idnits 2.17.1 

draft-mavrogiannopoulos-pkcs8-validated-parameters-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (August 21, 2018) is 2074 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC 5208 (Obsoleted by RFC 5958)


     Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                               N. Mavrogiannopoulos
3	Internet-Draft                                                   Red Hat
4	Intended status: Informational                           August 21, 2018
5	Expires: February 22, 2019

7	                Storing validation parameters in PKCS#8
8	         draft-mavrogiannopoulos-pkcs8-validated-parameters-04

10	Abstract

12	   This memo describes a method of storing parameters needed for private
13	   key validation in the Private-Key Information Syntax Specification as
14	   defined in RFC5208 (PKCS#8) format.  It is equally applicable to the
15	   alternative implementation of the Private-Key Information Syntax
16	   Specification as defined in RFC 5958.

18	   The approach described in this document encodes the parameters under
19	   a private enterprise extension and does not form part of a formal
20	   standard.

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on February 22, 2019.

39	Copyright Notice

41	   Copyright (c) 2018 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	1.  Introduction

56	   RSA or DSA private keys generated using the Shawe-Taylor prime
57	   generation algorithm describled in [FIPS186-4] allow for parameter
58	   validation, i.e., verify whether the primes are actually prime, and
59	   were correctly generated.  That is done by generating the parameters
60	   from a known seed and a selected hash algorithm.

62	   Storing these parameters in a private key format such as the RSA
63	   Private Key Syntax from PKCS#1 [RFC8017], or common representations
64	   for DSA private keys, does not allow attaching information on the
65	   parameters needed for validation.  The purpose of the document is to
66	   describe such a method using the Private-Key Information Syntax
67	   Specification as defined in [RFC5208], as well as on the alternative
68	   specification on [RFC5958].

70	   The approach described in this document encodes the parameters under
71	   a private enterprise extension and does not form part of a formal
72	   standard.  The encoding can be used as is, or could be used as the
73	   basis for a standard at a later time.

75	2.  ValidationParams attribute

77	   The information related to the validation parameters is stored as an
78	   attribute in the PrivateKeyInfo structure.  The attribute is
79	   identified by the id-attr-validation-parameters object identifier and
80	   contains as AttributeValue a single ValidationParams structure.

82	     id-attr-validation-parameters OBJECT IDENTIFIER ::=
83	                                              {1 3 6 1 4 1 2312 18 8 1}

85	     ValidationParams ::= SEQUENCE {
86	         hashAlgo OBJECT IDENTIFIER,
87	         seed OCTET STRING
88	     }

90	   The algorithm identifier in the ValidationParams should be a hash
91	   algorithm identifier for the [FIPS186-4] methods.  The
92	   ValidationParams sequence must be DER encoded [CCITT.X690.2002].

94	3.  Example Structure

96	   The following structure contains an RSA key generated using the
97	   [FIPS186-4] section B.3.3 algorithm with SHA2-384 hash.  The seed
98	   used is
99	   '8af4328c87bebcec31e303b8f5537effcb6a91d947084d99a369823b36f01462'
100	   (hex encoded).

