idnits 2.17.1
draft-smirnov-xmldsig-00.txt:
Checking boilerplate required by RFC 5378 and the IETF Trust (see
https://trustee.ietf.org/license-info):
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
----------------------------------------------------------------------------
No issues found here.
Checking nits according to https://www.ietf.org/id-info/checklist :
----------------------------------------------------------------------------
** The document seems to lack a Security Considerations section.
** There are 12 instances of too long lines in the document, the longest
one being 30 characters in excess of 72.
Miscellaneous warnings:
----------------------------------------------------------------------------
== The copyright year in the IETF Trust and authors Copyright Line does not
match the current year
== Line 154 has weird spacing: '...ocument elect...'
== Line 159 has weird spacing: '...element part ...'
== Line 162 has weird spacing: '...inition part ...'
== Line 165 has weird spacing: '...mespace names...'
== Line 168 has weird spacing: '... prefix set o...'
== (3 more instances...)
-- The document date (October 31, 2019) is 1639 days in the past. Is this
intentional?
Checking references for intended status: Informational
----------------------------------------------------------------------------
No issues found here.
Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 1 comment (--).
Run idnits with the --verbose option for more detailed information about
the items above.
--------------------------------------------------------------------------------
2 Network Working Group P. Smirnov, Ed.
3 Internet-Draft M. Paramonova
4 Intended status: Informational M. Khomenko
5 Expires: May 3, 2020 A. Makarov
6 CryptoPro
7 October 31, 2019
9 GOST XML digital signature syntax
10 draft-smirnov-xmldsig-00
12 Abstract
14 This document specifies XML digital signature syntax and methods of
15 including hash-based message authentication code (HMAC) within the
16 XML document to support the Russian cryptographic standard
17 algorithms.
19 Status of This Memo
21 This Internet-Draft is submitted in full conformance with the
22 provisions of BCP 78 and BCP 79.
24 Internet-Drafts are working documents of the Internet Engineering
25 Task Force (IETF). Note that other groups may also distribute
26 working documents as Internet-Drafts. The list of current Internet-
27 Drafts is at https://datatracker.ietf.org/drafts/current/.
29 Internet-Drafts are draft documents valid for a maximum of six months
30 and may be updated, replaced, or obsoleted by other documents at any
31 time. It is inappropriate to use Internet-Drafts as reference
32 material or to cite them other than as "work in progress."
34 This Internet-Draft will expire on May 3, 2020.
36 Copyright Notice
38 Copyright (c) 2019 IETF Trust and the persons identified as the
39 document authors. All rights reserved.
41 This document is subject to BCP 78 and the IETF Trust's Legal
42 Provisions Relating to IETF Documents
43 (https://trustee.ietf.org/license-info) in effect on the date of
44 publication of this document. Please review these documents
45 carefully, as they describe your rights and restrictions with respect
46 to this document. Code Components extracted from this document must
47 include Simplified BSD License text as described in Section 4.e of
48 the Trust Legal Provisions and are provided without warranty as
49 described in the Simplified BSD License.
51 Table of Contents
53 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
54 2. Conventions Used in This Document . . . . . . . . . . . . . . 4
55 3. Basic Terms and Definitions . . . . . . . . . . . . . . . . . 4
56 4. Structure of the document . . . . . . . . . . . . . . . . . . 5
57 5. XML namespaces and prefixes . . . . . . . . . . . . . . . . . 6
58 6. The Signature element schema definition . . . . . . . . . . . 7
59 6.1. The SignedInfo element . . . . . . . . . . . . . . . . . 8
60 6.1.1. The SignatureMethod element . . . . . . . . . . . . . 9
61 6.1.2. The Reference element . . . . . . . . . . . . . . . . 10
62 6.1.2.1. The DigestMethod element . . . . . . . . . . . . 10
63 6.1.2.2. DigestValue element . . . . . . . . . . . . . . . 11
64 6.2. The SignatureValue element . . . . . . . . . . . . . . . 11
65 6.3. The KeyInfo element . . . . . . . . . . . . . . . . . . . 12
66 6.3.1. The KeyValue element . . . . . . . . . . . . . . . . 13
67 6.3.1.1. The GOSTR34102012-256-KeyValue,
68 GOSTR34102012-512-KeyValue and
69 GOSTR34102001KeyValue elements . . . . . . . . . 14
70 6.3.2. The RetrievalMethod element . . . . . . . . . . . . . 15
71 6.3.3. The X509Data element . . . . . . . . . . . . . . . . 16
72 6.3.4. The DEREncodedKeyValue element . . . . . . . . . . . 17
73 7. Guidelines on the GOST algorithms . . . . . . . . . . . . . . 18
74 7.1. GOST algorithms to create an XML document signature . . . 18
75 7.1.1. Hash algorithm in DigestMethod element . . . . . . . 18
76 7.1.1.1. GOST R 34.11-2012 algorithm with 256-bit hash
77 code in DigestMethod element . . . . . . . . . . 18
78 7.1.1.2. GOST R 34.11-2012 algorithm with 512-bit hash
79 code in DigestMethod element . . . . . . . . . . 18
80 7.1.1.3. GOST R 34.11-94 algorithm in DigestMethod element 19
81 7.1.2. Signature algorithm in SignatureMethod element . . . 20
82 7.1.2.1. GOST R 34.10-2012 algorithm with 256-bit key in
83 SignatureMethod element . . . . . . . . . . . . . 20
84 7.1.2.2. GOST R 34.10-2012 algorithm with 512-bit key in
85 SignatureMethod element . . . . . . . . . . . . . 20
86 7.1.2.3. GOST R 34.10-2001 algorithm in SignatureMethod
87 element . . . . . . . . . . . . . . . . . . . . . 21
88 7.2. GOST algorithms to calculate HMAC value . . . . . . . . . 21
89 7.2.1. GOST R 34.11-2012 algorithm with 256-bit key in
90 SignatureMethod element . . . . . . . . . . . . . . . 21
91 7.2.2. GOST R 34.11-2012 algorithm with 512-bit key in
92 SignatureMethod element . . . . . . . . . . . . . . . 22
93 7.3. The key material . . . . . . . . . . . . . . . . . . . . 22
94 7.3.1. Verification key in DEREncodedKeyValue element . . . 23
95 7.3.2. GOST R 34.10-2012 256-bit verification key in
96 GOSTR34102012-256-KeyValue element . . . . . . . . . 23
97 7.3.3. GOST R 34.10-2012 512-bit verification key in
98 GOSTR34102012-512-KeyValue element . . . . . . . . . 24
99 7.3.4. GOST R 34.10-2001 verification key in
100 GOSTR34102001KeyValue element . . . . . . . . . . . . 25
101 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
102 8.1. XML sub-namespace registration . . . . . . . . . . . . . 25
103 8.2. XML schema registration . . . . . . . . . . . . . . . . . 26
104 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26
105 9.1. Normative References . . . . . . . . . . . . . . . . . . 26
106 9.2. Informative References . . . . . . . . . . . . . . . . . 27
107 Appendix A. CPXMLSEC XML schema . . . . . . . . . . . . . . . . 28
108 Appendix B. Test Examples . . . . . . . . . . . . . . . . . . . 30
109 B.1. Signed XML document with GOST R 34.10-2012 algorithm and
110 256-bit hash code in DigestMethod element . . . . . . . . 30
111 B.2. Signed XML document with GOST R 34.10-2012 algorithm and
112 512-bit hash code in DigestMethod element . . . . . . . . 32
113 B.3. Signed XML document with GOST R 34.10-2001 algorithm in
114 SignatureMethod element . . . . . . . . . . . . . . . . . 35
115 B.4. Signed XML document with X.509 certificate in KeyInfo
116 element . . . . . . . . . . . . . . . . . . . . . . . . . 38
117 B.5. Signed XML document with GOST R 34.10-2012 algorithm and
118 256-bit verification key in DEREncodedKeyValue . . . . . 41
119 Appendix C. Acknowledgments . . . . . . . . . . . . . . . . . . 44
120 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44
122 1. Introduction
124 This document specifies new identifiers (see Section 7.1) of the
125 following Russian signature and hash algorithms (called GOST
126 algorithms):
128 o the GOST 34.11-2012 [GOST3411-2012] hash algorithm (the English
129 version can be found in [RFC6986]),
131 o the GOST 34.10-2012 [GOST3410-2012] signature algorithm (the
132 English version can be found in [RFC7091]).
134 This document specifies new identifiers (see Section 7.2) of the
135 following Russian HMAC algorithms (called HMAC algorithms):
137 o the R 50.1.113-2016 [R501113-2016] HMAC algorithms (the English
138 version can be found in [RFC7836]).
