| rfc9215.original | rfc9215.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force D. Baryshkov, Ed. | Independent Submission D. Baryshkov, Ed. | |||
| Internet-Draft Linaro Ltd. | Request for Comments: 9215 Linaro Ltd. | |||
| Intended status: Informational V. Nikolaev | Category: Informational V. Nikolaev | |||
| Expires: 21 July 2022 CryptoPro | ISSN: 2070-1721 CryptoPro | |||
| A. Chelpanov | A. Chelpanov | |||
| InfoTeCS JSC | InfoTeCS JSC | |||
| 17 January 2022 | March 2022 | |||
| Using GOST R 34.10-2012 and GOST R 34.11-2012 algorithms with the | Using GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with the | |||
| Internet X.509 Public Key Infrastructure | Internet X.509 Public Key Infrastructure | |||
| draft-deremin-rfc4491-bis-11 | ||||
| Abstract | Abstract | |||
| This document describes encoding formats, identifiers, and parameter | This document describes encoding formats, identifiers, and parameter | |||
| formats for the algorithms GOST R 34.10-2012 and GOST R 34.11-2012 | formats for the GOST R 34.10-2012 and GOST R 34.11-2012 algorithms | |||
| for use in Internet X.509 Public Key Infrastructure (PKI). | for use in the Internet X.509 Public Key Infrastructure (PKI). | |||
| This specification is developed to facilitate implementations that | This specification is developed to facilitate implementations that | |||
| wish to support the GOST algorithms. This document does not imply | wish to support the GOST algorithms. This document does not imply | |||
| IETF endorsement of the cryptographic algorithms used in this | IETF endorsement of the cryptographic algorithms used in this | |||
| document. | document. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This document is not an Internet Standards Track specification; it is | |||
| provisions of BCP 78 and BCP 79. | published for informational purposes. | |||
| Internet-Drafts are working documents of the Internet Engineering | ||||
| Task Force (IETF). Note that other groups may also distribute | ||||
| working documents as Internet-Drafts. The list of current Internet- | ||||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | ||||
| Internet-Drafts are draft documents valid for a maximum of six months | This is a contribution to the RFC Series, independently of any other | |||
| and may be updated, replaced, or obsoleted by other documents at any | RFC stream. The RFC Editor has chosen to publish this document at | |||
| time. It is inappropriate to use Internet-Drafts as reference | its discretion and makes no statement about its value for | |||
| material or to cite them other than as "work in progress." | implementation or deployment. Documents approved for publication by | |||
| the RFC Editor are not candidates for any level of Internet Standard; | ||||
| see Section 2 of RFC 7841. | ||||
| This Internet-Draft will expire on 21 July 2022. | Information about the current status of this document, any errata, | |||
| and how to provide feedback on it may be obtained at | ||||
| https://www.rfc-editor.org/info/rfc9215. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents | |||
| license-info) in effect on the date of publication of this document. | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| Please review these documents carefully, as they describe your rights | publication of this document. Please review these documents | |||
| and restrictions with respect to this document. Code Components | carefully, as they describe your rights and restrictions with respect | |||
| extracted from this document must include Revised BSD License text as | to this document. | |||
| described in Section 4.e of the Trust Legal Provisions and are | ||||
| provided without warranty as described in the Revised BSD License. | ||||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction | |||
| 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 | 1.1. Requirements Language | |||
| 2. Signature Algorithm Support . . . . . . . . . . . . . . . . . 3 | 2. Signature Algorithm Support | |||
| 3. Hash Functions Support . . . . . . . . . . . . . . . . . . . 4 | 3. Hash Function Support | |||
| 4. Subject Public Keys Information Fields . . . . . . . . . . . 5 | 4. Subject Public Keys Information Fields | |||
| 4.1. Public Key Identifiers . . . . . . . . . . . . . . . . . 5 | 4.1. Public Key Identifiers | |||
| 4.2. Public Key Parameters . . . . . . . . . . . . . . . . . . 5 | 4.2. Public Key Parameters | |||
| 4.3. Public Key Encoding . . . . . . . . . . . . . . . . . . . 7 | 4.3. Public Key Encoding | |||
| 4.4. Key Usage Extension . . . . . . . . . . . . . . . . . . . 7 | 4.4. Key Usage Extension | |||
| 5. Qualified Certificates Extensions . . . . . . . . . . . . . . 8 | 5. Qualified Certificate Extensions | |||
| 5.1. Distinguished Name Additions . . . . . . . . . . . . . . 8 | 5.1. Distinguished Name Additions | |||
| 5.2. Certificate Policies . . . . . . . . . . . . . . . . . . 9 | 5.2. Certificate Policies | |||
| 5.3. Subject Sign Tool . . . . . . . . . . . . . . . . . . . . 9 | 5.3. Subject Sign Tool | |||
| 5.4. Issuer Sign Tool . . . . . . . . . . . . . . . . . . . . 9 | 5.4. Issuer Sign Tool | |||
| 6. Historical Considerations . . . . . . . . . . . . . . . . . . 10 | 6. Historical Considerations | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 | 7. IANA Considerations | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 8. Security Considerations | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9. References | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 9.1. Normative References | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 11 | 9.2. Informative References | |||
| Appendix A. GostR3410-2012-PKISyntax . . . . . . . . . . . . . . 12 | Appendix A. GostR3410-2012-PKISyntax | |||
| Appendix B. GostR3410-2012-RuCertsSyntax . . . . . . . . . . . . 14 | Appendix B. GostR3410-2012-RuStrongCertsSyntax | |||
| Appendix C. Public key Parameters . . . . . . . . . . . . . . . 17 | Appendix C. Public Key Parameters | |||
| Appendix D. Test Examples . . . . . . . . . . . . . . . . . . . 17 | Appendix D. Test Examples | |||
| D.1. GOST R 34.10-2001 Test Parameters (256 Bit Private Key | D.1. GOST R 34.10-2001 Test Parameters (256-Bit Private Key | |||
| Length) . . . . . . . . . . . . . . . . . . . . . . . . . 17 | Length) | |||
| D.1.1. Certificate Request . . . . . . . . . . . . . . . . . 17 | D.1.1. Certificate Request | |||
| D.1.2. Certificate . . . . . . . . . . . . . . . . . . . . . 19 | D.1.2. Certificate | |||
| D.1.3. Certificate Revocation List . . . . . . . . . . . . . 20 | D.1.3. Certificate Revocation List | |||
| D.2. GOST R 34.10-2012 TC26-256-A Parameters (256 Bit Private | D.2. GOST R 34.10-2012 TC26-256-A Parameters (256-Bit Private | |||
| Key Length) . . . . . . . . . . . . . . . . . . . . . . . 21 | Key Length) | |||
| D.2.1. Certificate Request . . . . . . . . . . . . . . . . . 22 | D.2.1. Certificate Request | |||
| D.2.2. Certificate . . . . . . . . . . . . . . . . . . . . . 23 | D.2.2. Certificate | |||
| D.2.3. Certificate Revocation List . . . . . . . . . . . . . 24 | D.2.3. Certificate Revocation List | |||
| D.3. GOST R 34.10-2012 Test Parameters (512 Bit Private Key | D.3. GOST R 34.10-2012 Test Parameters (512-Bit Private Key | |||
| Length) . . . . . . . . . . . . . . . . . . . . . . . . . 25 | Length) | |||
| D.3.1. Certificate Request . . . . . . . . . . . . . . . . . 26 | D.3.1. Certificate Request | |||
| D.3.2. Certificate . . . . . . . . . . . . . . . . . . . . . 27 | D.3.2. Certificate | |||
| D.3.3. Certificate Revocation List . . . . . . . . . . . . . 29 | D.3.3. Certificate Revocation List | |||
| Appendix E. GOST R 34.10-2012 Test Parameters (Curve | Appendix E. GOST R 34.10-2012 Test Parameters (Curve Definition) | |||
| Definition) . . . . . . . . . . . . . . . . . . . . . . . 30 | E.1. Elliptic Curve Modulus | |||
| E.1. Elliptic Curve Modulus . . . . . . . . . . . . . . . . . 30 | E.2. Elliptic Curve Coefficients | |||
| E.2. Elliptic Curve Coefficients . . . . . . . . . . . . . . . 31 | E.3. Elliptic Curve Points Group Order | |||
| E.3. Elliptic Curve Points Group Order . . . . . . . . . . . . 31 | E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group | |||
| E.4. Order of Cyclic Subgroup of Elliptic Curve Points | E.5. Elliptic Curve Point Coordinates | |||
| Group . . . . . . . . . . . . . . . . . . . . . . . . . . 31 | Contributors | |||
| E.5. Elliptic Curve Point Coordinates . . . . . . . . . . . . 31 | Authors' Addresses | |||
| Appendix F. Contributors . . . . . . . . . . . . . . . . . . . . 32 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 | ||||
| 1. Introduction | 1. Introduction | |||
| This document describes the conventions for using the GOST R | This document describes the conventions for using the GOST R | |||
| 34.10-2012 [GOSTR3410-2012] (see [RFC7091]) signature algorithm and | 34.10-2012 signature algorithm [GOSTR3410-2012] [RFC7091] and the | |||
| GOST R 34.11-2012 [GOSTR3411-2012] (see [RFC6986]) hash function in | GOST R 34.11-2012 hash function [GOSTR3411-2012] [RFC6986] in the | |||
| the Internet X.509 Public Key Infrastructure (PKI) [RFC5280]. | Internet X.509 Public Key Infrastructure (PKI) [RFC5280]. | |||