102	   -----BEGIN PRIVATE KEY-----
103	   MIIE/gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpPwXwfhDsWA3q
104	   jN2BWg1xfDjvZDVNfgTV/b95g304Aty3z13xPXAhHZ3ROW3pgPxTj9fiq7ZMy4Ua
105	   gMpPK81v3pHX1uokC2KcGXbgbAq2Q8ClxSXgEJllRwDENufjEdV10gArt8NlIP0N
106	   lota1kQUuI1DMsqc5DTIa35Nq4j1GW+KmLtP0kCrGq9fMGwjDbPEpSp9DTquEMHJ
107	   o7kyJIjB+93ikLvBUTgbxr+jcnTLXuhA8rC8r+KXre4NPPNPRyefRcALLt/URvfA
108	   rTvFOQfi3vIjNhBZL5FdC+FVAr5QnF3r2+cuDPbnczr4/rr81kzFGWrwyAgF5FWu
109	   pFtB5IYDAgMBAAECggEAHZ88vGNsNdmRkfhWupGW4cKCuo+Y7re8Q/H2Jd/4Nin2
110	   FKvUPuloaztiSGDbVm+vejama/Nu5FEIumNJRYMeoVJcx2DDuUxO1ZB1aIEwfMct
111	   /DWd0/JDzuCXB0Cu5GTWLhlz0zMGHXihIdQ0DtGKt++3Ncg5gy1D+cIqqJB515/z
112	   jYdZmb0Wqmz7H3DisuxvnhiCAOuNrjcDau80hpMA9TQlb+XKNGHIBgKpJe6lnB0P
113	   MsS/AjDiDoEpP9GG9mv9+96rAga4Nos6avYlwWwbC6d+hHIWvWEWsmrDfcJlm2gN
114	   tjvG8omj00t5dAt7qGhfOoNDGr5tvJVo/g96O/0I8QKBgQDdzytVRulo9aKVdAYW
115	   /Nj04thtnRaqsTyFH+7ibEVwNIUuld/Bp6NnuGrY+K1siX8+zA9f8mKxuXXV9KK4
116	   O89Ypw9js2BxM7VYO9Gmp6e1RY3Rrd8w7pG7/KqoPWXkuixTay9eybrJMWu3TT36
117	   q7NheNmBHqcFmSQQuUwEmvp3MQKBgQDDVaisMJkc/sIyQh3XrlfzmMLK+GlPDucD
118	   w5e50fHl8Q5PmTcP20zVLhTevffCqeItSyeAno94Xdzc9vZ/rt69410kJEHyBO9L
119	   CmhtYz94wvSdRhbqf4VzAl2WU184sIYiIZDGsnGScgIYvo6v6mITjRhc8AMdYoPR
120	   rL6xp6frcwKBgFi1+avCj6mFzD+fxqu89nyCmXLFiAI+nmjTy7PM/7yPlNB76qDG
121	   Dil2bW1Xj+y/1R9ld6S1CVnxRbqLe+TZLuVS82m5nRHJT3b5fbD8jquGJOE+e+xT
122	   DgA0XoCpBa6D8yRt0uVDIyxCUsVd5DL0JusN7VehzcUEaZMyuL+CyDeRAoGBAImB
123	   qH6mq3Kc6Komnwlw4ttJ436sxr1vuTKOIyYdZBNB0Zg5PGi+MWU0zl5LDroLi3vl
124	   FwbVGBxcvxkSBU63FHhKMQw7Ne0gii+iQQcYQdtKKpb4ezNS1+exd55WTIcExTgL
125	   tvYZMhgsh8tRgfLWpXor7kWmdBrgeflFiOxZIL1/AoGAeBP7sdE+gzsh8jqFnVRj
126	   7nOg+YllJAlWsf7cTH4pLIy2Eo9D+cNjhL9LK6RaAd7PSZ1adm8HfaROA2cfCm84
127	   RI4c7Ue0G+N6LZiFvC0Bfi5SaPVAExXOty8UqjOCoZavSaXBPuNcTXZuzswcgbxI
128	   G5/kaJNHoEcdlVsPsYWKRNKgPzA9BgorBgEEAZIIEggBMS8wLQYJYIZIAWUDBAIC
129	   BCCK9DKMh7687DHjA7j1U37/y2qR2UcITZmjaYI7NvAUYg==
130	   -----END PRIVATE KEY-----

132	4.  Compatibility notes

134	   For compatibility it is recommended that implementations following
135	   this document, support generation and validation using the SHA2-384
136	   hash algorithm.

138	   The extension defined in this document is applicable both to the
139	   Private-Key Information Syntax Specification defined in [RFC5958] and
140	   PKCS#8 [RFC5208].