140 In addition, this document specifies new ways of the key material
141 placement within XML document and namespace identifiers, prefixes and
142 XML schema definitions.
144 2. Conventions Used in This Document
146 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
147 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
148 document are to be interpreted as described in [RFC2119].
150 3. Basic Terms and Definitions
152 This document uses the following terms and definitions:
154 XML document electronic document written in Extensible Markup
155 Language (XML);
157 XML schema XML document structure description;
159 XML element part of an XML document from the element start tag to
160 the element end tag;
162 XML schema definition part of an XML schema describing particular
163 element (element name and type);
165 XML namespace namespace describing XML schema elements and providing
166 their unicity;
168 XML prefix set of letters placed at the beginning of an XML element
169 or his type to exclude the collision of equivalent elements
170 from different namespaces;
172 XML attribute part of an XML element consisting of attribute name
173 and its value;
175 hash-based message authentication code (HMAC) a function for
176 calculating a message authentication code, based on a hash
177 function in accordance with [RFC2104];
179 verification key element of data mathematically linked to the
180 signature key data element that is used by the verifier
181 during the digital signature verification process [RFC7091];
183 signature key element of secret data that is specific to the subject
184 and used only by this subject during the signature generation
185 process [RFC7091].
187 Note: For brevity, the terms "XML element" and "element", "XML
188 attribute" and "attribute", "XML prefix" and "prefix" are synonymous.
190 4. Structure of the document
192 The XML namespaces, prefixes and identifiers are defined in
193 Section 5.
195 The ds:Signature element is described in Section 6. This element
196 includes XML document signature value, used algorithms identifiers
197 and other parameters, which are used to generate the signature value.
198 Also, this element MAY include the HMAC value and algorithms
199 identifiers which are used to support HMAC algorithms. The
200 ds:Signature element is described by the following XML schemas
201 (defined in Table 1 of Section 5): DS schema, DSIG11 schema and
202 CPXMLSEC schema.
204 The CPXMLSEC schema is a new schema defined in this document and
205 extends the DS schema in order to support GOST algorithms. The
206 CPXMLSEC schema elements uses XS schema elements (see [XMLSCHEMA-1]
207 and [XMLSCHEMA-2]). The DS schema and DSIG11 schema definitions are
208 described in accordance with [XMLDSIG].
210 Note: In case of using HMAC the name of the ds:Signature element
211 doesn't represent content type to avoid elements duplication and
212 optimize XML digital signature structure. HMAC algorithm identifier
213 and HMAC value MUST be included in ds:SignatureMethod and
214 ds:SignatureValue respectively.
216 Note: In this document, some elements inside the comments of XML
217 schema definition are avoided since GOST and HMAC algorithms are not
218 used in these elements. The XML schema comments are not semantical,
219 that is why DS schema and DSIG11 schema definitions in this document
220 are equivalent to [XMLDSIG].
222 The requirements for the elements described in Section 6 are listed
223 in Section 7:
225 1. Section 7.1 contains requirements for the elements representation
226 during the signature generation and verification processes.
228 2. Section 7.2 contains requirements for the elements during the
229 HMAC calculation process.
231 3. Section 7.3 contains requirements for the elements during the key
232 material specifying in signed XML document.
234 5. XML namespaces and prefixes
236 This document uses XML elements from four different XML schemas.
237 Every XML schema is assigned to one XML namespace. The following
238 general XML namespace identifier MUST be used as targetNamespace in
239 the XML schema header:
241 urn:ietf:params:xml:ns:cpxmlsec
243 The other XML namespaces are external. Their identifiers MUST be
244 specified in XML schema header.
246 Note: XML schema is explicitly specified by the XML namespace
247 identifier (see Table 1).
249 +---------------------+------------------------------------+----------+------------------------------+
250 | XML schema name | XML namespace identifier | Prefix | Reference |
251 +---------------------+------------------------------------+----------+------------------------------+
252 | DS schema | http://www.w3.org/2000/09/xmldsig# | ds | |
253 +---------------------+------------------------------------+----------+------------------------------+
254 | DSIG11 schema | http://www.w3.org/2009/xmldsig11# | dsig11 | |
255 +---------------------+------------------------------------+----------+------------------------------+
256 | XS schema | http://www.w3.org/2001/XMLSchema | xs | ,|
257 | | | | |
258 +---------------------+------------------------------------+----------+------------------------------+
259 | CPXMLSEC schema | urn:ietf:params:xml:ns:cpxmlsec | cpxmlsec | This document |
260 +---------------------+------------------------------------+----------+------------------------------+
261 Table 1
263 Note: The XS schema definitions are assistive and it is unnecessary
264 for describing it in this document.
266 Any element or attribute whose name starts with the prefix from the
267 Table 1 is considered to be in the corresponding XML schema. The
268 full definition of any XML schema is defined in the document
269 referenced in the "Reference" column of the Table 1. This document
270 uses prefixes to exclude the collision of equivalent elements from
271 different namespaces (see Table 1). The prefixes are no semantical
272 and MAY be replaced by others. Namespaces and prefixes MUST have no
273 line breaks and space characters.
275 The example of CPXMLSEC schema header:
277
285 6. The Signature element schema definition
287 The ds:Signature element is the root element of an XML signature. It
288 contains the following values:
290 o for digital signature: signature value, information about
291 algorithms and other parameters, which are used to generate the
292 signature value.
294 o for HMAC: HMAC value and HMAC algorithm identifier.
296 The ds:Signature element contains the following descendants:
298 o The ds:SignedInfo element (Section 6.1). This element contains
299 information about algorithms and other parameters.
301 o The ds:SignatureValue element (Section 6.2). This element
302 includes the signature value or the HMAC value.
304 o The ds:KeyInfo element (Section 6.3). This element contains
305 information about verification key and its value or information
306 about HMAC symmetric key location.
308 o The ds:Object element. This element MAY contain data to be signed
309 or authenticated.
311 The ds:Signature element is described by the following XML schema
312 definition.
314
316
317
318 xs:element ref="ds:SignedInfo"/>
319
320
321
324
325
326
328 Please refer to [XMLDSIG] for the ds:Signature element full
329 definition.
331 6.1. The SignedInfo element
333 The ds:SignedInfo element is a descendant of ds:Signature element.
334 It contains information about algorithms and other parameters, which
335 are used to generate the signature or the HMAC value. The
336 ds:SignedInfo element contains the following descendants:
338 o The ds:SignatureMethod element (Section 6.1.1). This element
339 specifies the algorithm used for signature or HMAC generation.
341 o The ds:Reference element (Section 6.1.2). This element describes
342 data to be transformed.
344 o The ds:CanonicalizationMethod element. This element specifies the
345 canonicalization algorithm applied to the ds:SignedInfo element.
347 The ds:SignedInfo element is described by the following XML schema
348 definition.
350
352
353
354
355
356
357
358
359
361 Please refer to [XMLDSIG] for the ds:SignedInfo element full
362 definition.
364 6.1.1. The SignatureMethod element
366 The ds:SignatureMethod element is a descendant of ds:SignedInfo
367 element. It specifies the algorithm used for signature generation
368 and verification, or HMAC calculation. The identifier of the
369 algorithm MUST be included in the "Algorithm" attribute.
371 GOST algorithms identifiers are described in Section 7.1.2.
373 HMAC algorithms identifiers are described in Section 7.2.
375 The ds:SignatureMethod element is described by the following XML
376 schema definition.
378
380
381
382
384
385
386
387
388
390 Please refer to [XMLDSIG] for the ds:SignatureMethod element full
391 definition.
393 6.1.2. The Reference element
395 The ds:Reference element is a descendant of ds:SignedInfo element.
396 It MAY contain "Id", "URI" and "Type" attributes to specify the
397 transformed data. The ds:Reference element contains the following
398 descendants:
400 o The ds:Transforms element. This element contains an ordered list
401 of the data transforms specified in ds:Reference element
402 attributes.