| This specification defines the contents of the signatureAlgorithm, | This specification defines the contents of the signatureAlgorithm, | |||
| signatureValue, signature, and subjectPublicKeyInfo fields within | signatureValue, signature, and subjectPublicKeyInfo fields within | |||
| X.509 Certificates and Certificate Revocation Lists (CRLs). For each | X.509 Certificates and Certificate Revocation Lists (CRLs). For each | |||
| algorithm, the appropriate alternatives for the keyUsage certificate | algorithm, the appropriate alternatives for the keyUsage certificate | |||
| extension are provided. | extension are provided. | |||
| This specification is developed to facilitate implementations that | This specification is developed to facilitate implementations that | |||
| wish to support the GOST algorithms. This document does not imply | wish to support the GOST algorithms. This document does not imply | |||
| IETF endorsement of the cryptographic algorithms used in this | IETF endorsement of the cryptographic algorithms used in this | |||
| document. | document. | |||
| 1.1. Requirements Language | 1.1. Requirements Language | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in BCP | "OPTIONAL" in this document are to be interpreted as described in | |||
| 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| 2. Signature Algorithm Support | 2. Signature Algorithm Support | |||
| Conforming Certificate Authorities (CAs) MAY use GOST R 34.10-2012 | Conforming Certificate Authorities (CAs) MAY use the GOST R | |||
| signature algorithm to sign certificates and CRLs. This signature | 34.10-2012 signature algorithm to sign certificates and CRLs. This | |||
| algorithm MUST always be used with GOST R 34.11-2012 hash function. | signature algorithm MUST always be used with the GOST R 34.11-2012 | |||
| It may use keys length of either 256 bits or 512 bits. | hash function. It may use a key length of either 256 bits or 512 | |||
| bits. | ||||
| The ASN.1 object identifier used to identify GOST R 34.10-2012 | The ASN.1 object identifier (OID) used to identify the GOST R | |||
| signature algorithm with 256-bit key length and GOST R 34.11-2012 | 34.10-2012 signature algorithm with a 256-bit key length and the GOST | |||
| hash function with 256-bit hash code is: | R 34.11-2012 hash function with a 256-bit hash code is: | |||
| id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= | id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) signwithdigest(3) gost3410-12-256(2)} | algorithms(1) signwithdigest(3) gost3410-12-256(2)} | |||
| GOST R 34.10-2012 signature algorithm with 256-bit key length | The GOST R 34.10-2012 signature algorithm with a 256-bit key length | |||
| generates a digital signature in the form of two 256-bit integers, r | generates a digital signature in the form of two 256-bit integers: r | |||
| and s. Its octet string representation consists of 64 octets, where | and s. Its octet string representation consists of 64 octets, where | |||
| the first 32 octets contain the big-endian representation of s and | the first 32 octets contain the big-endian representation of s and | |||
| the second 32 octets contain the big-endian representation of r. | the second 32 octets contain the big-endian representation of r. | |||
| The ASN.1 object identifier used to identify GOST R 34.10-2012 | The ASN.1 OID used to identify the GOST R 34.10-2012 signature | |||
| signature algorithm with 512-bit key length and GOST R 34.11-2012 | algorithm with a 512-bit key length and the GOST R 34.11-2012 hash | |||
| hash function with 512-bit hash code is: | function with a 512-bit hash code is: | |||
| id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= | id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) signwithdigest(3) gost3410-12-512(3)} | algorithms(1) signwithdigest(3) gost3410-12-512(3)} | |||
| GOST R 34.10-2012 signature algorithm with 512-bit key length | The GOST R 34.10-2012 signature algorithm with a 512-bit key length | |||
| generates a digital signature in the form of two 512-bit integers, r | generates a digital signature in the form of two 512-bit integers: r | |||
| and s. Its octet string representation consists of 128 octets, where | and s. Its octet string representation consists of 128 octets, where | |||
| the first 64 octets contain the big-endian representation of s and | the first 64 octets contain the big-endian representation of s and | |||
| the second 64 octets contain the big-endian representation of r. | the second 64 octets contain the big-endian representation of r. | |||
| When either of these OID is used as the algorithm field in an | When either of these OIDs is used as the algorithm field in an | |||
| AlgorithmIdentifier structure, the encoding MUST omit the parameters | AlgorithmIdentifier structure, the encoding MUST omit the parameters | |||
| field. | field. | |||
| The described definition of a signature value is directly usable in | The described definition of a signature value is directly usable in | |||
| CMS [RFC5652], where such values are represented as octet strings. | the Cryptographic Message Syntax (CMS) [RFC5652], where such values | |||
| However, signature values in certificates and CRLs [RFC5280] are | are represented as octet strings. However, signature values in | |||
| represented as bit strings, and thus the octet string representation | certificates and CRLs [RFC5280] are represented as bit strings, and | |||
| must be converted. | thus the octet string representation must be converted. | |||
| To convert an octet string signature value to a bit string, the most | To convert an octet string signature value to a bit string, the most | |||
| significant bit of the first octet of the signature value SHALL | significant bit of the first octet of the signature value SHALL | |||
| become the first bit of the bit string, and so on through the least | become the first bit of the bit string, and so on through the least | |||
| significant bit of the last octet of the signature value, which SHALL | significant bit of the last octet of the signature value, which SHALL | |||
| become the last bit of the bit string. | become the last bit of the bit string. | |||
| 3. Hash Functions Support | 3. Hash Function Support | |||
| The ASN.1 object identifier used to identify GOST R 34.11-2012 hash | The ASN.1 OID used to identify the GOST R 34.11-2012 hash function | |||
| function with 256-bit hash code is: | with a 256-bit hash code is: | |||
| id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= | id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) digest(2) gost3411-12-256(2)} | algorithms(1) digest(2) gost3411-12-256(2)} | |||
| The ASN.1 object identifier used to identify GOST R 34.11-2012 hash | The ASN.1 OID used to identify the GOST R 34.11-2012 hash function | |||
| function with 512-bit hash code is: | with a 512-bit hash code is: | |||
| id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= | id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) digest(2) gost3411-12-512(3)} | algorithms(1) digest(2) gost3411-12-512(3)} | |||
| When either of these OID is used as the algorithm field in an | When either of these OIDs is used as the algorithm field in an | |||
| AlgorithmIdentifier structure, the encoding MUST omit the parameters | AlgorithmIdentifier structure, the encoding MUST omit the parameters | |||
| field. | field. | |||
| 4. Subject Public Keys Information Fields | 4. Subject Public Keys Information Fields | |||
| 4.1. Public Key Identifiers | 4.1. Public Key Identifiers | |||
| GOST R 34.10-2012 public keys with 256 bits private key length are | GOST R 34.10-2012 public keys with a 256-bit private key length are | |||
| identified by the following OID: | identified by the following OID: | |||
| id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= | id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) sign(1) gost3410-12-256(1)} | algorithms(1) sign(1) gost3410-12-256(1)} | |||
| GOST R 34.10-2012 public keys with 512 bits private key length are | GOST R 34.10-2012 public keys with a 512-bit private key length are | |||
| identified by the following OID: | identified by the following OID: | |||
| id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= | id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| algorithms(1) sign(1) gost3410-12-512(2)} | algorithms(1) sign(1) gost3410-12-512(2)} | |||
| 4.2. Public Key Parameters | 4.2. Public Key Parameters | |||
| When either of these identifiers appears as algorithm field in | When either of these identifiers appears as the algorithm field in | |||
| SubjectPublicKeyInfo.algorithm.algorithm field, the parameters field | the SubjectPublicKeyInfo.algorithm.algorithm field, the parameters | |||
| MUST have the following structure: | field MUST have the following structure: | |||
| GostR3410-2012-PublicKeyParameters ::= SEQUENCE | GostR3410-2012-PublicKeyParameters ::= SEQUENCE | |||
| { | { | |||
| publicKeyParamSet OBJECT IDENTIFIER, | publicKeyParamSet OBJECT IDENTIFIER, | |||
| digestParamSet OBJECT IDENTIFIER OPTIONAL | digestParamSet OBJECT IDENTIFIER OPTIONAL | |||