142	5.  Security Considerations

144	   All the considerations in [RFC5208] and [RFC5958] apply.

146	6.  IANA Considerations

148	   None.

150	7.  References

152	7.1.  Normative References

154	   [RFC5208]  Kaliski, B., "Public-Key Cryptography Standards (PKCS) #8:
155	              Private-Key Information Syntax Specification Version 1.2",
156	              RFC 5208, DOI 10.17487/RFC5208, May 2008,
157	              <https://www.rfc-editor.org/info/rfc5208>.

159	   [CCITT.X680.2002]
160	              International International Telephone and Telegraph
161	              Consultative Committee, "Abstract Syntax Notation One
162	              (ASN.1): Specification of basic notation",
163	              CCITT Recommendation X.680, July 2002.

165	   [CCITT.X690.2002]
166	              International International Telephone and Telegraph
167	              Consultative Committee, "ASN.1 encoding rules:
168	              Specification of basic encoding Rules (BER), Canonical
169	              encoding rules (CER) and Distinguished encoding rules
170	              (DER)", CCITT Recommendation X.690, July 2002.

172	   [FIPS186-4]
173	              Kerry, C. and P. Gallagher, "FIPS PUB 186-4: Digital
174	              Signature Standard (DSS)", FEDERAL INFORMATION PROCESSING
175	              STANDARDS PUBLICATION , July 2013.

177	   [RFC5958]  Turner, S., "Asymmetric Key Packages", RFC 5958,
178	              DOI 10.17487/RFC5958, August 2010, <https://www.rfc-
179	              editor.org/info/rfc5958>.

181	7.2.  Informative References

183	   [RFC8017]  Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
184	              "PKCS #1: RSA Cryptography Specifications Version 2.2",
185	              RFC 8017, DOI 10.17487/RFC8017, November 2016,
186	              <https://www.rfc-editor.org/info/rfc8017>.

188	   [RFC5912]  Hoffman, P. and J. Schaad, "New ASN.1 Modules for the
189	              Public Key Infrastructure Using X.509 (PKIX)", RFC 5912,
190	              DOI 10.17487/RFC5912, June 2010, <https://www.rfc-
191	              editor.org/info/rfc5912>.

193	Appendix A.  Acknowledgements

195	   The author would like to thank Russ Housley for his comments and for
196	   the ASN.1 module appendix.

198	Appendix B.  ASN.1 module

200	   This appendix provides non-normative ASN.1 definitions for the
201	   structures described in this specification using ASN.1 as defined in
202	   [CCITT.X680.2002] and [RFC5912].

204	      PrivateKeyValidationAttrV1
205	        { iso(1) identified-organization(3) dod(6) internet(1)
206	          private(4) enterprise(1) 2312 18 1 1 }

208	      DEFINITIONS IMPLICIT TAGS ::=

210	      BEGIN

212	      -- EXPORTS ALL

214	      IMPORTS

216	      ATTRIBUTE
217	       FROM PKIX-CommonTypes-2009  --  [RFC5912]
218	         { iso(1) identified-organization(3) dod(6) internet(1)
219	           security(5) mechanisms(5) pkix(7) id-mod(0)
220	           id-mod-pkixCommon-02(57) } ;

222	      -- PrivateKeyInfo is defined in [RFC5208].
223	      -- This definition adds the validation parameters attribute
224	      -- to the set of allowed attributes.

226	      PrivateKeyInfo ATTRIBUTE ::= {
227	        at-validation-parameters, ... }

229	      at-validation-parameters ATTRIBUTE ::= {
230	        TYPE ValidationParams
231	        IDENTIFIED BY id-attr-validation-parameters }

233	      id-attr-validation-parameters OBJECT IDENTIFIER ::=
234	        { 1 3 6 1 4 1 2312 18 8 1 }

236	      ValidationParams ::= SEQUENCE {
237	        hashAlg OBJECT IDENTIFIER,
238	        seed OCTET STRING }

240	      END

242	Author's Address

244	   Nikos Mavrogiannopoulos
245	   Red Hat, Inc.
246	   Brno
247	   Czech Republic

249	   Email: nmav@redhat.com