404 o The ds:DigestMethod element (Section 6.1.2.1). This element
405 identifies the hash algorithm to be applied to the data specified
406 in ds:Reference element attributes.
408 o The ds:DigestValue element (Section 6.1.2.2). This element
409 includes the hash value of the data specified in ds:Reference
410 element attributes.
412 The ds:Reference element is described by the following XML schema
413 definition.
415
417
418
419
420
421
422
423
424
425
426
428 Please refer to [XMLDSIG] for the ds:Reference element full
429 definition.
431 6.1.2.1. The DigestMethod element
433 The ds:DigestMethod element is a descendant of ds:Reference element.
434 This element identifies the hash algorithm to be applied to the data
435 specified in ds:Reference element attributes. The identifier of the
436 used hash algorithm MUST be included in the "Algorithm" attribute.
438 The DigestMethod element is described by the following XML schema
439 definition.
441
443
444
445
447
448
449
451 Please refer to [XMLDSIG] for the ds:DigestMethod element full
452 definition.
454 6.1.2.2. DigestValue element
456 The ds:DigestValue element is a descendant of ds:Reference element.
457 This element includes the hash value of data specified in
458 ds:Reference element attributes. The hash value MUST be represented
459 in accordance with Section 7.1.1.
461 The ds:DigestValue element is described by the following XML schema
462 definition.
464
466
467
468
470 6.2. The SignatureValue element
472 The ds:SignatureValue element is a descendant of ds:Signature
473 element. This element includes the XML document signature value or
474 the HMAC value.
476 In case of GOST algorithms signature value MUST be represented in
477 accordance with Section 7.1.2.
479 In case of HMAC algorithms the HMAC value MUST be represented in
480 accordance with Section 7.2.
482 The ds:SignatureValue element is described by the following XML
483 schema definition.
485
487
488
489
490
491
492
493
495 Please refer to [XMLDSIG] for the ds:SignatureValue element full
496 definition.
498 6.3. The KeyInfo element
500 The ds:KeyInfo element is a descendant of ds:Signature element. This
501 element contains information about verification key and its value or
502 information about HMAC symmetric key location.
504 In case of verification key is passed in XML document the following
505 descendants MAY be included in the KeyInfo element:
507 o The ds:KeyValue element (Section 6.3.1). This element contains
508 the verification key and its parameters.
510 o The ds:RetrievalMethod element (Section 6.3.2). This element
511 identifies verification key location if the key is stored at
512 external location.
514 o The ds:X509Data element (Section 6.3.3). This element includes
515 X.509 certificate ([RFC5280]) with verification key.
517 o Note: The Russian version of [RFC5280] can be found in
518 [R1323565.1.023-2018]. It MUST be used as guidelines on GOST
519 algorithms.
521 o The dsig11:DEREncodedKeyValue element (Section 6.3.4). This
522 element contains the verification key and its parameters.
524 Note: Both ds:KeyValue and dsig11:DEREncodedKeyValue elements MAY be
525 used for specifying the verification key and its parameters. These
526 elements use different semantic for the verification key specifying:
527 in case of ds:KeyValue element the verification key and its
528 parameters are passed in descendant elements; in case of the
529 dsig11:DEREncodedKeyValue element the verification key and its
530 parameters are passed in the SubjectPublicKeyInfo structure
531 [R1323565.1.023-2018].
533 In the case of HMAC symmetric key the ds:RetrievalMethod element
534 (Section 6.3.2) MUST be used.
536 The ds:KeyInfo element is described by the following XML schema
537 definition.
539
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
558 Please refer to [XMLDSIG] for the ds:KeyInfo element full definition.
560 6.3.1. The KeyValue element
562 The ds:KeyValue element is a descendant of ds:KeyInfo element. This
563 element contains the verification key and its parameters.
565 In case of GOST algorithms the following extra descendants MUST be
566 included in the KeyInfo element:
568 o the cpxmlsec:GOSTR34102012-256-KeyValue element;
570 o the cpxmlsec:GOSTR34102012-256-KeyValue element;
572 o the cpxmlsec:GOSTR34102001KeyValue element.
574 The ds:KeyValue element is described by the following XML schema
575 definition.
577
579
580
581
582
583
586
589
590
591
593 Please refer to [XMLDSIG] for the ds:KeyValue element full
594 definition.
596 6.3.1.1. The GOSTR34102012-256-KeyValue, GOSTR34102012-512-KeyValue and
597 GOSTR34102001KeyValue elements
599 The cpxmlsec:GOSTR34102012-256-KeyValue,
600 cpxmlsec:GOSTR34102012-512-KeyValue and
601 cpxmlsec:GOSTR34102001KeyValue elements are a descendants of
602 ds:KeyValue element. Each of these elements has
603 cpxmlsec:GOSTKeyValueType type and MUST contain the following
604 descendants:
606 o the cpxmlsec:NamedCurve element - contains the elliptic curve
607 identifier;
609 o the cpxmlsec:PublicKey element - contains the verification key.
611 The cpxmlsec:NamedCurve and cpxmlsec:PublicKey elements belong to
612 cpxmlsec namespace. The cpxmlsec namespace identifier is described
613 in Section 5. The cpxmlsec:NamedCurve element has
614 dsig11:NamedCurveType type. The cpxmlsec:PublicKey element has
615 dsig11:ECPointType type. Both types belong to DSIG11 schema
616 [XMLDSIG].
618 The cpxmlsec:GOSTR34102012-256-KeyValue,
619 cpxmlsec:GOSTR34102012-512-KeyValue and
620 cpxmlsec:GOSTR34102001KeyValue elements data MUST be represented in
621 accordance with Section 7.3.2-Section 7.3.4.
623 The cpxmlsec:GOSTR34102012-256-KeyValue,
624 cpxmlsec:GOSTR34102012-512-KeyValue and
625 cpxmlsec:GOSTR34102001KeyValue elements are described by the
626 following XML schema definition.
628
631
634
637
638
639
641
643
644
646 6.3.2. The RetrievalMethod element
648 The ds:RetrievalMethod element is a descendant of ds:KeyInfo element.
649 This element identifies the verification or symmetric key location if
650 the key is stored at external location. The verification or
651 symmetric key MUST be included in "URI" and "Type" attributes.
653 The ds:RetrievalMethod element MUST contain the descendant
654 ds:Transforms element. The ds:Transforms element identifies data
655 transforms specified in ds:RetrievalMethod element attributes.
657 The ds:RetrievalMethod element is described by the following XML
658 schema definition.
660
662
663
664
665
666
667
668
670 Please refer to [XMLDSIG] for the ds:RetrievalMethod and
671 ds:Transforms elements full definition.
673 6.3.3. The X509Data element
675 The ds:X509Data element is a descendant of ds:KeyInfo element. This
676 element includes the X.509 certificate with the verification key
677 [RFC5280], which are used to generate the signature value, or
678 information about it.
680 The ds:X509Data element is described by the following XML schema
681 definition.
683
685
686
687
688
690
691
692
693
694
695
697
698
699
700
702 Please refer to [XMLDSIG] for the ds:X509Data element full
703 definition.
705 6.3.4. The DEREncodedKeyValue element
707 The dsig11:DEREncodedKeyValue element is an extension of ds:KeyInfo
708 element schema. This element contains the verification key and its
709 parameters. Data included in dsig11:DEREncodedKeyValue MUST be
710 represented in accordance with Section 7.3.1.
712 The dsig11:DEREncodedKeyValue element is described by the following
713 XML schema definition.
715
717
720
721
722
723
724
725
726
727 Please refer to [XMLDSIG] for the dsig11:DEREncodedKeyValue element
728 full definition.
730 7. Guidelines on the GOST algorithms
732 This section defines the requirements for the elements (see
733 Section 6) content are intended to use GOST and HMAC algorithms.
735 7.1. GOST algorithms to create an XML document signature
737 7.1.1. Hash algorithm in DigestMethod element
739 7.1.1.1. GOST R 34.11-2012 algorithm with 256-bit hash code in
740 DigestMethod element
742 In case of GOST R 34.11-2012 algorithm with 256-bit hash code the
743 following identifier MUST be used:
745 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-256
747 Test example for GOST R 34.11-2012 algorithm with 256-bit hash code
748 in ds:DigestMethod element:
750
753 The hash code MUST be represented in little-endian byte order and
754 base64-encoded [RFC4648]. This string MUST be included in
755 ds:DigestValue element (see Section 6.1.2.2).