| } | } | |||
| where: | where: | |||
| * publicKeyParamSet - public key parameters identifier for GOST R | * publicKeyParamSet is the public key parameters identifier for GOST | |||
| 34.10-2012 (see Sections 5.1.1 and 5.2.1 of [RFC7836] or | R 34.10-2012 parameters (see Sections 5.1.1 and 5.2.1 of [RFC7836] | |||
| Appendix C) or GOST R 34.10-2001 (see Section 8.4 of [RFC4357]) | or Appendix C) or GOST R 34.10-2001 parameters (see Section 8.4 of | |||
| parameters. | [RFC4357]). | |||
| * digestParamSet - parameter identifier for corresponding GOST R | * digestParamSet is the parameters identifier for the corresponding | |||
| 34.11-2012 (See Section 3). | GOST R 34.11-2012 parameters (see Section 3). | |||
| The following values when used as publicKeyParamSet define test | The following values, when used as publicKeyParamSet, define test | |||
| public key parameter sets and MUST NOT be used outside of testing | public key parameter sets and MUST NOT be used outside of testing | |||
| scenarios: | scenarios: | |||
| * id-GostR3410-2001-TestParamSet, | * id-GostR3410-2001-TestParamSet | |||
| * id-tc26-gost-3410-2012-512-paramSetTest | * id-tc26-gost-3410-2012-512-paramSetTest | |||
| The field digestParamSet: | The digestParamSet field: | |||
| * SHOULD be omitted if GOST R 34.10-2012 signature algorithm is used | * SHOULD be omitted if the GOST R 34.10-2012 signature algorithm is | |||
| with 512-bit key length; | used with a 512-bit key length | |||
| * MUST be present and must be equal to id-tc26-digest- | * MUST be present and must be equal to id-tc26-digest- | |||
| gost3411-12-256 if one of the following values is used as | gost3411-12-256 if one of the following values is used as | |||
| publicKeyParamSet: | publicKeyParamSet: | |||
| - id-GostR3410-2001-TestParamSet, | - id-GostR3410-2001-TestParamSet | |||
| - id-GostR3410-2001-CryptoPro-A-ParamSet, | - id-GostR3410-2001-CryptoPro-A-ParamSet | |||
| - id-GostR3410-2001-CryptoPro-B-ParamSet, | - id-GostR3410-2001-CryptoPro-B-ParamSet | |||
| - id-GostR3410-2001-CryptoPro-C-ParamSet, | - id-GostR3410-2001-CryptoPro-C-ParamSet | |||
| - id-GostR3410-2001-CryptoPro-XchA-ParamSet, | - id-GostR3410-2001-CryptoPro-XchA-ParamSet | |||
| - id-GostR3410-2001-CryptoPro-XchB-ParamSet; | - id-GostR3410-2001-CryptoPro-XchB-ParamSet | |||
| * SHOULD be omitted if publicKeyParamSet is equal to: | * SHOULD be omitted if publicKeyParamSet is equal to: | |||
| - id-tc26-gost-3410-2012-256-paramSetA; | - id-tc26-gost-3410-2012-256-paramSetA | |||
| * MUST be omitted if one of the following values is used as | * MUST be omitted if one of the following values is used as | |||
| publicKeyParamSet: | publicKeyParamSet: | |||
| - id-tc26-gost-3410-2012-256-paramSetB, | - id-tc26-gost-3410-2012-256-paramSetB | |||
| - id-tc26-gost-3410-2012-256-paramSetC, | - id-tc26-gost-3410-2012-256-paramSetC | |||
| - id-tc26-gost-3410-2012-256-paramSetD. | ||||
| - id-tc26-gost-3410-2012-256-paramSetD | ||||
| 4.3. Public Key Encoding | 4.3. Public Key Encoding | |||
| The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an | The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an | |||
| OCTET STRING. This encoding SHALL be used as the content (i.e., the | OCTET STRING. This encoding SHALL be used as the content (i.e., the | |||
| value) of the subjectPublicKey field (a BIT STRING) of | value) of the subjectPublicKey field (a BIT STRING) of the | |||
| SubjectPublicKeyInfo structure. | SubjectPublicKeyInfo structure. | |||
| GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE(64)) | GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE(64)) | |||
| GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) | GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) | |||
| GostR3410-2012-256-PublicKey MUST contain 64 octets, where the first | GostR3410-2012-256-PublicKey MUST contain 64 octets, where the first | |||
| 32 octets contain the little-endian representation of x and the | 32 octets contain the little-endian representation of the x | |||
| second 32 octets contains the little-endian representation of y | coordinate of the public key and the second 32 octets contain the | |||
| coordinates of the public key. | little-endian representation of the y coordinate of the public key. | |||
| GostR3410-2012-512-PublicKey MUST contain 128 octets, where the first | GostR3410-2012-512-PublicKey MUST contain 128 octets, where the first | |||
| 64 octets contain the little-endian representation of x and the | 64 octets contain the little-endian representation of the x | |||
| second 64 octets contains the little-endian representation of y | coordinate of the public key and the second 64 octets contain the | |||
| coordinates of the public key. | little-endian representation of the y coordinate of the public key. | |||
| 4.4. Key Usage Extension | 4.4. Key Usage Extension | |||
| If the KeyUsage extension is present in a certificate with GOST R | If the KeyUsage extension is present in a certificate with the GOST R | |||
| 34.10-2012 public key, the following values MAY be present: | 34.10-2012 public key, the following values MAY be present: | |||
| * digitalSignature (0), | * digitalSignature (0) | |||
| * contentCommitment (1), | * contentCommitment (1) | |||
| * keyEncipherment (2), | * keyEncipherment (2) | |||
| * dataEncipherment (3), | * dataEncipherment (3) | |||
| * keyAgreement (4), | * keyAgreement (4) | |||
| * keyCertSign (5), | * keyCertSign (5) | |||
| * cRLSign (6), | * cRLSign (6) | |||
| * encipherOnly (7), | * encipherOnly (7) | |||
| * decipherOnly (8). | * decipherOnly (8) | |||
| Note that contentCommitment was named nonRepudiation in previous | Note that contentCommitment was named nonRepudiation in previous | |||
| versions of X.509. | versions of X.509. | |||
| If the key is going to be used for key agreement, flag keyAgreement | If the key is going to be used for key agreement, the keyAgreement | |||
| MUST be present in KeyUsage extension with encipherOnly and | flag MUST be present in the KeyUsage extension, with the encipherOnly | |||
| decipherOnly flags being optional. However the encipherOnly and | and decipherOnly flags being optional. However, the encipherOnly and | |||
| decipherOnly flags MUST NOT be present simultaneously. | decipherOnly flags MUST NOT be present simultaneously. | |||
| 5. Qualified Certificates Extensions | 5. Qualified Certificate Extensions | |||
| This section defines additional object identifiers (OIDs) for use in | This section defines additional OIDs for use in qualified | |||
| qualified certificates for checking digital signatures. | certificates for checking digital signatures. | |||
| 5.1. Distinguished Name Additions | 5.1. Distinguished Name Additions | |||
| OGRN is the main state registration number of juridical entities. | OGRN is the main state registration number of juridical entities. | |||
| OGRN ::= NUMERIC STRING (SIZE(13)) | OGRN ::= NUMERIC STRING (SIZE(13)) | |||
| Corresponding OID is 1.2.643.100.1. | The corresponding OID is 1.2.643.100.1. | |||
| SNILS is the individual insurance account number. | SNILS is the individual insurance account number. | |||
| SNILS ::= NUMERIC STRING (SIZE(11)) | SNILS ::= NUMERIC STRING (SIZE(11)) | |||
| Corresponding OID is 1.2.643.100.3. | The corresponding OID is 1.2.643.100.3. | |||
| INNLE is the individual taxpayer number (ITN) of the Legal Entity. | INNLE is the individual taxpayer number (ITN) of the legal entity. | |||
| INNLE ::= NUMERIC STRING (SIZE(10)) | INNLE ::= NUMERIC STRING (SIZE(10)) | |||
| Corresponding OID is 1.2.643.100.4. | The corresponding OID is 1.2.643.100.4. | |||
| OGRNIP is the main state registration number of individual | OGRNIP is the main state registration number of individual | |||
| enterpreneurs (sole traders). | entrepreneurs (sole traders). | |||
| OGRNIP ::= NUMERIC STRING (SIZE(15)) | OGRNIP ::= NUMERIC STRING (SIZE(15)) | |||
| Corresponding OID is 1.2.643.100.5. | The corresponding OID is 1.2.643.100.5. | |||
| IdentificationKind represents the way the receiver of the certificate | IdentificationKind represents the way the receiver of the certificate | |||
| was identified by the CA. | was identified by the CA. | |||
| IdentificationKind ::= INTEGER { personal(0), remote-cert(1), | IdentificationKind ::= INTEGER { personal(0), remote-cert(1), | |||
| remote-passport(2), remote-system(3) } | remote-passport(2), remote-system(3) } | |||
| Corresponding OID is 1.2.643.100.114. | The corresponding OID is 1.2.643.100.114. | |||
| INN is the individual taxpayer number (ITN). | INN is the individual taxpayer number (ITN). | |||
| INN ::= NUMERIC STRING (SIZE(12)) | INN ::= NUMERIC STRING (SIZE(12)) | |||
| Corresponding OID is 1.2.643.3.131.1.1. | ||||
| The corresponding OID is 1.2.643.3.131.1.1. | ||||
| 5.2. Certificate Policies | 5.2. Certificate Policies | |||
| Russian national regulation body for cryptography defines several | The Russian national regulation body for cryptography defines several | |||
| security levels of cryptographic tools. Depending on the class of | security levels of cryptographic tools. Depending on the class of | |||
