summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2001-01-10 13:50:25 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2001-01-10 13:50:25 +0000
commit0eb4a09aed26ca5bf7ca45f74b374ad0006a27ac (patch)
tree5c672b5ff12a36409f088d9854d26a24ad0bd00c /doc
parent613fa2c7c6b6693911aff96b146fc12094c20ca3 (diff)
downloadgnutls-0eb4a09aed26ca5bf7ca45f74b374ad0006a27ac.tar.gz
*** empty log message ***
Diffstat (limited to 'doc')
-rw-r--r--doc/rfc1423.txt787
1 files changed, 787 insertions, 0 deletions
diff --git a/doc/rfc1423.txt b/doc/rfc1423.txt
new file mode 100644
index 0000000000..35d0e01bef
--- /dev/null
+++ b/doc/rfc1423.txt
@@ -0,0 +1,787 @@
+
+
+
+
+
+
+Network Working Group D. Balenson
+Request for Comments: 1423 TIS
+Obsoletes: 1115 IAB IRTF PSRG, IETF PEM WG
+ February 1993
+
+
+ Privacy Enhancement for Internet Electronic Mail:
+ Part III: Algorithms, Modes, and Identifiers
+
+Status of This Memo
+
+ This RFC specifies an IAB standards track protocol for the Internet
+ community, and requests discussion and suggestions for improvements.
+ Please refer to the current edition of the "IAB Official Protocol
+ Standards" for the standardization state and status of this protocol.
+ Distribution of this memo is unlimited.
+
+Abstract
+
+ This document provides definitions, formats, references, and
+ citations for cryptographic algorithms, usage modes, and associated
+ identifiers and parameters used in support of Privacy Enhanced Mail
+ (PEM) in the Internet community. It is intended to become one member
+ of the set of related PEM RFCs. This document is organized into four
+ primary sections, dealing with message encryption algorithms, message
+ integrity check algorithms, symmetric key management algorithms, and
+ asymmetric key management algorithms (including both asymmetric
+ encryption and asymmetric signature algorithms).
+
+ Some parts of this material are cited by other documents and it is
+ anticipated that some of the material herein may be changed, added,
+ or replaced without affecting the citing documents. Therefore,
+ algorithm-specific material has been placed into this separate
+ document.
+
+ Use of other algorithms and/or modes will require case-by-case study
+ to determine applicability and constraints. The use of additional
+ algorithms may be documented first in Prototype or Experimental RFCs.
+ As experience is gained, these protocols may be considered for
+ incorporation into the standard. Additional algorithms and modes
+ approved for use in PEM in this context will be specified in
+ successors to this document.
+
+Acknowledgments
+
+ This specification was initially developed by the Internet Research
+ Task Force's Privacy and Security Research Group (IRTF PSRG) and
+ subsequently refined based on discussion in the Internet Engineering
+
+
+
+Balenson [Page 1]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ Task Force's Privacy Enhanced Mail Working Group (IETF PEM WG). John
+ Linn contributed significantly to the predecessor of this document
+ (RFC 1115). I would like to thank the members of the PSRG and PEM
+ WG, as well as all participants in discussions on the "pem-
+ dev@tis.com" mailing list, for their contributions to this document.
+
+Table of Contents
+
+ 1. Message Encryption Algorithms ....................... 2
+ 1.1 DES in CBC Mode (DES-CBC) .......................... 2
+ 2. Message Integrity Check Algorithms .................. 4
+ 2.1 RSA-MD2 Message Digest Algorithm ................... 4
+ 2.2 RSA-MD5 Message Digest Algorithm ................... 5
+ 3. Symmetric Key Management Algorithms ................. 6
+ 3.1 DES in ECB mode (DES-ECB) .......................... 6
+ 3.2 DES in EDE mode (DES-EDE) .......................... 7
+ 4. Asymmetric Key Management Algorithms ................ 7
+ 4.1 Asymmetric Keys .................................... 7
+ 4.1.1 RSA Keys ......................................... 7
+ 4.2 Asymmetric Encryption Algorithms .................. 9
+ 4.2.1 RSAEncryption ................................... 9
+ 4.3 Asymmetric Signature Algorithms ................... 10
+ 4.3.1 md2WithRSAEncryption ............................ 11
+ 5. Descriptive Grammar ................................ 11
+ References ............................................. 12
+ Patent Statement ....................................... 13
+ Security Considerations ................................ 14
+ Author's Address ....................................... 14
+
+1. Message Encryption Algorithms
+
+ This section identifies the alternative message encryption algorithms
+ and modes that shall be used to encrypt message text and, when
+ asymmetric key management is employed in an ENCRYPTED PEM message, for
+ encryption of message signatures. Character string identifiers are
+ assigned and any parameters required by the message encryption
+ algorithm are defined for incorporation in an encapsulated "DEK-
+ Info:" header field.