757 7.1.1.2. GOST R 34.11-2012 algorithm with 512-bit hash code in
758 DigestMethod element
760 In case of GOST R 34.11-2012 algorithm with 512-bit hash code the
761 following identifier MUST be used:
763 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34112012-512
765 Test example for GOST R 34.11-2012 algorithm with 512-bit hash code
766 in ds:DigestMethod element:
768
771 The hash code MUST be represented in little-endian byte order and
772 base64-encoded [RFC4648]. This string MUST be included in
773 ds:DigestValue element (see Section 6.1.2.2).
775 7.1.1.3. GOST R 34.11-94 algorithm in DigestMethod element
777 In case of GOST R 34.11-94 algorithm the following identifier MUST be
778 used:
780 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr3411
782 The ds:DigestMethod element MAY include a descendant element named
783 cpxmlsec:NamedParameters to specify hash algorithm parameters.
785 Hash algorithm parameters MUST be included in the "URI" attribute of
786 cpxmlsec:NamedParameters element. In case of OIDs hash algorithm
787 parameters SHOULD be assigned in accordance with [RFC3061]. OID's
788 defined in section 8.2 of [RFC4357] MAY be used.
790 Parameter set id-GostR3411-94-CryptoProParamSet [RFC4357] MUST be
791 used if cpxmlsec:NamedParameters element does not exist.
793 The cpxmlsec:NamedParameters element is described by the following
794 XML schema definition.
796
799 Test example for GOST R 34.11-94 algorithm in ds:DigestMethod
800 element:
802
804
805
806
807 The hash code MUST be represented in little-endian byte order and
808 base64-encoded [RFC4648]. This string MUST be included in
809 ds:DigestValue element (see Section 6.1.2.2).
811 7.1.2. Signature algorithm in SignatureMethod element
813 7.1.2.1. GOST R 34.10-2012 algorithm with 256-bit key in
814 SignatureMethod element
816 In case of GOST R 34.10-2012 algorithm with 256-bit signature key the
817 following identifier MUST be used (without line break in the
818 identifier):
820 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
821 256
823 Test example for GOST R 34.10-2012 algorithm with 256-bit signature
824 key in ds:SignatureMethod element (without line break in the
825 attribute value):
827
831 The signature value MUST be represented in accordance with
832 [R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
833 be included in ds:SignatureValue element (see Section 6.2).
835 7.1.2.2. GOST R 34.10-2012 algorithm with 512-bit key in
836 SignatureMethod element
838 In case of GOST R 34.10-2012 algorithm with 512-bit signature key the
839 following identifier MUST be used (without line break in the
840 identifier):
842 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102012-gostr34112012-
843 512
845 Test example for GOST R 34.10-2012 algorithm with 512-bit signature
846 key in ds:SignatureMethod element (without line break in the
847 attribute value):
849
853 The signature value MUST be represented in accordance with
854 [R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
855 be included in ds:SignatureValue element (see Section 6.2).
857 7.1.2.3. GOST R 34.10-2001 algorithm in SignatureMethod element
859 In case of GOST R 34.10-2001 algorithm the following identifier MUST
860 be used:
862 urn:ietf:params:xml:ns:cpxmlsec:algorithms:gostr34102001-gostr3411
864 Test example for GOST R 34.10-2001 algorithm in ds:SignatureMethod
865 element:
867
871 The signature value MUST be represented in accordance with
872 [R1323565.1.023-2018] and base64-encoded [RFC4648]. This string MUST
873 be included in ds:SignatureValue element (see Section 6.2).
875 7.2. GOST algorithms to calculate HMAC value
877 GOST R 34.11-2012 algorithm MAY be used as HMAC algorithm in
878 accordance with section 6.3.1 [XMLDSIG] and section 4.1.1
879 [R501113-2016].
881 7.2.1. GOST R 34.11-2012 algorithm with 256-bit key in SignatureMethod
882 element
884 In case of GOST R 34.11-2012 algorithm with 256-bit hash code the
885 following identifier MUST be used:
887 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-256
888 Test example for GOST R 34.11-2012 algorithm with 256-bit hash code
889 in ds:SignatureMethod element:
891
895 The HMAC_GOSTR3411_2012_256 algorithm result (section 4.1.1
896 [R501113-2016]) MUST be represented in little-endian byte order and
897 base64-encoded [RFC4648]. This string MUST be included in
898 ds:SignatureValue element (see Section 6.2).
900 7.2.2. GOST R 34.11-2012 algorithm with 512-bit key in SignatureMethod
901 element
903 In case of GOST R 34.11-2012 algorithm with 512-bit hash code the
904 following identifier MUST be used:
906 urn:ietf:params:xml:ns:cpxmlsec:algorithms:hmac-gostr34112012-512
908 Test example for GOST R 34.11-2012 algorithm with 512-bit hash code
909 in ds:SignatureMethod element:
911
915 The HMAC_GOSTR3411_2012_512 algorithm result (section 4.1.2
916 [R501113-2016]) MUST be represented in little-endian byte order and
917 base64-encoded [RFC4648]. This string MUST be included in
918 ds:SignatureValue element (see Section 6.2).
920 7.3. The key material
922 This document defines new ways of the GOST algorithms verification
923 key specifying: in dsig11:DEREncodedKeyValue (Section 6.3.4) element
924 and in ds:KeyValue (Section 6.3.1) descendants. In addition, the
925 information about the key material MAY be specified in any way in
926 accordance with [XMLDSIG].
928 7.3.1. Verification key in DEREncodedKeyValue element
930 This section defines GOST R 34.10-2012 and GOST R 34.10-2001
931 verification key specifying in dsig11:DEREncodedKeyValue
932 (Section 6.3.4) element.
934 The verification key and its parameters MUST be included in
935 SubjectPublicKeyInfo structure and encoded in accordance with
936 [R1323565.1.023-2018].
938 Test example for the dsig11:DEREncodedKeyValue element:
940
941
942
944 7.3.2. GOST R 34.10-2012 256-bit verification key in
945 GOSTR34102012-256-KeyValue element
947 If the key is stored at external location, the following identifier
948 MUST be included in the "Type" attribute of ds:Reference or
949 ds:RetrievalMethod elements:
951 urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-256-keyvalue
953 If the key is included in XML document, it MUST be represented in
954 subjectPublicKey field of SubjectPublicKeyInfo structure
955 [R1323565.1.023-2018] without OCTET STRING and DER encoding. This
956 string MUST be base64-encoded [RFC4648] and included in the
957 cpxmlsec:GOSTR34102012-256-KeyValue element similar to the
958 ds:RSAKeyValue [XMLDSIG]. (The cpxmlsec:GOSTR34102012-256-KeyValue
959 element is an descendant of the cpxmlsec:PublicKey element). The XML
960 schema of the cpxmlsec:GOSTR34102012-256-KeyValue and
961 cpxmlsec:PublicKey elements is defined in Section 6.3.1.1.
963 The elliptic curve identifier (verification key parameters) MUST be
964 included in the "URI" attribute of the cpxmlsec:NamedCurve element
965 (see Section 6.3.1.1). In case of OIDs verification key parameters
966 SHOULD be assigned in accordance with [RFC3061]. OID identifiers for
967 GOST algorithms are defined in [R1323565.1.023-2018].
969 Test example for cpxmlsec:GOSTR34102012-256-KeyValue element:
971
972
973
974
975
976
977
979 7.3.3. GOST R 34.10-2012 512-bit verification key in
980 GOSTR34102012-512-KeyValue element
982 If the key is stored at external location, the following identifier
983 MUST be included in the "Type" attribute of ds:Reference or
984 ds:RetrievalMethod elements:
986 urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102012-512-keyvalue
988 If the key is included in XML document, it MUST be represented in
989 subjectPublicKey field of SubjectPublicKeyInfo structure
990 [R1323565.1.023-2018] without OCTET STRING and DER encoding. This
991 string MUST be base64-encoded [RFC4648] and included in the
992 cpxmlsec:GOSTR34102012-512-KeyValue element similar to the
993 ds:RSAKeyValue [XMLDSIG]. (The cpxmlsec:GOSTR34102012-512-KeyValue
994 element is an descendant of the cpxmlsec:PublicKey element). The XML
995 schema of the cpxmlsec:GOSTR34102012-512-KeyValue and
996 cpxmlsec:PublicKey elements is defined in Section 6.3.1.1.