| cryptographic token used by certificate owner the following OIDs must | cryptographic token used by the certificate owner, the following OIDs | |||
| be included into certificate policies. Certificate should include | must be included in certificate policies. Certificates should | |||
| OIDs starting from the lowest one (KC1) up to the strongest | include OIDs, starting from the lowest (KC1) up to the strongest | |||
| applicable. | applicable. | |||
| * 1.2.643.100.113.1 - class KC1, | * 1.2.643.100.113.1 - class KC1 | |||
| * 1.2.643.100.113.2 - class KC2, | * 1.2.643.100.113.2 - class KC2 | |||
| * 1.2.643.100.113.3 - class KC3, | * 1.2.643.100.113.3 - class KC3 | |||
| * 1.2.643.100.113.4 - class KB1, | * 1.2.643.100.113.4 - class KB1 | |||
| * 1.2.643.100.113.5 - class KB2, | * 1.2.643.100.113.5 - class KB2 | |||
| * 1.2.643.100.113.6 - class KA1. | * 1.2.643.100.113.6 - class KA1 | |||
| 5.3. Subject Sign Tool | 5.3. Subject Sign Tool | |||
| To denote the token or software type used by certificate owner | To denote the token or software type used by the certificate owner, | |||
| following non-critical SubjectSignTool extension with OID | the following non-critical SubjectSignTool extension with OID | |||
| 1.2.643.100.111 should be included. It is defined as | 1.2.643.100.111 should be included. It is defined as | |||
| SubjectSignTool ::= UTF8String(SIZE(1..200)) . | SubjectSignTool ::= UTF8String(SIZE(1..200)) | |||
| 5.4. Issuer Sign Tool | 5.4. Issuer Sign Tool | |||
| To denote the tools used to generate key pair and tools used by CA to | To denote the tools used to generate key pairs and tools used by the | |||
| sign certificate following non-critical IssuerSignTool extension with | CA to sign certificates, the following non-critical IssuerSignTool | |||
| OID 1.2.643.100.112 should be included. It is defined as | extension with OID 1.2.643.100.112 should be included. It is defined | |||
| as | ||||
| IssuerSignTool ::= SEQUENCE { | IssuerSignTool ::= SEQUENCE { | |||
| signTool UTF8String(SIZE(1..200)), | signTool UTF8String(SIZE(1..200)), | |||
| cATool UTF8String(SIZE(1..200)), | cATool UTF8String(SIZE(1..200)), | |||
| signToolCert UTF8String(SIZE(1..100)), | signToolCert UTF8String(SIZE(1..100)), | |||
| cAToolCert UTF8String(SIZE(1..100)) } | cAToolCert UTF8String(SIZE(1..100)) } | |||
| where: | where: | |||
| * signTool identifies tools used to create key pair, | * signTool identifies tools used to create key pairs. | |||
| * cATool identifies tools used by certificate authority, | * cATool identifies tools used by the CA. | |||
| * signToolCert and cAToolCert contain the notice of respective tools | ||||
| conformance to Russian federal law on digital signature. | * signToolCert and cAToolCert contain the notice of the conformance | |||
| of respective tools to Russian federal law on digital signatures. | ||||
| 6. Historical Considerations | 6. Historical Considerations | |||
| Note that for the significant period of time there were no documents | Note that, for a significant period of time, there were no documents | |||
| describing GostR3410-2012-PublicKeyParameters. Several old | describing GostR3410-2012-PublicKeyParameters. Several old | |||
| implementations have used GostR3410-2001-PublicKeyParameters instead. | implementations have used GostR3410-2001-PublicKeyParameters instead. | |||
| These implementations will return an error if digestParamSet field is | These implementations will return an error if the digestParamSet | |||
| not included into public key parameters. Thus an implementation | field is not included in public key parameters. Thus, an | |||
| wishing to collaborate with old implementations might want to include | implementation wishing to collaborate with old implementations might | |||
| digestParamSet equal to id-tc26-digest-gost3411-12-512 if one of the | want to include digestParamSet equal to id-tc26-digest- | |||
| following values is used as publicKeyParamSet: | gost3411-12-512 if one of the following values is used as | |||
| publicKeyParamSet: | ||||
| * id-tc26-gost-3410-12-512-paramSetA, | * id-tc26-gost-3410-12-512-paramSetA | |||
| * id-tc26-gost-3410-12-512-paramSetB. | * id-tc26-gost-3410-12-512-paramSetB | |||
| Note, that usage of keyEncipherment and dataEncipherment values for | Note that the usage of keyEncipherment and dataEncipherment values | |||
| the KeyUsage extension is not fully defined for the GOST R 34.10-2012 | for the KeyUsage extension is not fully defined for the GOST R | |||
| public keys, so they SHOULD be used with additional care. | 34.10-2012 public keys, so they SHOULD be used with additional care. | |||
| 7. IANA Considerations | 7. IANA Considerations | |||
| This memo includes no request to IANA. | This document has no IANA actions. | |||
| 8. Security Considerations | 8. Security Considerations | |||
| It is RECOMMENDED that applications verify signature values and | It is RECOMMENDED that applications verify signature values and | |||
| subject public keys to conform to [GOSTR3410-2012] standard | subject public keys to conform to the GOST R 34.10-2012 standard | |||
| ([RFC7091]) prior to their use. | [GOSTR3410-2012] [RFC7091] prior to their use. | |||
| It is RECOMMENDED that CAs and applications make sure that the | It is RECOMMENDED that CAs and applications make sure that the | |||
| private key for creating signatures is not used for more than its | private key for creating signatures is not used for more than its | |||
| allowed validity period (typically 15 months for GOST R 34.10-2012 | allowed validity period (typically 15 months for the GOST R | |||
| algorithm). | 34.10-2012 algorithm). | |||
| Test parameter sets (id-GostR3410-2001-TestParamSet and id-tc26-gost- | Test parameter sets (id-GostR3410-2001-TestParamSet and id-tc26-gost- | |||
| 3410-2012-512-paramSetTest) MUST NOT be used outside of testing | 3410-2012-512-paramSetTest) MUST NOT be used outside of testing | |||
| scenarios. Use or parameter sets not described herein is NOT | scenarios. The use of parameter sets not described herein is NOT | |||
| RECOMMENDED. When different parameters are used, it is RECOMMENDED | RECOMMENDED. When different parameters are used, it is RECOMMENDED | |||
| that they be subjected to examination by an authorized agency with | that they be subjected to examination by an authorized agency with | |||
| approved methods of cryptographic analysis. | approved methods of cryptographic analysis. | |||
| For security discussion concerning use of algorithm parameters, see | For security discussions concerning the use of algorithm parameters, | |||
| [ANS17] and the Security Considerations sections in [RFC4357], | see [ANS17] and the Security Considerations sections in [RFC4357] and | |||
| [RFC7836]. | [RFC7836]. | |||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 12, line 7 ¶ | skipping to change at line 525 ¶ | |||
| <https://www.rfc-editor.org/info/rfc7836>. | <https://www.rfc-editor.org/info/rfc7836>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [ANS17] Alekseev, E.K., Nikolaev, V.D., and S.V. Smyshlyaev, "On | [ANS17] Alekseev, E.K., Nikolaev, V.D., and S.V. Smyshlyaev, "On | |||
| the security properties of Russian standardized elliptic | the security properties of Russian standardized elliptic | |||
| curves.", Mathematical Aspects of Cryptography 9:3. P. | curves", Mathematical Aspects of Cryptography, 9:3, P. | |||
| 5-32., DOI 10.4213/mvk260, 2018, | 5-32, DOI 10.4213/mvk260, 2018, | |||
| <https://doi.org/10.4213/mvk260>. | <https://doi.org/10.4213/mvk260>. | |||
| [GOSTR3410-2012] | [GOSTR3410-2012] | |||
| Federal Agency on Technical Regulating and Metrology, | "Information technology. Cryptographic data security. | |||
| "Information technology. Cryptographic data security. | ||||
| Signature and verification processes of [electronic] | Signature and verification processes of [electronic] | |||
| digital signature", GOST R 34.10-2012, 2012. | digital signature", GOST R 34.10-2012, Federal Agency on | |||
| Technical Regulating and Metrology, 2012. | ||||
| [GOSTR3411-2012] | [GOSTR3411-2012] | |||
| Federal Agency on Technical Regulating and Metrology, | "Information technology. Cryptographic Data Security. | |||
| "Information technology. Cryptographic Data Security. | Hashing function", GOST R 34.11-2012, Federal Agency on | |||
| Hashing function", GOST R 34.11-2012, 2012. | Technical Regulating and Metrology, 2012. | |||
| Appendix A. GostR3410-2012-PKISyntax | Appendix A. GostR3410-2012-PKISyntax | |||
| GostR3410-2012-PKISyntax | GostR3410-2012-PKISyntax | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) | { iso(1) member-body(2) ru(643) rosstandart(7) | |||
| tc26(1) modules(0) gostR3411-2012-PKISyntax(2) } | tc26(1) modules(0) gostR3410-2012-PKISyntax(2) } | |||
| DEFINITIONS ::= | DEFINITIONS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS All -- | -- EXPORTS All -- | |||
| -- ASN.1 TC 26 root | -- ASN.1 TC 26 root | |||
| id-tc26 OBJECT IDENTIFIER ::= | id-tc26 OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) } | |||
| -- Signature algorithm | -- Signature algorithm | |||
| id-tc26-sign OBJECT IDENTIFIER ::= | id-tc26-sign OBJECT IDENTIFIER ::= | |||