+
+ Only one alternative is currently defined in this category.
+
+1.1 DES in CBC Mode (DES-CBC)
+
+ Message text and, if required, message signatures are encrypted using
+ the Data Encryption Standard (DES) algorithm in the Cipher Block
+ Chaining (CBC) mode of operation. The DES algorithm is defined in
+ FIPS PUB 46-1 [1], and is equivalent to the Data Encryption Algorithm
+ (DEA) provided in ANSI X3.92-1981 [2]. The CBC mode of operation of
+
+
+
+Balenson [Page 2]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ DES is defined in FIPS PUB 81 [3], and is equivalent to those
+ provided in ANSI X3.106 [4] and in ISO IS 8372 [5]. The character
+ string "DES-CBC" within an encapsulated PEM header field indicates
+ the use of this algorithm/mode combination.
+
+ The input to the DES CBC encryption process shall be padded to a
+ multiple of 8 octets, in the following manner. Let n be the length
+ in octets of the input. Pad the input by appending 8-(n mod 8)
+ octets to the end of the message, each having the value 8-(n mod 8),
+ the number of octets being added. In hexadecimal, the possible
+ paddings are: 01, 0202, 030303, 04040404, 0505050505, 060606060606,
+ 07070707070707, and 0808080808080808. All input is padded with 1 to
+ 8 octets to produce a multiple of 8 octets in length. The padding
+ can be removed unambiguously after decryption.
+
+ The DES CBC encryption process requires a 64-bit cryptographic key.
+ A new, pseudorandom key shall be generated for each ENCRYPTED PEM
+ message. Of the 64 bits, 56 are used directly by the DES CBC
+ process, and 8 are odd parity bits, with one parity bit occupying the
+ right-most bit of each octet. When symmetric key management is
+ employed, the setting and checking of odd parity bits is encouraged,
+ since these bits could detect an error in the decryption of a DES key
+ encrypted under a symmetric key management algorithm (e.g., DES ECB).
+ When asymmetric key management is employed, the setting of odd parity
+ bits is encouraged, but the checking of odd parity bits is
+ discouraged, in order to facilitate interoperability, and since an
+ error in the decryption of a DES key can be detected by other means
+ (e.g., an incorrect PKCS #1 encryption-block format). In all cases,
+ the encrypted form of a DES key shall carry all 64 bits of the key,
+ including the 8 parity bits, though those bits may have no meaning.
+
+ The DES CBC encryption process also requires a 64-bit Initialization
+ Vector (IV). A new, pseudorandom IV shall be generated for each
+ ENCRYPTED PEM message. Section 4.3.1 of [7] provides rationale for
+ this requirement, even given the fact that individual DES keys are
+ generated for individual messages. The IV is transmitted with the
+ message within an encapsulated PEM header field.
+
+ When this algorithm/mode combination is used for message text
+ encryption, the "DEK-Info:" header field carries exactly two
+ arguments. The first argument identifies the DES CBC algorithm/mode
+ using the character string defined above. The second argument
+ contains the IV, represented as a contiguous string of 16 ASCII
+ hexadecimal digits.
+
+ When symmetric key management is employed with this algorithm/mode
+ combination, a symmetrically encrypted DES key will be represented in
+ the third argument of a "Key-Info:" header field as a contiguous
+
+
+
+Balenson [Page 3]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ string of 16 ASCII hexadecimal digits (corresponding to a 64-bit
+ key).