998 The elliptic curve identifier (verification key parameters) MUST be
999 included in the "URI" attribute of the cpxmlsec:NamedCurve element
1000 (see Section 6.3.1.1). In case of OIDs verification key parameters
1001 SHOULD be assigned in accordance with [RFC3061]. OID identifiers for
1002 GOST algorithms are defined in [R1323565.1.023-2018].
1004 Test example for cpxmlsec:GOSTR34102012-512-KeyValue element:
1006
1007
1008
1009
1010
1011
1012
1014 7.3.4. GOST R 34.10-2001 verification key in GOSTR34102001KeyValue
1015 element
1017 If the key is stored at external location, the following identifier
1018 MUST be included in the "Type" attribute of ds:Reference or
1019 ds:RetrievalMethod elements:
1021 urn:ietf:params:xml:ns:cpxmlsec:types:gostr34102001-keyvalue
1023 If the key is included in XML document, it MUST be represented in
1024 subjectPublicKey field of SubjectPublicKeyInfo structure
1025 [R1323565.1.023-2018] without OCTET STRING and DER encoding. This
1026 string MUST be base64-encoded [RFC4648] and included in the
1027 cpxmlsec:GOSTR34102001KeyValue element similar to the ds:RSAKeyValue
1028 [XMLDSIG]. (The cpxmlsec:GOSTR34102001KeyValue element is an
1029 descendant of the cpxmlsec:PublicKey element). The XML schema of the
1030 cpxmlsec:GOSTR34102001KeyValue and cpxmlsec:PublicKey elements is
1031 defined in Section 6.3.1.1.
1033 The elliptic curve identifier (verification key parameters) MUST be
1034 included in the "URI" attribute of the cpxmlsec:NamedCurve element
1035 (see Section 6.3.1.1). In case of OIDs verification key parameters
1036 SHOULD be assigned in accordance with [RFC3061]. OID identifiers for
1037 GOST algorithms are defined in section 8.4 of [RFC4357].
1039 Test example for cpxmlsec:GOSTR34102001KeyValue element:
1041
1042
1043
1044
1045
1046
1047
1049 8. IANA Considerations
1051 8.1. XML sub-namespace registration
1053 This section registers a new XML sub-namespace,
1054 "urn:ietf:params:xml:ns:cpxmlsec" (see Section 5) per the guidelines
1055 in [RFC3688]:
1057 URI: urn:ietf:params:xml:ns:cpxmlsec
1058 Registrant Contact: See the "Authors' Addresses" section of this
1059 document.
1061 XML: None. Namespace URIs do not represent an XML specification.
1063 8.2. XML schema registration
1065 This section registers an XML schema per the guidelines in [RFC3688]:
1067 URI: urn:ietf:params:xml:schema:cpxmlsec
1069 Registrant Contact: See the "Authors' Addresses" section of this
1070 document.
1072 XML: The XML can be found in Appendix A.
1074 9. References
1076 9.1. Normative References
1078 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
1079 Hashing for Message Authentication", RFC 2104,
1080 DOI 10.17487/RFC2104, February 1997,
1081 .
1083 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
1084 Requirement Levels", BCP 14, RFC 2119,
1085 DOI 10.17487/RFC2119, March 1997,
1086 .
1088 [RFC3061] Mealling, M., "A URN Namespace of Object Identifiers",
1089 RFC 3061, DOI 10.17487/RFC3061, February 2001,
1090 .
1092 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1093 DOI 10.17487/RFC3688, January 2004,
1094 .
1096 [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional
1097 Cryptographic Algorithms for Use with GOST 28147-89, GOST
1098 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
1099 Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006,
1100 .
1102 [RFC4491] Leontiev, S., Ed. and D. Shefanovski, Ed., "Using the GOST
1103 R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
1104 Algorithms with the Internet X.509 Public Key
1105 Infrastructure Certificate and CRL Profile", RFC 4491,
1106 DOI 10.17487/RFC4491, May 2006,
1107 .
1109 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
1110 Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
1111 .
1113 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
1114 Housley, R., and W. Polk, "Internet X.509 Public Key
1115 Infrastructure Certificate and Certificate Revocation List
1116 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
1117 .
1119 [RFC6986] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.11-2012:
1120 Hash Function", RFC 6986, DOI 10.17487/RFC6986, August
1121 2013, .
1123 [RFC7091] Dolmatov, V., Ed. and A. Degtyarev, "GOST R 34.10-2012:
1124 Digital Signature Algorithm", RFC 7091,
1125 DOI 10.17487/RFC7091, December 2013,
1126 .
1128 [RFC7836] Smyshlyaev, S., Ed., Alekseev, E., Oshkin, I., Popov, V.,
1129 Leontiev, S., Podobaev, V., and D. Belyavsky, "Guidelines
1130 on the Cryptographic Algorithms to Accompany the Usage of
1131 Standards GOST R 34.10-2012 and GOST R 34.11-2012",
1132 RFC 7836, DOI 10.17487/RFC7836, March 2016,
1133 .
1135 9.2. Informative References
1137 [GOST3410-2012]
1138 Federal Agency on Technical Regulating and Metrology,
1139 "Information technology. Cryptographic data security.
1140 Signature and verification processes of [electronic]
1141 digital signature", GOST R Version 1.1, 2012.
1143 [GOST3411-2012]
1144 Federal Agency on Technical Regulating and Metrology,
1145 "Information technology. Cryptographic Data Security.
1146 Hashing function", GOST R 34.11-2012, 2012.
1148 [R1323565.1.023-2018]
1149 Federal Agency on Technical Regulating and Metrology,
1150 "Information technology. Cryptographic information
1151 security. Usage of GOST R 34.10-2012 and GOST R 34.11-2012
1152 algorithms in certificate, CRL and PKCS#10 certificate
1153 request in X.509 public key infrastructure",
1154 R 1323565.1.023-2018, 2019.
1156 [R501113-2016]
1157 Federal Agency on Technical Regulating and Metrology,
1158 "Information technology. Cryptographic Data Security.
1159 Guidelines on the Cryptographic Algorithms, Accompanying
1160 the Usage of Standards GOST R 34.10-2012 and GOST R
1161 34.11-2012", R 50.1.113-2016, 2016.
1163 [XMLDSIG] The World Wide Web Consortium (W3C), "XML Signature Syntax
1164 and Processing", W3C Recommendation Version 1.1, 2013,
1165 .
1167 [XMLSCHEMA-1]
1168 The World Wide Web Consortium (W3C), "XML Schema Part 1:
1169 Structures Second Edition", W3C Recommendation , 2004,
1170 .
1172 [XMLSCHEMA-2]
1173 The World Wide Web Consortium (W3C), "XML Schema Part 2:
1174 Datatypes Second Edition", W3C Recommendation , 2004,
1175 .
1177 Appendix A. CPXMLSEC XML schema
1178
1179
1181
1184 ]>
1186
1194
1197
1201
1204
1205
1206
1208
1209
1210
1212
1213
1214
1216
1218
1220
1223
1225 Appendix B. Test Examples
1227 Note: Line breaks in the coordinates, identifiers, XML elements or in
1228 the attribute values MUST be ignored.
1230 B.1. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit
1231 hash code in DigestMethod element
1233 The X.509 certificate from Appendix A of [R1323565.1.023-2018] was
1234 used.