| { id-tc26 algorithms(1) sign(1) } | { id-tc26 algorithms(1) sign(1) } | |||
| -- Hash algorithm | -- Hash algorithm | |||
| id-tc26-digest OBJECT IDENTIFIER ::= | id-tc26-digest OBJECT IDENTIFIER ::= | |||
| { id-tc26 algorithms(1) digest(2) } | { id-tc26 algorithms(1) digest(2) } | |||
| -- Public key identifiers | -- Public key identifiers | |||
| id-tc26-sign-constants OBJECT IDENTIFIER ::= | id-tc26-sign-constants OBJECT IDENTIFIER ::= | |||
| { id-tc26 constants(2) sign(1) } | { id-tc26 constants(2) sign(1) } | |||
| -- Public key algorithm GOST R 34.10-2012 / 256 bits identifiers | -- Public key algorithm GOST R 34.10-2012 / 256-bit identifiers | |||
| id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::= | |||
| { id-tc26-sign-constants gost-3410-2012-256(1) } | { id-tc26-sign-constants gost-3410-2012-256(1) } | |||
| -- Public key algorithm GOST R 34.10-2012 / 512 bits identifiers | -- Public key algorithm GOST R 34.10-2012 / 512-bit identifiers | |||
| id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::= | |||
| { id-tc26-sign-constants gost-3410-2012-512(2) } | { id-tc26-sign-constants gost-3410-2012-512(2) } | |||
| -- GOST R 34.10-2012 / 256 bits signature algorithm | -- GOST R 34.10-2012 / 256-bit signature algorithm | |||
| id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= | id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::= | |||
| { id-tc26-sign gost3410-12-256(1) } | { id-tc26-sign gost3410-12-256(1) } | |||
| -- GOST R 34.10-2012 / 512 bits signature algorithm | -- GOST R 34.10-2012 / 512-bit signature algorithm | |||
| id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= | id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::= | |||
| { id-tc26-sign gost3410-12-512(2) } | { id-tc26-sign gost3410-12-512(2) } | |||
| -- GOST R 34.11-2012 / 256 bits hash algorithm | -- GOST R 34.11-2012 / 256-bit hash algorithm | |||
| id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= | id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::= | |||
| { id-tc26-digest gost3411-12-256(2)} | { id-tc26-digest gost3411-12-256(2)} | |||
| -- GOST R 34.11-2012 / 512 bits hash algorithm | -- GOST R 34.11-2012 / 512-bit hash algorithm | |||
| id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= | id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::= | |||
| { id-tc26-digest gost3411-12-512(3)} | { id-tc26-digest gost3411-12-512(3)} | |||
| -- GOST R 34.10-2012 / GOST R 34.11-2012 sign/hash algorithm | -- GOST R 34.10-2012 / GOST R 34.11-2012 sign/hash algorithm | |||
| id-tc26-signwithdigest OBJECT IDENTIFIER ::= | id-tc26-signwithdigest OBJECT IDENTIFIER ::= | |||
| { id-tc26 algorithms(1) signwithdigest(3) } | { id-tc26 algorithms(1) signwithdigest(3) } | |||
| -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits | -- Signature & hash algorithm GOST R 34.10-2012 / 256 bits | |||
| -- with GOST R 34.11-2012 | -- with GOST R 34.11-2012 | |||
| id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= | id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::= | |||
| { id-tc26-signwithdigest gost3410-12-256(2) } | { id-tc26-signwithdigest gost3410-12-256(2) } | |||
| -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits | -- Signature & hash algorithm GOST R 34.10-2012 / 512 bits | |||
| -- with GOST R 34.11-2012 | -- with GOST R 34.11-2012 | |||
| id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= | id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::= | |||
| { id-tc26-signwithdigest gost3410-12-512(3) } | { id-tc26-signwithdigest gost3410-12-512(3) } | |||
| -- GOST R 34.10-2012 / 256 bits Signature algorithm parameters ID: | -- GOST R 34.10-2012 / 256-bit signature algorithm | |||
| -- "Set A" | -- parameters identifier: "Set A" | |||
| id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-256-constants paramSetA(1) } | { id-tc26-gost-3410-2012-256-constants paramSetA(1) } | |||
| -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 256-bit signature algorithm | |||
| -- "Set B" | -- parameters identifier: "Set B" | |||
| id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-256-constants paramSetB(2) } | { id-tc26-gost-3410-2012-256-constants paramSetB(2) } | |||
| -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 256-bit signature algorithm | |||
| -- "Set C" | -- parameters identifier: "Set C" | |||
| id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-256-constants paramSetC(3) } | { id-tc26-gost-3410-2012-256-constants paramSetC(3) } | |||
| -- GOST R 34.10-2012 / 256 bits signature algorithm parameters ID: | ||||
| -- "Set D" | ||||
| id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= | ||||
| { id-tc26-gost-3410-2012-256-constants paramSetD(4) } | ||||
| -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 256-bit signature algorithm | |||
| -- "Test set" | -- parameters identifier: "Set D" | |||
| id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } | { id-tc26-gost-3410-2012-256-constants paramSetD(4) } | |||
| -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 512-bit signature algorithm | |||
| -- "Set A" | -- parameters identifier: "Test set" | |||
| id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-512-constants paramSetA(1) } | { id-tc26-gost-3410-2012-512-constants paramSetTest(0) } | |||
| -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 512-bit signature algorithm | |||
| -- "Set B" | -- parameters identifier: "Set A" | |||
| id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-512-constants paramSetB(2) } | { id-tc26-gost-3410-2012-512-constants paramSetA(1) } | |||
| -- GOST R 34.10-2012 / 512 bits signature algorithm parameters ID: | -- GOST R 34.10-2012 / 512-bit signature algorithm | |||
| -- "Set C" | -- parameters identifier: "Set B" | |||
| id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER ::= | |||
| { id-tc26-gost-3410-2012-512-constants paramSetC(3) } | { id-tc26-gost-3410-2012-512-constants paramSetB(2) } | |||
| -- Public key GOST R 34.10-2012 / 256 bits | -- GOST R 34.10-2012 / 512-bit signature algorithm | |||
| GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) | -- parameters identifier: "Set C" | |||
| -- Public key GOST R 34.10-2012 / 512 bits | id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::= | |||
| GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) | { id-tc26-gost-3410-2012-512-constants paramSetC(3) } | |||
| -- Public key GOST R 34.10-2012 | ||||
| GostR3410-2012-PublicKey ::= OCTET STRING (SIZE (64 | 128)) | ||||
| -- Public key parameters GOST R 34.10-2012 | -- Public key GOST R 34.10-2012 / 256 bits | |||
| GostR3410-2012-PublicKeyParameters ::= | GostR3410-2012-256-PublicKey ::= OCTET STRING (SIZE (64)) | |||
| SEQUENCE { | -- Public key GOST R 34.10-2012 / 512 bits | |||
| publicKeyParamSet OBJECT IDENTIFIER, | GostR3410-2012-512-PublicKey ::= OCTET STRING (SIZE (128)) | |||
| digestParamSet OBJECT IDENTIFIER OPTIONAL | -- Public key GOST R 34.10-2012 | |||
| } | GostR3410-2012-PublicKey ::= OCTET STRING (SIZE (64 | 128)) | |||
| END -- GostR3410-2012-PKISyntax | -- Public key parameters GOST R 34.10-2012 | |||
| GostR3410-2012-PublicKeyParameters ::= | ||||
| SEQUENCE { | ||||
| publicKeyParamSet OBJECT IDENTIFIER, | ||||
| digestParamSet OBJECT IDENTIFIER OPTIONAL | ||||
| } | ||||
| END -- GostR3410-2012-PKISyntax | ||||
| Appendix B. GostR3410-2012-RuStrongCertsSyntax | ||||
| Appendix B. GostR3410-2012-RuCertsSyntax | ||||
| RuStrongCertsSyntax | RuStrongCertsSyntax | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) | { iso(1) member-body(2) ru(643) rosstandart(7) | |||
| tc26(1) modules(0) ruStrongCertsSyntax(6) } | tc26(1) modules(0) ruStrongCertsSyntax(6) } | |||
| DEFINITIONS ::= | DEFINITIONS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS All -- | -- EXPORTS All -- | |||
| id-ca OBJECT IDENTIFIER ::= | id-ca OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) ca(3) } | { iso(1) member-body(2) ru(643) ca(3) } | |||
| skipping to change at page 15, line 27 ¶ | skipping to change at line 685 ¶ | |||
| id-fns OBJECT IDENTIFIER ::= | id-fns OBJECT IDENTIFIER ::= | |||
| { id-ca fns(131) } | { id-ca fns(131) } | |||
| -- The main state registration number of juridical entities. | -- The main state registration number of juridical entities. | |||
| OGRN ::= NumericString(SIZE (13)) | OGRN ::= NumericString(SIZE (13)) | |||
| id-OGRN OBJECT IDENTIFIER ::= | id-OGRN OBJECT IDENTIFIER ::= | |||
| { id-fss ogrn(1) } | { id-fss ogrn(1) } | |||
| -- The individual insurance account number | -- The individual insurance account number. | |||
| SNILS ::= NumericString(SIZE (11)) | SNILS ::= NumericString(SIZE (11)) | |||
| id-SNILS OBJECT IDENTIFIER ::= | id-SNILS OBJECT IDENTIFIER ::= | |||
| { id-fss snils(3) } | { id-fss snils(3) } | |||
| -- The main state registration number of | -- The main state registration number of | |||
| -- individual enterpreneurs (sole traders). | -- individual entrepreneurs (sole traders). | |||
| OGRNIP ::= NumericString(SIZE (15)) | OGRNIP ::= NumericString(SIZE (15)) | |||
| id-OGRNIP OBJECT IDENTIFIER ::= | id-OGRNIP OBJECT IDENTIFIER ::= | |||
| { id-fss ogrnip(5) } | { id-fss ogrnip(5) } | |||