+
+ To avoid any potential ambiguity regarding the ordering of the octets
+ of a DES key that is input as a data value to another encryption
+ process (e.g., RSAEncryption), the following holds true. The first
+ (or left-most displayed, if one thinks in terms of a key's "print"
+ representation) (For purposes of discussion in this document, data
+ values are normalized in terms of their "print" representation. For a
+ octet stream, the "first" octet would appear as the one on the "left",
+ and the "last" octet would appear on the "right".) octet of the key
+ (i.e., bits 1-8 per FIPS PUB 46-1), when considered as a data value,
+ has numerical weight 2**56. The last (or right-most displayed) octet
+ (i.e., bits 57-64 per FIPS PUB 46-1) has numerical weight 2**0.
+
+2. Message Integrity Check Algorithms
+
+ This section identifies the alternative algorithms that shall be used
+ to compute Message Integrity Check (MIC) values for PEM messages.
+ Character string identifiers and ASN.1 object identifiers are
+ assigned for incorporation in encapsulated "MIC-Info:" and "Key-
+ Info:" header fields to indicate the choice of MIC algorithm
+ employed.
+
+ A compliant PEM implementation shall be able to process all of the
+ alternative MIC algorithms defined here on incoming messages. It is
+ a sender option as to which alternative is employed on an outbound
+ message.
+
+2.1 RSA-MD2 Message Digest Algorithm
+
+ The RSA-MD2 message digest is computed using the algorithm defined in
+ RFC 1319 [9]. ( An error has been identified in RFC 1319. The
+ statement in the text of Section 3.2 which reads "Set C[j] to S[c xor
+ L]" should read "Set C[j] to S[c xor L] xor C[j]". Note that the C
+ source code in the appendix of RFC 1319 is correct.) The character
+ string "RSA-MD2" within an encapsulated PEM header field indicates the
+ use of this algorithm. Also, as defined in RFC 1319, the ASN.1 object
+ identifier
+
+ md2 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) US(840) rsadsi(113549)
+ digestAlgorithm(2) 2
+ }
+
+ identifies this algorithm. When this object identifier is used with
+ the ASN.1 type AlgorithmIdentifier, the parameters component of that
+ type is the ASN.1 type NULL.
+
+
+
+Balenson [Page 4]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ The RSA-MD2 message digest algorithm accepts as input a message of
+ any length and produces as output a 16-octet quantity. When
+ symmetric key management is employed, an RSA-MD2 MIC is encrypted by
+ splitting the MIC into two 8-octet halves, independently encrypting
+ each half, and concatenating the results.
+
+ When symmetric key management is employed with this MIC algorithm,
+ the symmetrically encrypted MD2 message digest is represented in a
+ the fourth argument of a "Key-Info:" header field as a contiguous
+ string of 32 ASCII hexadecimal digits (corresponding to a 128-bit MD2
+ message digest).
+
+ To avoid any potential ambiguity regarding the ordering of the octets
+ of an MD2 message digest that is input as a data value to another
+ encryption process (e.g., RSAEncryption), the following holds true.
+ The first (or left-most displayed, if one thinks in terms of a
+ digest's "print" representation) octet of the digest (i.e., digest[0]
+ as specified in RFC 1319), when considered as an RSA data value, has
+ numerical weight 2**120. The last (or right-most displayed) octet
+ (i.e., digest[15] as specified in RFC 1319) has numerical weight
+ 2**0.
+
+2.2 RSA-MD5 Message Digest Algorithm
+
+ The RSA-MD5 message digest is computed using the algorithm defined in
+ RFC 1321 [10]. The character string "RSA-MD5" within an encapsulated
+ PEM header field indicates the use of this algorithm. Also, as
+ defined in RFC 1321, the object identifier
+
+ md5 OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) US(840) rsadsi(113549)
+ digestAlgorithm(2) 5
+ }
+
+ identifies this algorithm. When this object identifier is used with
+ the ASN.1 type AlgorithmIdentifier, the parameters component of that
+ type is the ASN.1 type NULL.
+
+ The RSA-MD5 message digest algorithm accepts as input a message of
+ any length and produces as output a 16-octet quantity. When
+ symmetric key management is employed, an RSA-MD5 MIC is encrypted by
+ splitting the MIC into two 8-octet halves, independently encrypting
+ each half, and concatenating the results.
