y2qR2UcITZmjaYI7NvAUYg== 129 -----END PRIVATE KEY----- 131 5. Compatibility notes 133 For compatibility it is RECOMMENDED that implementations following 134 this document, support generation and validation using the SHA2-384 135 hash algorithm. 137 The extension defined in this document is applicable both to the 138 Private-Key Information Syntax Specification defined in [RFC5958] and 139 PKCS#8 [RFC5208]. 141 6. Security Considerations 143 All the considerations in [RFC5208] and [RFC5958] apply. 145 7. IANA Considerations 147 None. 149 8. References 151 8.1. Normative References 153 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 154 Requirement Levels", BCP 14, RFC 2119, 155 DOI 10.17487/RFC2119, March 1997, . 158 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 159 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 160 May 2017, . 162 [RFC5208] Kaliski, B., "Public-Key Cryptography Standards (PKCS) #8: 163 Private-Key Information Syntax Specification Version 1.2", 164 RFC 5208, DOI 10.17487/RFC5208, May 2008, 165 . 167 [CCITT.X680.2002] 168 International International Telephone and Telegraph 169 Consultative Committee, "Abstract Syntax Notation One 170 (ASN.1): Specification of basic notation", 171 CCITT Recommendation X.680, July 2002. 173 [CCITT.X690.2002] 174 International International Telephone and Telegraph 175 Consultative Committee, "ASN.1 encoding rules: 176 Specification of basic encoding Rules (BER), Canonical 177 encoding rules (CER) and Distinguished encoding rules 178 (DER)", CCITT Recommendation X.690, July 2002. 180 [FIPS186-4] 181 Kerry, C. and P. Gallagher, "FIPS PUB 186-4: Digital 182 Signature Standard (DSS)", FEDERAL INFORMATION PROCESSING 183 STANDARDS PUBLICATION , July 2013. 185 [RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958, 186 DOI 10.17487/RFC5958, August 2010, . 189 8.2. Informative References 191 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 192 "PKCS #1: RSA Cryptography Specifications Version 2.2", 193 RFC 8017, DOI 10.17487/RFC8017, November 2016, 194 . 196 [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the 197 Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, 198 DOI 10.17487/RFC5912, June 2010, . 201 Appendix A. Acknowledgements 203 The author would like to thank Russ Housley for his comments and for 204 the ASN.1 module appendix. 206 Appendix B. ASN.1 module 208 This appendix provides non-normative ASN.1 definitions for the 209 structures described in this specification using ASN.1 as defined in 210 [CCITT.X680.2002] and [RFC5912]. 212 PrivateKeyValidationAttrV1 213 { iso(1) identified-organization(3) dod(6) internet(1) 214 private(4) enterprise(1) 2312 18 1 1 } 216 DEFINITIONS IMPLICIT TAGS ::= 218 BEGIN 220 -- EXPORTS ALL 222 IMPORTS 224 ATTRIBUTE 225 FROM PKIX-CommonTypes-2009 -- [RFC5912] 226 { iso(1) identified-organization(3) dod(6) internet(1) 227 security(5) mechanisms(5) pkix(7) id-mod(0) 228 id-mod-pkixCommon-02(57) } ; 230 -- PrivateKeyInfo is defined in [RFC5208]. 231 -- This definition adds the validation parameters attribute 232 -- to the set of allowed attributes. 234 PrivateKeyInfo ATTRIBUTE ::= { 235 at-validation-parameters, ... } 237 at-validation-parameters ATTRIBUTE ::= { 238 TYPE ValidationParams 239 IDENTIFIED BY id-attr-validation-parameters } 241 id-attr-validation-parameters OBJECT IDENTIFIER ::= 242 { 1 3 6 1 4 1 2312 18 8 1 } 244 ValidationParams ::= SEQUENCE { 245 hashAlg OBJECT IDENTIFIER, 246 seed OCTET STRING } 248 END 250 Author's Address 252 Nikos Mavrogiannopoulos 253 Red Hat, Inc. 254 Brno 255 Czech Republic 257 Email: nmav@redhat.com