| id-class OBJECT IDENTIFIER ::= | id-class OBJECT IDENTIFIER ::= | |||
| { id-fss class(113) } | { id-fss class(113) } | |||
| id-class-kc1 OBJECT IDENTIFIER ::= | id-class-kc1 OBJECT IDENTIFIER ::= | |||
| { id-class kc1(1) } | { id-class kc1(1) } | |||
| skipping to change at page 16, line 26 ¶ | skipping to change at line 731 ¶ | |||
| id-INN OBJECT IDENTIFIER ::= | id-INN OBJECT IDENTIFIER ::= | |||
| { id-fns ids(1) inn(1) } | { id-fns ids(1) inn(1) } | |||
| -- The organization taxpayer number (OTN). | -- The organization taxpayer number (OTN). | |||
| INNLE ::= NumericString(SIZE (10)) | INNLE ::= NumericString(SIZE (10)) | |||
| id-INNLE OBJECT IDENTIFIER ::= | id-INNLE OBJECT IDENTIFIER ::= | |||
| { id-fss innle(4) } | { id-fss innle(4) } | |||
| -- The token or software type used by certificate owner | -- The token or software type used by the certificate owner. | |||
| SubjectSignTool ::= UTF8String(SIZE(1..200)) | SubjectSignTool ::= UTF8String(SIZE(1..200)) | |||
| id-SubjectSignTool OBJECT IDENTIFIER ::= | id-SubjectSignTool OBJECT IDENTIFIER ::= | |||
| { id-fss subjectSignTool(111) } | { id-fss subjectSignTool(111) } | |||
| -- the tools used to generate key pair and tools used by CA | -- The tools used to generate key pairs and tools used by | |||
| -- to sign certificate | -- the CA to sign certificates. | |||
| IssuerSignTool ::= SEQUENCE { | IssuerSignTool ::= SEQUENCE { | |||
| signTool UTF8String(SIZE(1..200)), | signTool UTF8String(SIZE(1..200)), | |||
| cATool UTF8String(SIZE(1..200)), | cATool UTF8String(SIZE(1..200)), | |||
| signToolCert UTF8String(SIZE(1..100)), | signToolCert UTF8String(SIZE(1..100)), | |||
| cAToolCert UTF8String(SIZE(1..100)) } | cAToolCert UTF8String(SIZE(1..100)) } | |||
| id-IssuerSignTool OBJECT IDENTIFIER ::= | id-IssuerSignTool OBJECT IDENTIFIER ::= | |||
| { id-fss issuerSignTool(112) } | { id-fss issuerSignTool(112) } | |||
| -- The method of identifying owner, when it applies/receives | -- The method of identifying the owner, when it applies/receives | |||
| -- certificate in the CA | -- the certificate in the CA. | |||
| IdentificationKind ::= INTEGER { personal(0), remote-cert(1), | IdentificationKind ::= INTEGER { personal(0), remote-cert(1), | |||
| remote-passport(2), remote-system(3) } | remote-passport(2), remote-system(3) } | |||
| id-IdentificationKind OBJECT IDENTIFIER ::= | id-IdentificationKind OBJECT IDENTIFIER ::= | |||
| { id-fss identificationKind(114) } | { id-fss identificationKind(114) } | |||
| END -- RuStrongCertsSyntax | END -- RuStrongCertsSyntax | |||
| Appendix C. Public key Parameters | Appendix C. Public Key Parameters | |||
| Here we define three new object identifiers for three existing public | Here we define three new OIDs for three existing public key parameter | |||
| key parameter sets defined in [RFC4357]. These object identifiers | sets defined in [RFC4357]. These OIDs MUST be used with GOST R | |||
| MUST be used with GOST R 34.10-2012 public keys only. | 34.10-2012 public keys only. | |||
| id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| sign-constants(1) gost-3410-12-256-constants(1) paramSetB(2)} | constants(2) sign-constants(1) gost-3410-12-256-constants(1) | |||
| paramSetB(2)} | ||||
| The elliptic curve of this parameter set is the same as of id- | The elliptic curve of this parameter set is the same as that of id- | |||
| GostR3410-2001-CryptoPro-A-ParamSet (and id-GostR3410-2001-CryptoPro- | GostR3410-2001-CryptoPro-A-ParamSet (and id-GostR3410-2001-CryptoPro- | |||
| XchA-ParamSet) which can be found in [RFC4357]. | XchA-ParamSet), which can be found in [RFC4357]. | |||
| id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| sign-constants(1) gost-3410-12-256-constants(1) paramSetC(3)} | constants(2) sign-constants(1) gost-3410-12-256-constants(1) | |||
| paramSetC(3)} | ||||
| The elliptic curve of this parameter set is the same as of id- | The elliptic curve of this parameter set is the same as that of id- | |||
| GostR3410-2001-CryptoPro-B-ParamSet which can be found in [RFC4357]. | GostR3410-2001-CryptoPro-B-ParamSet, which can be found in [RFC4357]. | |||
| id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= | id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::= | |||
| { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) constants(2) | { iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) | |||
| sign-constants(1) gost-3410-12-256-constants(1) paramSetD(4)} | constants(2) sign-constants(1) gost-3410-12-256-constants(1) | |||
| paramSetD(4)} | ||||
| The elliptic curve of this parameter set is the same as of id- | The elliptic curve of this parameter set is the same as that of id- | |||
| GostR3410-2001-CryptoPro-C-ParamSet (and id-GostR3410-2001-CryptoPro- | GostR3410-2001-CryptoPro-C-ParamSet (and id-GostR3410-2001-CryptoPro- | |||
| XchB-ParamSet) which can be found in [RFC4357]. | XchB-ParamSet), which can be found in [RFC4357]. | |||
| Appendix D. Test Examples | Appendix D. Test Examples | |||
| D.1. GOST R 34.10-2001 Test Parameters (256 Bit Private Key Length) | D.1. GOST R 34.10-2001 Test Parameters (256-Bit Private Key Length) | |||
| This example uses curve defined in Section 7.1 of [RFC7091]. | This example uses the curve defined in Section 7.1 of [RFC7091]. | |||
| Private key is | The private key is | |||
| d = 0x7A929ADE789BB9BE10ED359DD39A72C11B60961F49397EEE1D19CE9891EC3B28 | d = 0x7A929ADE789BB9BE10ED359DD39A72C1\\ | |||
| 1B60961F49397EEE1D19CE9891EC3B28 | ||||
| Public key is | The public key is | |||
| X = 0x7F2B49E270DB6D90D8595BEC458B50C58585BA1D4E9B788F6689DBD8E56FD80B | X = 0x7F2B49E270DB6D90D8595BEC458B50C5\\ | |||
| Y = 0x26F1B489D6701DD185C8413A977B3CBBAF64D1C593D26627DFFB101A87FF77DA | 8585BA1D4E9B788F6689DBD8E56FD80B | |||
| Y = 0x26F1B489D6701DD185C8413A977B3CBB\\ | ||||
| AF64D1C593D26627DFFB101A87FF77DA | ||||
| D.1.1. Certificate Request | D.1.1. Certificate Request | |||
| -----BEGIN CERTIFICATE REQUEST----- | ||||
| MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq | ||||
| hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b | ||||
| cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB | ||||
| AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN | ||||
| ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== | ||||
| -----END CERTIFICATE REQUEST----- | ||||
| 0 211: SEQUENCE { | -----BEGIN CERTIFICATE REQUEST----- | |||
| 3 129: SEQUENCE { | MIHTMIGBAgEAMBIxEDAOBgNVBAMTB0V4YW1wbGUwZjAfBggqhQMHAQEBATATBgcq | |||
| 6 1: INTEGER 0 | hQMCAiMABggqhQMHAQECAgNDAARAC9hv5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3b | |||
| 9 18: SEQUENCE { | cOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB | |||
| 11 16: SET { | AQMCA0EAaqqzjjXUqqUXlAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN | |||
| 13 14: SEQUENCE { | ntVv7aQZdAU1VKQnZ7g60EP9OdwEkw== | |||
| 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) | -----END CERTIFICATE REQUEST----- | |||
| 20 7: PrintableString 'Example' | ||||
| : } | 0 211: SEQUENCE { | |||
| : } | 3 129: SEQUENCE { | |||
| : } | 6 1: INTEGER 0 | |||
| 29 102: SEQUENCE { | 9 18: SEQUENCE { | |||
| 31 31: SEQUENCE { | 11 16: SET { | |||
| 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | 13 14: SEQUENCE { | |||
| 43 19: SEQUENCE { | 15 3: OBJECT IDENTIFIER commonName (2 5 4 3) | |||
| 45 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) | 20 7: PrintableString 'Example' | |||
| 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' | : } | |||
| : } | : } | |||
| : } | : } | |||
| 64 67: BIT STRING, encapsulates { | 29 102: SEQUENCE { | |||
| 67 64: OCTET STRING | 31 31: SEQUENCE { | |||
| : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 | 33 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | |||
| : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F | 43 19: SEQUENCE { | |||
| : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF | 45 7: OBJECT IDENTIFIER '1 2 643 2 2 35 0' | |||
| : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 | 54 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' | |||
| : } | : } | |||
| : } | : } | |||
| 133 0: [0] {} | 64 67: BIT STRING, encapsulates { | |||
| : } | 67 64: OCTET STRING | |||
| 135 10: SEQUENCE { | : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 | |||
| 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F | |||
| : } | : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF | |||
| 147 65: BIT STRING | : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 | |||
| : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 | : } | |||
| : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A | : } | |||
| : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | 133 0: [0] {} | |||
| : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | : } | |||
| : } | 135 10: SEQUENCE { | |||
| 137 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | ||||
| : } | ||||
| 147 65: BIT STRING | ||||
| : 6A AA B3 8E 35 D4 AA A5 17 94 03 01 79 91 22 D8 | ||||
| : 55 48 4F 57 9F 4C BB 96 D6 3C DF DF 3A CC 43 2A | ||||
| : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | ||||
| : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | ||||
| : } | ||||
| D.1.2. Certificate | D.1.2. Certificate | |||