+
+ When symmetric key management is employed with this MIC algorithm,
+ the symmetrically encrypted MD5 message digest is represented in the
+ fourth argument of a "Key-Info:" header field as a contiguous string
+ of 32 ASCII hexadecimal digits (corresponding to a 128-bit MD5
+
+
+
+Balenson [Page 5]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ message digest).
+
+ To avoid any potential ambiguity regarding the ordering of the octets
+ of a MD5 message digest that is input as an RSA data value to the RSA
+ encryption process, the following holds true. The first (or left-
+ most displayed, if one thinks in terms of a digest's "print"
+ representation) octet of the digest (i.e., the low-order octet of A
+ as specified in RFC 1321), when considered as an RSA data value, has
+ numerical weight 2**120. The last (or right-most displayed) octet
+ (i.e., the high-order octet of D as specified in RFC 1321) has
+ numerical weight 2**0.
+
+3. Symmetric Key Management Algorithms
+
+ This section identifies the alternative algorithms and modes that
+ shall be used when symmetric key management is employed, to encrypt
+ data encryption keys (DEKs) and message integrity check (MIC) values.
+ Character string identifiers are assigned for incorporation in
+ encapsulated "Key-Info:" header fields to indicate the choice of
+ algorithm employed.
+
+ All alternatives presently defined in this category correspond to
+ different usage modes of the DES algorithm, rather than to other
+ algorithms.
+
+ When symmetric key management is employed, the symmetrically
+ encrypted DEK and MIC, carried in the third and fourth arguments of a
+ "Key-Info:" header field, respectively, are each represented as a
+ string of contiguous ASCII hexadecimal digits. The manner in which
+ to use the following symmetric encryption algorithms and the length
+ of the symmetrically encrypted DEK and MIC may vary depending on the
+ length of the underlying DEK and MIC. Section 1, Message Encryption
+ Algorithms, and Section 2, Message Integrity Check Algorithms,
+ provide information on the proper manner in which a DEK and MIC,
+ respectively, are symmetrically encrypted when the size of the DEK or
+ MIC is not equal to the symmetric encryption algorithm's input block
+ size. These sections also provide information on the proper format
+ and length of the symmetrically encrypted DEK and MIC, respectively.
+
+3.1 DES in ECB Mode (DES-ECB)
+
+ The DES algorithm in Electronic Codebook (ECB) mode [1][3] is used
+ for DEK and MIC encryption when symmetric key management is employed.
+ The character string "DES-ECB" within an encapsulated PEM header
+ field indicates use of this algorithm/mode combination.
+
+ A compliant PEM implementation supporting symmetric key management
+ shall support this algorithm/mode combination.
+
+
+
+Balenson [Page 6]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+3.2 DES in EDE Mode (DES-EDE)
+
+ The DES algorithm in Encrypt-Decrypt-Encrypt (EDE) multiple
+ encryption mode, as defined by ANSI X9.17 [6] for encryption and
+ decryption with pairs of 64-bit keys, may be used for DEK and MIC
+ encryption when symmetric key management is employed. The character
+ string "DES-EDE" within an encapsulated a PEM header field indicates
+ use of this algorithm/mode combination.
+
+ A compliant PEM implementation supporting symmetric key management
+ may optionally support this algorithm/mode combination.
+
+4. Asymmetric Key Management Algorithms
+
+ This section identifies the alternative asymmetric keys and the
+ alternative asymmetric key management algorithms with which those
+ keys shall be used, namely the asymmetric encryption algorithms with
+ which DEKs and MICs are encrypted, and the asymmetric signature
+ algorithms with which certificates and certificate revocation lists
+ (CRLs) are signed.
+
+4.1 Asymmetric Keys
+
+ This section describes the asymmetric keys that shall be used with
+ the asymmetric encryption algorithms and the signature algorithms
+ described later. ASN.1 object identifiers are identified for
+ incorporation in a public-key certificate to identify the
+ algorithm(s) with which the accompanying public key is to be
+ employed.
+
+4.1.1 RSA Keys
+
+ An RSA asymmetric key pair is comprised of matching public and
+ private keys.