1236 The x-coordinate of verirification key:
1238 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
1240 The y-coordinate of verirification key:
1242 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
1244 Corresponding signature key (d):
1246 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
1248 The k value:
1250 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
1252 The h-bar value:
1254 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
1256 The signed XML document:
1258
1259
1260 Data
1261
1262
1263
1266
1270
1271
1272
1276
1277
1281
1282 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM=
1283
1284
1285
1286
1287 jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//n
1288 zs1Ln/oqwzvu9zpaH3Q0BPaw==
1289
1290
1291
1292
1294
1295
1296 ut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9n525D2s5mFZdD5pwf90/i4v
1297 F0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYrQ==
1298
1299
1300
1301
1302
1303
1304 The base64-encoded signed XML document:
1306 77u/
1307 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
1308 YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
1309 XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
1310 CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
1311 Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
1312 DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
1313 m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
1314 jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
1315 SIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgI
1316 CAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvU
1317 kVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zP
1318 g0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhc
1319 mFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgL
1320 z4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05Eb
1321 WJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZ
1322 mVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1Z
1323 T5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpT
1324 jJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWY
1325 Wx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPEtleVZhbHVlPg0KICAgICAg I
1326 CAgICAgPEdPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYX
1327 Jh bXM6eG1sOm5zOmNweG1sc2VjIj4NCiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIF
1328 VSST0i dXJuOm9pZDoxLjIuNjQzLjIuMi4zNi4wIiAvPg0KICAgICAgICAgICAgICAgPF
1329 B1YmxpY0tl eT51dC9RdzFNVXE5S1Bxa2RIQzJ4QUYzSzdUdWdIZm85bjUyNUQyczVtRl
1330 pkRDVwd2Y5MC9p NHZGMG1GbXI5bmZSd01ZUDRvMFBnMW1PbjVSbGFYTllyUT09PC9QdW
1331 JsaWNLZXk+DQogICAg ICAgICAgICA8L0dPU1RSMzQxMDIwMTItMjU2LUtleVZhbHVlPg
1332 0KICAgICAgICAgPC9LZXlW
1333 YWx1ZT4NCiAgICAgIDwvS2V5SW5mbz4NCiAgIDwvU2lnbmF0dXJlPg0KPC9yb290Pg==
1335 B.2. Signed XML document with GOST R 34.10-2012 algorithm and 512-bit
1336 hash code in DigestMethod element
1338 The X.509 certificate from Appendix A of [R1323565.1.023-2018] was
1339 used.
1341 The x-coordinate of verirification key:
1343 0x07134627CE7FC6770953ABA4714B38AF8DE764B8870A502C2F4CC2D05541459A18DA3B
1344 9D4EBC09BC06CB2EA1856A03747561CF04C34382111539230A550F1913
1346 The y-coordinate of verirification key:
1348 0x7E08A434CB2FA300F8974E3FF69A4BCDF36B6308E1D7A56144693A35E11CBD14D50291
1349 6E680E35FE1E6ABBA85BD4DAE7065308B16B1CCABFE3D91CE0655B0FFD
1351 Corresponding signature key (d):
1353 0x3FC01CDCD4EC5F972EB482774C41E66DB7F380528DFE9E67992BA05AEE462435757530
1354 E641077CE587B976C8EEB48C48FD33FD175F0C7DE6A44E014E6BCB074B
1356 The k value:
1358 0x72ABB44536656BF1618CE10BF7EADD40582304A51EE4E2A25A0A32CB0E773ABB23B7D8
1359 FDD8FA5EEE91B4AE452F2272C86E1E2221215D405F51B5D5015616E1F6
1361 The h-bar value:
1363 0x33DEF8422879AA68482339BC65E5DCA9A5D77E80C5C0371DB13D3B88F4CCA8A89ED3CE
1364 85849231DD61B35E4B47A3722317663859A2BE088C1BB6EEC87410DAF2
1366 The signed XML document:
1368
1369
1370 Data
1371
1372
1373
1376
1380
1381
1382
1386
1387
1391
1392 wiOFD9D7zKHNlo58t/9tUtCJA5ZO9vmDhMlt3HIkyXZvQxIp5PE+txwsI
1393 AVfUIOULvGTFxAZlwuHTB+qD5s54g==
1394
1395
1396
1397
1398 dn+oWg6n3wJ20kBmO1GvURc4SuZ3h3nKXYWy4uHdmeS2nlTlNWFKca4fTBlc+fp
1399 nCS8IEVNFX25Ndh4UXJLLNl2/L0wtancFiA+xRYzFgzUGW+pWIfyfvBdsSspbwe
1400 ZyJUWajqN3lDRZDchycEApNlqDpTtes8BpNrXSh+Cpg+c=
1401
1402
1403
1404
1406
1407
1408 ExkPVQojORURgkPDBM9hdXQDaoWhLssGvAm8Tp072hiaRUFV0MJMLy
1409 xQCoe4ZOeNrzhLcaSrUwl3xn/OJ0YTB/0PW2XgHNnjv8oca7EIUwbn
1410 2tRbqLtqHv41DmhukQLVFL0c4TU6aURhpdfhCGNr881LmvY/Tpf4AK
1411 MvyzSkCH4=
1412
1413
1414
1415
1416
1417
1419 The base64-encoded signed XML document:
1421 77u/
1422 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
1423 YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
1424 XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
1425 CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
1426 Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
1427 DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
1428 m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
1429 jAxMi1nb3N0cjM0MTEyMDEy LTUxMiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
1430 SIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgI
1431 CAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvU
1432 kVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zP
1433 g0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhc
1434 mFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTUxMiIgL
1435 z4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT53aU9GRDlE N3pLSE5sbzU4dC85dFV0Q