| -----BEGIN CERTIFICATE----- | -----BEGIN CERTIFICATE----- | |||
| MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw | MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTB0V4YW1wbGUw | |||
| IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 | IBcNMDEwMTAxMDAwMDAwWhgPMjA1MDEyMzEwMDAwMDBaMBIxEDAOBgNVBAMTB0V4 | |||
| YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv | YW1wbGUwZjAfBggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARAC9hv | |||
| 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 | 5djbiWaPeJtOHbqFhcVQi0XsW1nYkG3bcOJJK3/ad/+HGhD73ydm0pPF0WSvuzx7 | |||
| lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB | lzpByIXRHXDWibTxJqMTMBEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhQMHAQEDAgNB | |||
| AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k | AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq4O6xLrPc1Fzz6gcQaoo0vGrFIKAzZ7Vb+2k | |||
| GXQFNVSkJ2e4OtBD/TncBJM= | GXQFNVSkJ2e4OtBD/TncBJM= | |||
| -----END CERTIFICATE----- | -----END CERTIFICATE----- | |||
| 0 301: SEQUENCE { | 0 301: SEQUENCE { | |||
| 4 219: SEQUENCE { | 4 219: SEQUENCE { | |||
| 7 3: [0] { | 7 3: [0] { | |||
| 9 1: INTEGER 2 | 9 1: INTEGER 2 | |||
| : } | : } | |||
| 12 1: INTEGER 10 | 12 1: INTEGER 10 | |||
| 15 10: SEQUENCE { | 15 10: SEQUENCE { | |||
| 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | 17 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | |||
| : } | : } | |||
| 27 18: SEQUENCE { | 27 18: SEQUENCE { | |||
| 29 16: SET { | 29 16: SET { | |||
| 31 14: SEQUENCE { | 31 14: SEQUENCE { | |||
| 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) | 33 3: OBJECT IDENTIFIER commonName (2 5 4 3) | |||
| 38 7: PrintableString 'Example' | 38 7: PrintableString 'Example' | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| 47 32: SEQUENCE { | 47 32: SEQUENCE { | |||
| 49 13: UTCTime 01/01/2001 00:00:00 GMT | 49 13: UTCTime 01/01/2001 00:00:00 GMT | |||
| 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT | 64 15: GeneralizedTime 31/12/2050 00:00:00 GMT | |||
| : } | : } | |||
| 81 18: SEQUENCE { | 81 18: SEQUENCE { | |||
| 83 16: SET { | 83 16: SET { | |||
| 85 14: SEQUENCE { | 85 14: SEQUENCE { | |||
| 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) | 87 3: OBJECT IDENTIFIER commonName (2 5 4 3) | |||
| 92 7: PrintableString 'Example' | 92 7: PrintableString 'Example' | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| 101 102: SEQUENCE { | 101 102: SEQUENCE { | |||
| 103 31: SEQUENCE { | 103 31: SEQUENCE { | |||
| 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | 105 8: OBJECT IDENTIFIER '1 2 643 7 1 1 1 1' | |||
| 115 19: SEQUENCE { | 115 19: SEQUENCE { | |||
| 117 7: OBJECT IDENTIFIER testSignParams (1 2 643 2 2 35 0) | 117 7: OBJECT IDENTIFIER '1 2 643 2 2 35 0' | |||
| 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' | 126 8: OBJECT IDENTIFIER '1 2 643 7 1 1 2 2' | |||
| : } | : } | |||
| : } | : } | |||
| 136 67: BIT STRING, encapsulates { | 136 67: BIT STRING, encapsulates { | |||
| 139 64: OCTET STRING | 139 64: OCTET STRING | |||
| : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 | : 0B D8 6F E5 D8 DB 89 66 8F 78 9B 4E 1D BA 85 85 | |||
| : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F | : C5 50 8B 45 EC 5B 59 D8 90 6D DB 70 E2 49 2B 7F | |||
| : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF | : DA 77 FF 87 1A 10 FB DF 27 66 D2 93 C5 D1 64 AF | |||
| : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 | : BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26 | |||
| : } | : } | |||
| : } | : } | |||
| 205 19: [3] { | 205 19: [3] { | |||
| 207 17: SEQUENCE { | 207 17: SEQUENCE { | |||
| 209 15: SEQUENCE { | 209 15: SEQUENCE { | |||
| 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) | 211 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19) | |||
| 216 1: BOOLEAN TRUE | 216 1: BOOLEAN TRUE | |||
| 219 5: OCTET STRING, encapsulates { | 219 5: OCTET STRING, encapsulates { | |||
| 221 3: SEQUENCE { | 221 3: SEQUENCE { | |||
| 223 1: BOOLEAN TRUE | 223 1: BOOLEAN TRUE | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| : } | : } | |||
| 226 10: SEQUENCE { | 226 10: SEQUENCE { | |||
| 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | 228 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | |||
| : } | : } | |||
| 238 65: BIT STRING | 238 65: BIT STRING | |||
| : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF | : 4D 53 F0 12 FE 08 17 76 50 7D 4D 9B B8 1F 00 EF | |||
| : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C | : DB 4E EF D4 AB 83 BA C4 BA CF 73 51 73 CF A8 1C | |||
| : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | |||
| : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | |||
| : } | : } | |||
| D.1.3. Certificate Revocation List | D.1.3. Certificate Revocation List | |||
| -----BEGIN X509 CRL----- | -----BEGIN X509 CRL----- | |||
| MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx | MIGSMEECAQEwCgYIKoUDBwEBAwIwEjEQMA4GA1UEAxMHRXhhbXBsZRcNMTQwMTAx | |||
| MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ | MDAwMDAwWhcNMTQwMTAyMDAwMDAwWjAKBggqhQMHAQEDAgNBAEK/OSoU0+vpV68+ | |||
| RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD | RstQv19CIaADrT0XJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb+2kGXQFNVSkJ2e4OtBD | |||
| /TncBJM= | /TncBJM= | |||
| -----END X509 CRL----- | -----END X509 CRL----- | |||
| 0 146: SEQUENCE { | 0 146: SEQUENCE { | |||
| 3 65: SEQUENCE { | 3 65: SEQUENCE { | |||
| 5 1: INTEGER 1 | 5 1: INTEGER 1 | |||
| skipping to change at page 21, line 38 ¶ | skipping to change at line 975 ¶ | |||
| 70 10: SEQUENCE { | 70 10: SEQUENCE { | |||
| 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | |||
| : } | : } | |||
| 82 65: BIT STRING | 82 65: BIT STRING | |||
| : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F | : 42 BF 39 2A 14 D3 EB E9 57 AF 3E 46 CB 50 BF 5F | |||
| : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 | : 42 21 A0 03 AD 3D 17 27 53 C9 4A 9C 37 A3 1D 20 | |||
| : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | : 41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19 | |||
| : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | : 74 05 35 54 A4 27 67 B8 3A D0 43 FD 39 DC 04 93 | |||
| : } | : } | |||
| D.2. GOST R 34.10-2012 TC26-256-A Parameters (256 Bit Private Key | D.2. GOST R 34.10-2012 TC26-256-A Parameters (256-Bit Private Key | |||
| Length) | Length) | |||
| This example uses curve defined in Section A.2 of [RFC7836]. | This example uses the curve defined in Appendix A.2 of [RFC7836]. | |||
| Private key is | The private key is | |||
| d = 0x3A929ADE789BB9BE10ED359DD39A72C10B87C83F80BE18B85C041F4325B62EC1 | d = 0x3A929ADE789BB9BE10ED359DD39A72C1\\ | |||
| 0B87C83F80BE18B85C041F4325B62EC1 | ||||
| Public key is | The public key is | |||
| X = 0x99C3DF265EA59350640BA69D1DE04418AF3FEA03EC0F85F2DD84E8BED4952774 | X = 0x99C3DF265EA59350640BA69D1DE04418\\ | |||
| Y = 0xE218631A69C47C122E2D516DA1C09E6BD19344D94389D1F16C0C4D4DCF96F578 | AF3FEA03EC0F85F2DD84E8BED4952774 | |||
| Y = 0xE218631A69C47C122E2D516DA1C09E6B\\ | ||||
| D19344D94389D1F16C0C4D4DCF96F578 | ||||
| D.2.1. Certificate Request | D.2.1. Certificate Request | |||
| -----BEGIN CERTIFICATE REQUEST----- | -----BEGIN CERTIFICATE REQUEST----- | |||
| MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF | MIHKMHkCAQAwEjEQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF | |||
| AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP | AwcBAgEBAQNDAARAdCeV1L7ohN3yhQ/sA+o/rxhE4B2dpgtkUJOlXibfw5l49ZbP | |||
| TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq | TU0MbPHRiUPZRJPRa57AoW1RLS4SfMRpGmMY4qAAMAoGCCqFAwcBAQMCA0EAG9wq | |||
| Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH | Exdnm2YjL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh2lvjR8bxtSVseurCAK1krH | |||
| em9bOg4Jcxjnrm7naQ== | em9bOg4Jcxjnrm7naQ== | |||
| -----END CERTIFICATE REQUEST----- | -----END CERTIFICATE REQUEST----- | |||
| skipping to change at page 25, line 38 ¶ | skipping to change at line 1157 ¶ | |||
| 70 10: SEQUENCE { | 70 10: SEQUENCE { | |||
| 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | 72 8: OBJECT IDENTIFIER '1 2 643 7 1 1 3 2' | |||
| : } | : } | |||
| 82 65: BIT STRING | 82 65: BIT STRING | |||
| : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD | : 14 BD 68 08 7C 3B 90 3C 7A A2 8B 07 FE B2 E7 BD | |||
| : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD | : 6F E0 96 3F 56 32 67 35 9F 5C D8 EA B4 50 59 AD | |||
| : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A | : 1D 0E 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A | |||
| : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 | : D6 4A C7 7A 6F 5B 3A 0E 09 73 18 E7 AE 6E E7 69 | |||
| : } | : } | |||
| D.3. GOST R 34.10-2012 Test Parameters (512 Bit Private Key Length) | D.3. GOST R 34.10-2012 Test Parameters (512-Bit Private Key Length) | |||
| This example uses curve defined in Appendix E. | This example uses the curve defined in Appendix E. | |||
| Private key is | The private key is | |||
| d = 0x0BA6048AADAE241BA40936D47756D7C93091A0E8514669700EE7508E508B1020\\ | d = 0x0BA6048AADAE241BA40936D47756D7C9\\ | |||