+
+ An RSA public key consists of an encryption exponent e and an
+ arithmetic modulus n, which are both public quantities typically
+ carried in a public-key certificate. For the value of e, Annex C to
+ X.509 suggests the use of Fermat's Number F4 (65537 decimal, or
+ 1+2**16) as a value "common to the whole environment in order to
+ reduce transmission capacity and complexity of transformation", i.e.,
+ the value can be transmitted as 3 octets and at most seventeen (17)
+ multiplications are required to effect exponentiation. As an
+ alternative, the number three (3) can be employed as the value for e,
+ requiring even less octets for transmission and yielding even faster
+ exponentiation. For purposes of PEM, the value of e shall be either
+ F4 or the number three (3). The use of the number three (3) for the
+ value of e is encouraged, to permit rapid certificate validation.
+
+
+
+Balenson [Page 7]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ An RSA private key consists of a decryption exponent d, which should
+ be kept secret, and the arithmetic modulus n. Other values may be
+ stored with a private key to facilitate efficient private key
+ operations (see PKCS #1 [11]).
+
+ For purposes of PEM, the modulus n may vary in size from 508 to 1024
+ bits.
+
+ Two ASN.1 object identifiers have been defined to identify RSA public
+ keys. In Annex H of X.509 [8], the object identifier
+
+ rsa OBJECT IDENTIFIER ::= {
+ joint-iso-ccitt(2) ds(5) algorithm(8)
+ encryptionAlgorithm(1) 1
+ }
+
+ is defined to identify an RSA public key. A single parameter,
+ KeySize, the length of the public key modulus in bits, is defined for
+ use in conjunction with this object identifier. When this object
+ identifier is used with the ASN.1 type AlgorithmIdentifier, the
+ parameters component of that type is the number of bits in the
+ modulus, ASN.1 encoded as an INTEGER.
+
+ Alternatively, in PKCS #1 [11], the ASN.1 object identifier
+
+ rsaEncryption OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1)
+ pkcs-1(1) 1
+ }
+
+ is defined to identify both an RSA public key and the RSAEncryption
+ process. There are no parameters defined in conjunction with this
+ object identifier, hence, when it is used with the ASN.1 type
+ AlgorithmIdentifier, the parameters component of that type is the
+ ASN.1 type NULL.
+
+ A compliant PEM implementation may optionally generate an RSA
+ public-key certificate that identifies the enclosed RSA public key
+ (within the SubjectPublicKeyInformation component) with either the
+ "rsa" or the "rsaEncryption" object identifier. Use of the "rsa"
+ object identifier is encouraged, since it is, in some sense, more
+ generic in its identification of a key, without indicating how the
+ key will be used. However, to facilitate interoperability, a
+ compliant PEM implementation shall accept RSA public-key certificates
+ that identify the enclosed RSA public key with either the "rsa" or
+ the "rsaEncryption" object identifier. In all cases, an RSA public
+ key identified in an RSA public-key certificate with either the "rsa"
+ or "rsaEncryption" object identifier, shall be used according to the
+
+
+
+Balenson [Page 8]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ procedures defined below for asymmetric encryption algorithms and
+ asymmetric signature algorithms.
+
+4.2 Asymmetric Encryption Algorithms
+
+ This section identifies the alternative algorithms that shall be used
+ when asymmetric key management is employed, to encrypt DEKs and MICs.
+ Character string identifiers are assigned for incorporation in "MIC-
+ Info:" and "Key-Info:" header fields to indicate the choice of
+ algorithm employed.
+
+ Only one alternative is presently defined in this category.
+
+4.2.1 RSAEncryption
+
+ The RSAEncryption public-key encryption algorithm, defined in PKCS #1
+ [11], is used for DEK and MIC encryption when asymmetric key
+ management is employed. The character string "RSA" within a "MIC-
+ Info:" or "Key-Info:" header field indicates the use of this
+ algorithm.
+
+ All PEM implementations supporting asymmetric key management shall
+ support this algorithm.
+
+ As described in PKCS #1, all quantities input as data values to the
+ RSAEncryption process shall be properly justified and padded to the
+ length of the modulus prior to the encryption process. In general,
+ an RSAEncryption input value is formed by concatenating a leading
+ NULL octet, a block type BT, a padding string PS, a NULL octet, and
+ the data quantity D, that is,
+
+ RSA input value = 0x00 || BT || PS || 0x00 || D.