1436 0pBNVpPOXZtRGhNbHQzSElreVhadlF4SXA1UEUrdHh3c0lBVmZV SU9VTHZHVEZ4QVpsd
1437 3VIVEIrcUQ1czU0Zz09PC9EaWdlc3RWYWx1ZT4NCiAgICAgICAgIDwv UmVmZXJlbmNlP
1438 g0KICAgICAgPC9TaWduZWRJbmZvPg0KICAgICAgPFNpZ25hdHVyZVZhbHVl PmRuK29XZ
1439 zZuM3dKMjBrQm1PMUd2VVJjNFN1WjNoM25LWFlXeTR1SGRtZVMybmxUbE5XRktj YTRmV
1440 EJsYytmcG5DUzhJRVZORlgyNU5kaDRVWEpMTE5sMi9MMHd0YW5jRmlBK3hSWXpGZ3pV R
1441 1crcFdJZnlmdkJkc1NzcGJ3ZVp5SlVXYWpxTjNsRFJaRGNoeWNFQXBObHFEcFR0ZXM4Qn
1442 BO clhTaCtDcGcrYz08L1NpZ25hdHVyZVZhbHVlPg0KICAgICAgPEtleUluZm8+DQogIC
1443 AgICAg ICA8S2V5VmFsdWU+DQogICAgICAgICAgICA8R09TVFIzNDEwMjAxMi01MTItS2
1444 V5VmFsdWUg eG1sbnM9InVybjppZXRmOnBhcmFtczp4bWw6bnM6Y3B4bWxzZWMiPg0KIC
1445 AgICAgICAgICAg ICAgPE5hbWVkQ3VydmUgVVJJPSJ1cm46b2lkOjEuMi42NDMuNy4xLj
1446 IuMS4yLjIiIC8+DQog ICAgICAgICAgICAgICA8UHVibGljS2V5PkV4a1BWUW9qT1JVUm
1447 drUERCTTloZFhRRGFvV2hM c3NHdkFtOFRwMDcyaGlhUlVGVjBNSk1MeXhRQ29lNFpPZU
1448 5yemhMY2FTclV3bDN4bi9PSjBZ VEIvMFBXMlhnSE5uanY4b2NhN0VJVXdibjJ0UmJxTH
1449 RxSHY0MURtaHVrUUxWRkwwYzRUVTZh VVJocGRmaENHTnI4ODFMbXZZL1RwZjRBS012eX
1450 pTa0NIND08L1B1YmxpY0tleT4NCiAgICAg ICAgICAgIDwvR09TVFIzNDEwMjAxMi01MT
1451 ItS2V5VmFsdWU+DQogICAgICAgICA8L0tleVZh
1452 bHVlPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+
1454 B.3. Signed XML document with GOST R 34.10-2001 algorithm in
1455 SignatureMethod element
1457 The X.509 certificate from section 4.2 of [RFC4491] was used.
1459 The x-coordinate of verirification key:
1461 0x577E324FE70F2B6DF45C437A0305E5FD2C89318C13CD0875401A026075689584
1463 The y-coordinate of verirification key:
1465 0x601AEACABC660FDFB0CBC7567EBBA6EA8DE40FAE857C9AD0038895B916CCEB8F
1467 Corresponding signature key (d):
1469 0x0B293BE050D0082BDAE785631A6BAB68F35B42786D6DDA56AFAF169891040F77
1471 The k value:
1473 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
1474 The h-bar value:
1476 0xEF3E03620C2B0E87E43F503A839AB7868071EA28CA38AABD915D56A5F74400F4
1478 The signed XML document:
1480
1481
1482 Data
1483
1484
1485
1488
1492
1493
1494
1498
1499
1503
1504 FVQbzF2djfNNJO3JG0OLfSODlZkibTcUmF2DS4nnuPY=
1505
1506
1507
1508
1509 n2UHtdu25fPzJNYyojbNTq52V1D3UBVQqI5xNhdYopDpMjpeiN2H+3xyQ4O//nz
1510 s1Ln/oqwzvu9zpaH3Q0BPaw==
1511
1512
1513
1514
1516
1517
1518 hJVodWACGkB1CM0TjDGJLP3lBQN6Q1z0bSsP508yfleP68wWuZWIA9
1519 CafIWuD+SN6qa7flbHy7DfD2a8yuoaYA==
1520
1521
1522
1523
1524
1525
1526 The base64-encoded signed XML document:
1528 77u/
1529 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
1530 YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
1531 XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
1532 CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
1533 Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
1534 DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
1535 m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
1536 jAwMS1nb3N0cjM0MTEiIC8+ DQogICAgICAgICA8UmVmZXJlbmNlIFVSST0iI1RvU2lnb
1537 iI+DQogICAgICAgICAgICA8VHJh bnNmb3Jtcz4NCiAgICAgICAgICAgICAgIDxUcmFuc
1538 2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8v d3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtY
1539 zE0bi0yMDAxMDMxNSIgLz4NCiAgICAgICAg ICAgIDwvVHJhbnNmb3Jtcz4NCiAgICAgI
1540 CAgICAgIDxEaWdlc3RNZXRob2QgQWxnb3JpdGht PSJ1cm46aWV0ZjpwYXJhbXM6eG1sO
1541 m5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEx IiAvPg0KICAgICAgICAgICAgP
1542 ERpZ2VzdFZhbHVlPkZWUWJ6RjJkamZOTkpPM0pHME9MZlNP RGxaa2liVGNVbUYyRFM0b
1543 m51UFk9PC9EaWdlc3RWYWx1ZT4NCiAgICAgICAgIDwvUmVmZXJl bmNlPg0KICAgICAgP
1544 C9TaWduZWRJbmZvPg0KICAgICAgPFNpZ25hdHVyZVZhbHVlPm4yVUh0 ZHUyNWZQekpOW
1545 XlvamJOVHE1MlYxRDNVQlZRcUk1eE5oZFlvcERwTWpwZWlOMkgrM3h5UTRP Ly9uenMxT
1546 G4vb3F3enZ1OXpwYUgzUTBCUGF3PT08L1NpZ25hdHVyZVZhbHVlPg0KICAgICAg PEtle
1547 UluZm8+DQogICAgICAgICA8S2V5VmFsdWU+DQogICAgICAgICAgICA8R09TVFIzNDEw M
1548 jAwMUtleVZhbHVlIHhtbG5zPSJ1cm46aWV0ZjpwYXJhbXM6eG1sOm5zOmNweG1sc2VjIj
1549 4N CiAgICAgICAgICAgICAgIDxOYW1lZEN1cnZlIFVSST0idXJuOm9pZDoxLjIuNjQzLj
1550 IuMi4z Ni4wIiAvPg0KICAgICAgICAgICAgICAgPFB1YmxpY0tleT5oSlZvZFdBQ0drQj
1551 FDTTBUakRH SkxQM2xCUU42UTF6MGJTc1A1MDh5ZmxlUDY4d1d1WldJQTlDYWZJV3VEK1
1552 NONnFhN2ZsYkh5 N0RmRDJhOHl1b2FZQT09PC9QdWJsaWNLZXk+DQogICAgICAgICAgIC
1553 A8L0dPU1RSMzQxMDIw MDFLZXlWYWx1ZT4NCiAgICAgICAgIDwvS2V5VmFsdWU+DQogIC
1554 AgICA8L0tleUluZm8+DQog ICA8L1NpZ25hdHVyZT4NCjwvcm9vdD4=
1556 B.4. Signed XML document with X.509 certificate in KeyInfo element
1558 The X.509 certificate from Appendix A of [R1323565.1.023-2018] was
1559 used.
1561 The x-coordinate of verirification key:
1563 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
1565 The y-coordinate of verirification key:
1567 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
1569 Corresponding signature key (d):
1571 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
1573 The k value:
1575 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
1577 The h-bar value:
1579 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
1581 The signed XML document:
1583
1584
1585 Data
1586
1587
1588
1591
1595
1596
1597
1601
1602
1606
1607 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM=
1608
1609
1610
1611
1612 jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//nz
1613 s1Ln/oqwzvu9zpaH3Q0BPaw==
1614
1615
1616
1617
1618 MIICYjCCAg+gAwIBAgIBATAKBggqhQMHAQEDAjBWMSkwJwYJKoZIhvcNA
1619 QkBFhpHb3N0UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR2
1620 9zdFIzNDEwLTIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwHhcNMTMxMTA1MTQ
1621 wMjM3WhcNMzAxMTAxMTQwMjM3WjBWMSkwJwYJKoZIhvcNAQkBFhpHb3N0
1622 UjM0MTAtMjAxMkBleGFtcGxlLmNvbTEpMCcGA1UEAxMgR29zdFIzNDEwL
1623 TIwMTIgKDI1NiBiaXQpIGV4YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQ
1624 MCAiQABggqhQMHAQECAgNDAARAut/Qw1MUq9KPqkdHC2xAF3K7TugHfo9
1625 n525D2s5mFZdD5pwf90/i4vF0mFmr9nfRwMYP4o0Pg1mOn5RlaXNYraOB
1626 wDCBvTAdBgNVHQ4EFgQU1fIeN1HaPbw+XWUzbkJ+kHJUT0AwCwYDVR0PB
1627 AQDAgHGMA8GA1UdEwQIMAYBAf8CAQEwfgYDVR0BBHcwdYAU1fIeN1HaPb
1628 w+XWUzbkJ+kHJUT0ChWqRYMFYxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQ
1629 xMC0yMDEyQGV4YW1wbGUuY29tMSkwJwYDVQQDEyBHb3N0UjM0MTAtMjAx
1630 MiAoMjU2IGJpdCkgZXhhbXBsZYIBATAKBggqhQMHAQEDAgNBAF5bm4BbA
1631 RR6hJLEoWJkOsYV3Hd7kXQQjz3CdqQfmHrz6TI6Xojdh/t8ckODv/587N
1632 S5/6KsM77vc6Wh90NAT2s=
1633
1634
1635
1636
1637
1639 The base64-encoded signed XML document:
1641 77u/
1642 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
1643 YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
1644 XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
1645 CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
1646 Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
1647 DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
1648 m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
1649 jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
1650 SIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgI
1651 CAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvU
1652 kVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zP
1653 g0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhc
1654 mFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgL
1655 z4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05Eb
1656 WJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZ
1657 mVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1Z
1658 T5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpT
1659 jJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWY
1660 Wx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPFg1MDlEYXRhPg0KICAgICAg I
1661 CAgICAgPFg1MDlDZXJ0aWZpY2F0ZT5NSUlDWWpDQ0FnK2dBd0lCQWdJQkFUQUtCZ2dxaF
1662 FN SEFRRURBakJXTVNrd0p3WUpLb1pJaHZjTkFRa0JGaHBIYjNOMFVqTTBNVEF0TWpBeE
1663 1rQmxl R0Z0Y0d4bExtTnZiVEVwTUNjR0ExVUVBeE1nUjI5emRGSXpOREV3TFRJd01USW
1664 dLREkxTmlC aWFYUXBJR1Y0WVcxd2JHVXdIaGNOTVRNeE1UQTFNVFF3TWpNM1doY05Nek
1665 F4TVRBeE1UUXdN ak0zV2pCV01Ta3dKd1lKS29aSWh2Y05BUWtCRmhwSGIzTjBVak0wTV
1666 RBdE1qQXhNa0JsZUdG dGNHeGxMbU52YlRFcE1DY0dBMVVFQXhNZ1IyOXpkRkl6TkRFd0
1667 xUSXdNVElnS0RJMU5pQmlh WFFwSUdWNFlXMXdiR1V3WmpBZkJnZ3FoUU1IQVFFQkFUQV
1668 RCZ2NxaFFNQ0FpUUFCZ2dxaFFN SEFRRUNBZ05EQUFSQXV0L1F3MU1VcTlLUHFrZEhDMn
1669 hBRjNLN1R1Z0hmbzluNTI1RDJzNW1G WmRENXB3ZjkwL2k0dkYwbUZtcjluZlJ3TVlQNG
1670 8wUGcxbU9uNVJsYVhOWXJhT0J3RENCdlRB ZEJnTlZIUTRFRmdRVTFmSWVOMUhhUGJ3K1
1671 hXVXpia0ora0hKVVQwQXdDd1lEVlIwUEJBUURB Z0hHTUE4R0ExVWRFd1FJTUFZQkFmOE
1672 NBUUV3ZmdZRFZSMEJCSGN3ZFlBVTFmSWVOMUhhUGJ3 K1hXVXpia0ora0hKVVQwQ2hXcV
1673 JZTUZZeEtUQW5CZ2txaGtpRzl3MEJDUUVXR2tkdmMzUlNN elF4TUMweU1ERXlRR1Y0WV
1674 cxd2JHVXVZMjl0TVNrd0p3WURWUVFERXlCSGIzTjBVak0wTVRB dE1qQXhNaUFvTWpVMk
1675 lHSnBkQ2tnWlhoaGJYQnNaWUlCQVRBS0JnZ3FoUU1IQVFFREFnTkJB RjVibTRCYkFSUj
1676 ZoSkxFb1dKa09zWVYzSGQ3a1hRUWp6M0NkcVFmbUhyejZUSTZYb2pkaC90 OGNrT0R2Lz
1677 U4N05TNS82S3NNNzd2YzZXaDkwTkFUMnM9PC9YNTA5Q2VydGlmaWNhdGU+DQog ICAgIC
1678 AgICA8L1g1MDlEYXRhPg0KICAgICAgPC9LZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+
1679 DQo8L3Jvb3Q+
1681 B.5. Signed XML document with GOST R 34.10-2012 algorithm and 256-bit
1682 verification key in DEREncodedKeyValue
1684 The X.509 certificate from Appendix A of [R1323565.1.023-2018] was
1685 used.