| 72E8123B2200A0563322DAD2827E2714A2636B7BFD18AADFC62967821FA18DD4 | 3091A0E8514669700EE7508E508B1020\\ | |||
| 72E8123B2200A0563322DAD2827E2714\\ | ||||
| A2636B7BFD18AADFC62967821FA18DD4 | ||||
| Public key is | The public key is | |||
| X = 0x115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1815B5C320C854621DD\\ | X = 0x115DC5BC96760C7B48598D8AB9E740D4\\ | |||
| 5A515856D13314AF69BC5B924C8B4DDFF75C45415C1D9DD9DD33612CD530EFE1 | C4A85A65BE33C1815B5C320C854621DD\\ | |||
| Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0E2634FA0503B3D52639F5D7FB72AFD61\\ | 5A515856D13314AF69BC5B924C8B4DDF\\ | |||
| EA199441D943FFE7F0C70A2759A3CDB84C114E1F9339FDF27F35ECA93677BEEC | F75C45415C1D9DD9DD33612CD530EFE1 | |||
| Y = 0x37C7C90CD40B0F5621DC3AC1B751CFA0\\ | ||||
| E2634FA0503B3D52639F5D7FB72AFD61\\ | ||||
| EA199441D943FFE7F0C70A2759A3CDB8\\ | ||||
| 4C114E1F9339FDF27F35ECA93677BEEC | ||||
| D.3.1. Certificate Request | D.3.1. Certificate Request | |||
| -----BEGIN CERTIFICATE REQUEST----- | -----BEGIN CERTIFICATE REQUEST----- | |||
| MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG | MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGxlMIGgMBcGCCqFAwcBAQECMAsG | |||
| CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR | CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVxBRVz3302LTJJbvGmvFDPRVlhR | |||
| Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R | Wt0hRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xV0R7L53NqnsNX/y/TmTH04R | |||
| TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH | TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY1I9O1CgT2PioM9Rt8E63CFWDwvUDMnH | |||
| N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q | N6AAMAoGCCqFAwcBAQMDA4GBAEM7HWzkClHx5XN+sWqixoOCmkBbnZEn4hJg/J1q | |||
| wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e | wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L1OXr6HZRVgvhvpgoIEJGiPdeV4e | |||
| skipping to change at page 31, line 6 ¶ | skipping to change at line 1380 ¶ | |||
| Appendix E. GOST R 34.10-2012 Test Parameters (Curve Definition) | Appendix E. GOST R 34.10-2012 Test Parameters (Curve Definition) | |||
| The following parameters must be used for digital signature | The following parameters must be used for digital signature | |||
| generation and verification. | generation and verification. | |||
| E.1. Elliptic Curve Modulus | E.1. Elliptic Curve Modulus | |||
| The following value is assigned to parameter p in this example: | The following value is assigned to parameter p in this example: | |||
| p = 36239861022290036359077887536838743060213209255346786050\\ | p = 36239861022290036359077887536838743060213209255346786050\\ | |||
| 8654615045085616662400248258848202227149685402509082360305\\ | 86546150450856166624002482588482022271496854025090823603\\ | |||
| 8735163734263822371964987228582907372403, | 058735163734263822371964987228582907372403 | |||
| p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ | p = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C\\ | |||
| F1D852741AF4704A0458047E80E4546D35B8336FAC224DD81664BBF528BE6373. | 09B5D2D15DF1D852741AF4704A0458047E80E4546D35B8336FAC22\\ | |||
| 4DD81664BBF528BE6373 | ||||
| E.2. Elliptic Curve Coefficients | E.2. Elliptic Curve Coefficients | |||
| Parameters a and b take the following values in this example: | Parameters a and b take the following values in this example: | |||
| a = 7, | a = 7 | |||
| a = 0x7, | a = 0x7 | |||
| b = 1518655069210828534508950034714043154928747527740206436\\ | b = 15186550692108285345089500347140431549287475277402064361\\ | |||
| 1940188233528099824437937328297569147859746748660416053978836775\\ | 94018823352809982443793732829756914785974674866041605397\\ | |||
| 96626326413990136959047435811826396, | 883677596626326413990136959047435811826396 | |||
| b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B649ECA1AC4\\ | b = 0x1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B6\\ | |||
| 361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD6897FAD0A3084F302ADC. | 49ECA1AC4361834013B2AD7322480A89CA58E0CF74BC9E540C2ADD\\ | |||
| 6897FAD0A3084F302ADC | ||||
| E.3. Elliptic Curve Points Group Order | E.3. Elliptic Curve Points Group Order | |||
| Parameter m takes the following value in this example: | Parameter m takes the following value in this example: | |||
| m = 36239861022290036359077887536838743060213209255346786050865461\\ | m = 36239861022290036359077887536838743060213209255346786050\\ | |||
| 504508561666239691648983050328630684999614040794379365854558651922\\ | 86546150450856166623969164898305032863068499961404079437\\ | |||
| 12970734808812618120619743, | 936585455865192212970734808812618120619743 | |||
| m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ | m = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C\\ | |||
| A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. | 09B5D2D15DA82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23\\ | |||
| C595D644AAF187E6E6DF | ||||
| E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group | E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group | |||
| Parameter q takes the following value in this example: | Parameter q takes the following value in this example: | |||
| q = 36239861022290036359077887536838743060213209255346786050865461\\ | q = 36239861022290036359077887536838743060213209255346786050\\ | |||
| 504508561666239691648983050328630684999614040794379365854558651922\\ | 86546150450856166623969164898305032863068499961404079437\\ | |||
| 12970734808812618120619743, | 936585455865192212970734808812618120619743 | |||
| q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C09B5D2D15D\\ | q = 0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04D4EB7C\\ | |||
| A82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23C595D644AAF187E6E6DF. | 09B5D2D15DA82F2D7ECB1DBAC719905C5EECC423F1D86E25EDBE23\\ | |||
| C595D644AAF187E6E6DF | ||||
| E.5. Elliptic Curve Point Coordinates | E.5. Elliptic Curve Point Coordinates | |||
| Point P coordinates take the following values in this example: | Point P coordinates take the following values in this example: | |||
| x = 1928356944067022849399309401243137598997786635459507974357075491\\ | x = 19283569440670228493993094012431375989977866354595079743\\ | |||
| 307766592685835441065557681003184874819658004903212332884252335830\\ | 57075491307766592685835441065557681003184874819658004903\\ | |||
| 250729527632383493573274, | 212332884252335830250729527632383493573274 | |||
| x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F91093A68CD762\\ | ||||
| FD60611262CD838DC6B60AA7EEE804E28BC849977FAC33B4B530F1B120248A9A, | ||||
| y = 22887286933719728599700121555294784163535623273295061803\\ | ||||
| 144974259311028603015728141419970722717088070665938506503341523818\\ | ||||
| 57347798885864807605098724013854, | ||||
| y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447C259F39B2\\ | ||||
| C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24640B6DBB92CB1ADD371E. | ||||
| Appendix F. Contributors | ||||
| * Semen Pianov | ||||
| InfoTeCS JSC | ||||
| Semen.Pianov@infotecs.ru | x = 0x24D19CC64572EE30F396BF6EBBFD7A6C5213B3B3D7057CC825F910\\ | |||
| 93A68CD762FD60611262CD838DC6B60AA7EEE804E28BC849977FAC\\ | ||||
| 33B4B530F1B120248A9A | ||||
| * Ekaterina Karelina | y = 22887286933719728599700121555294784163535623273295061803\\ | |||
| 14497425931102860301572814141997072271708807066593850650\\ | ||||
| 334152381857347798885864807605098724013854 | ||||
| InfoTeCS JSC | y = 0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447\\ | |||
| C259F39B2C83AB156D77F1496BF7EB3351E1EE4E43DC1A18B91B24\\ | ||||
| 640B6DBB92CB1ADD371E | ||||
| Ekaterina.Karelina@infotecs.ru | Contributors | |||
| * Dmitry Belyavsky | Semen Pianov | |||
| InfoTeCS JSC | ||||
| Email: Semen.Pianov@infotecs.ru | ||||
| Cryptocom | Ekaterina Karelina | |||
| InfoTeCS JSC | ||||
| Email: Ekaterina.Karelina@infotecs.ru | ||||
| beldmit@gmail.com | Dmitry Belyavsky | |||
| Cryptocom | ||||
| Email: beldmit@gmail.com | ||||
| Authors' Addresses | Authors' Addresses | |||
| Dmitry Baryshkov (editor) | Dmitry Baryshkov (editor) | |||
| Linaro Ltd. | Linaro Ltd. | |||
| Harston Mill Royston Rd | Harston Mill Royston Rd | |||
| Harston, Cambridge | Harston, Cambridge | |||
| CB22 7GG | CB22 7GG | |||
| United Kingdom | United Kingdom | |||
| Email: dbaryshkov@gmail.com | Email: dbaryshkov@gmail.com | |||
| Vasily Nikolaev | Vasily Nikolaev | |||
| CryptoPro | CryptoPro | |||
| 18, Suschevsky val | 18, Suschevsky val | |||
| Moscow | Moscow | |||
| 127018 | 127018 | |||
| Russian Federation | Russian Federation | |||
| Phone: +7 (495) 995-48-20 | Phone: +7 (495) 995-48-20 | |||
| Email: nikolaev@cryptopro.ru | Email: nikolaev@cryptopro.ru | |||
| Aleksandr Chelpanov | Aleksandr Chelpanov | |||
| InfoTeCS JSC | InfoTeCS JSC | |||
| Bldg. 1, 1/23, Stary Petrovsko-Razumovskiy Proezd | ||||
| Moscow | ||||
| 127287 | ||||
| Russian Federation | ||||
| Phone: +7 (495) 737-61-92 | ||||
| Email: Aleksandr.Chelpanov@infotecs.ru | Email: Aleksandr.Chelpanov@infotecs.ru | |||
| End of changes. 178 change blocks. | ||||
| 531 lines changed or deleted | 546 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||