1687 The x-coordinate of verirification key:
1689 0x971566CEDA436EE7678F7E07E84EBB7217406C0B4747AA8FD2AB1453C3D0DFBA
1691 The y-coordinate of verirification key:
1693 0xAD58736965949F8E59830F8DE20FC6C0D177F6AB599874F1E2E24FF71F9CE643
1695 Corresponding signature key:
1697 0xBFCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924
1699 The k value:
1701 0x5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C
1703 The h-bar value:
1705 0x054D1DABB161D63424F8DABB2800708B00F78DA7582699E8F2F0A521C7CE8144
1707 The signed XML document:
1709
1710
1711 Data
1712
1713
1714
1718
1722
1723
1724
1728
1729
1733
1734 9QLsxPPo7LlX6IXqwzjcNDmbFuCCGivQ1s61hcPuITM=
1735
1736
1737
1738
1739 jcQJhWtWbTCV7bjFky5vGXXUFigc74FXRi79lZnFHK7pMjpeiN2H+3xyQ4O//nz
1740 s1Ln/oqwzvu9zpaH3Q0BPaw==
1741
1742
1743
1744 MGYwHwYIKoUDBwEBAQEwEwYHKoUDAgIkAAYIKoUDBwEBAgIDQwAEQLrf0MNT
1745 FKvSj6pHRwtsQBdyu07oB36PZ+duQ9rOZhWXQ+acH/dP4uLxdJhZq/Z30cDG
1746 D+KND4NZjp+UZWlzWK0=
1747
1748
1749
1750
1752 The base64-encoded signed XML document:
1754 77u/
1755 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cm9vdD4NCiAgIDxE
1756 YXRhVG9TaWduIElkPSJUb1NpZ24iPkRhdGE8L0RhdGFUb1NpZ24+DQogICA8U2lnbmF0d
1757 XJl IHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCiAgI
1758 CAgIDxT aWduZWRJbmZvPg0KICAgICAgICAgPENhbm9uaWNhbGl6YXRpb25NZXRob2QgQ
1759 Wxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yM
1760 DAxMDMxNSIgLz4N CiAgICAgICAgIDxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJ1c
1761 m46aWV0ZjpwYXJhbXM6 eG1sOm5zOmNweG1sc2VjOmFsZ29yaXRobXM6Z29zdHIzNDEwM
1762 jAxMi1nb3N0cjM0MTEyMDEy LTI1NiIgLz4NCiAgICAgICAgIDxSZWZlcmVuY2UgVVJJP
1763 SIjVG9TaWduIj4NCiAgICAgICAg ICAgIDxUcmFuc2Zvcm1zPg0KICAgICAgICAgICAgI
1764 CAgPFRyYW5zZm9ybSBBbGdvcml0aG09 Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvU
1765 kVDLXhtbC1jMTRuLTIwMDEwMzE1IiAvPg0K ICAgICAgICAgICAgPC9UcmFuc2Zvcm1zP
1766 g0KICAgICAgICAgICAgPERpZ2VzdE1ldGhvZCBB bGdvcml0aG09InVybjppZXRmOnBhc
1767 mFtczp4bWw6bnM6Y3B4bWxzZWM6YWxnb3JpdGhtczpn b3N0cjM0MTEyMDEyLTI1NiIgL
1768 z4NCiAgICAgICAgICAgIDxEaWdlc3RWYWx1ZT45UUxzeFBQ bzdMbFg2SVhxd3pqY05Eb
1769 WJGdUNDR2l2UTFzNjFoY1B1SVRNPTwvRGlnZXN0VmFsdWU+DQog ICAgICAgICA8L1JlZ
1770 mVyZW5jZT4NCiAgICAgIDwvU2lnbmVkSW5mbz4NCiAgICAgIDxTaWdu YXR1cmVWYWx1Z
1771 T5qY1FKaFd0V2JUQ1Y3YmpGa3k1dkdYWFVGaWdjNzRGWFJpNzlsWm5GSEs3 cE1qcGVpT
1772 jJIKzN4eVE0Ty8vbnpzMUxuL29xd3p2dTl6cGFIM1EwQlBhdz09PC9TaWduYXR1 cmVWY
1773 Wx1ZT4NCiAgICAgIDxLZXlJbmZvPg0KICAgICAgICAgPERFUkVuY29kZWRLZXlWYWx1 Z
1774 SB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwOS94bWxkc2lnMTEjIj5NR1l3SHdZSU
1775 tv VURCd0VCQVFFd0V3WUhLb1VEQWdJa0FBWUlLb1VEQndFQkFnSURRd0FFUUxyZjBNTl
1776 RGS3ZT ajZwSFJ3dHNRQmR5dTA3b0IzNlBaK2R1UTlyT1poV1hRK2FjSC9kUDR1THhkSm
1777 hacS9aMzBj REdEK0tORDROWmpwK1VaV2x6V0swPTwvREVSRW5jb2RlZEtleVZhbHVlPg
1778 0KICAgICAgPC9L ZXlJbmZvPg0KICAgPC9TaWduYXR1cmU+DQo8L3Jvb3Q+
1780 Appendix C. Acknowledgments
1782 We thank Ekaterina Smyshlyaeva and Evgeny Alekseev for their useful
1783 comments.
1785 Authors' Addresses
1787 Pavel Smirnov (editor)
1788 CryptoPro
1789 18, Suschevsky val
1790 Moscow 127018
1791 Russian Federation
1793 Phone: +7 (495) 995-48-20
1794 Email: spv@cryptopro.ru
1795 Maria Paramonova
1796 CryptoPro
1797 18, Suschevsky val
1798 Moscow 127018
1799 Russian Federation
1801 Phone: +7 (495) 995-48-20
1802 Email: mparamonova@cryptopro.ru
1804 Mikhail Khomenko
1805 CryptoPro
1806 18, Suschevsky val
1807 Moscow 127018
1808 Russian Federation
1810 Phone: +7 (495) 995-48-20
1811 Email: xmv@cryptopro.ru
1813 Artyom Makarov
1814 CryptoPro
1815 18, Suschevsky val
1816 Moscow 127018
1817 Russian Federation
1819 Phone: +7 (495) 995-48-20
1820 Email: makarov@cryptopro.ru