+
+ To prepare a DEK for RSAEncryption, the PKCS #1 "block type 02"
+ encryption-block formatting scheme is employed. The block type BT is
+ a single octet containing the value 0x02 and the padding string PS is
+ one or more octets (enough octets to make the length of the complete
+ RSA input value equal to the length of the modulus) each containing a
+ pseudorandomly generated, non-zero value. For multiple recipient
+ messages, a different, pseudorandom padding string should be used for
+ each recipient. The data quantity D is the DEK itself, which is
+ right-justified within the RSA input such that the last (or rightmost
+ displayed, if one thinks in terms of the "print" representation)
+ octet of the DEK is aligned with the right-most, or least-
+ significant, octet of the RSA input. Proceeding to the left, each of
+ the remaining octets of the DEK, up through the first (or left-most
+ displayed) octet, are each aligned in the next more significant octet
+ of the RSA input.
+
+
+
+Balenson [Page 9]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ To prepare a MIC for RSAEncryption, the PKCS #1 "block type 01"
+ encryption-block formatting scheme is employed. The block type BT is
+ a single octet containing the value 0x01 and the padding string PS is
+ one or more octets (enough octets to make the length of the complete
+ RSA input value equal to the length of the modulus) each containing
+ the value 0xFF. The data quantity D is comprised of the MIC and the
+ MIC algorithm identifier which are ASN.1 encoded as the following
+ sequence.
+
+ SEQUENCE {
+ digestAlgorithm AlgorithmIdentifier,
+ digest OCTET STRING
+ }
+
+ The ASN.1 type AlgorithmIdentifier is defined in X.509 as follows.
+
+ AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+ }
+
+ An RSA input block is encrypted using the RSA algorithm with the
+ first (or left-most) octet taken as the most significant octet, and
+ the last (or right-most) octet taken as the least significant octet.
+ The resulting RSA output block is interpreted in a similar manner.
+
+ When RSAEncryption is used to encrypt a DEK, the second argument in a
+ "MIC-Info:" header field, an asymmetrically encrypted DEK, is
+ represented using the printable encoding technique defined in Section
+ 4.3.2.4 of RFC 1421 [12].
+
+ When RSAEncryption is used to sign a MIC, the third argument in a
+ "MIC-Info:" header field, an asymmetrically signed MIC, is
+ represented using the printable encoding technique defined in Section
+ 4.3.2.4 of RFC 1421.
+
+4.3 Asymmetric Signature Algorithms
+
+ This section identifies the alternative algorithms which shall be
+ used to asymmetrically sign certificates and certificate revocation
+ lists (CRLs) in accordance with the SIGNED macro defined in Annex G
+ of X.509. ASN.1 object identifiers are identified for incorporation
+ in certificates and CRLs to indicate the choice of algorithm
+ employed.
+
+ Only one alternative is presently defined in this category.
+
+
+
+
+
+Balenson [Page 10]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+4.3.1 md2WithRSAEncryption
+
+ The md2WithRSAEncryption signature algorithm is used to sign
+ certificates and CRLs. The algorithm is defined in PKCS #1 [11]. It
+ combines the RSA-MD2 message digest algorithm described here in
+ Section 2.2 with the RSAEncryption asymmetric encryption algorithm
+ described here in Section 4.2.1. As defined in PKCS #1, the ASN.1
+ object identifier
+
+ md2WithRSAEncryption OBJECT IDENTIFIER ::= {
+ iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1)
+ pkcs-1(1) 2
+ }
+
+ identifies this algorithm. When this object identifier is used with
+ the ASN.1 type AlgorithmIdentifier, the parameters component of that
+ type is the ASN.1 type NULL.
+
+ There is some ambiguity in X.509 regarding the definition of the
+ SIGNED macro and, in particular, the representation of a signature in
+ a certificate or a CRL. The interpretation selected for PEM requires
+ that the data to be signed (in our case, an MD2 message digest) is
+ first ASN.1 encoded as an OCTET STRING and the result is encrypted
+ (in our case, using RSAEncryption) to form the signed quantity, which
+ is then ASN.1 encoded as a BIT STRING.
+
+5. Descriptive Grammar
+
+ ; Addendum to PEM BNF representation, using RFC 822 notation
+ ; Provides specification for official PEM cryptographic algorithms,
+ ; modes, identifiers and formats.
+
+ ; Imports <hexchar> and <encbin> from RFC [1421]
+
+ <dekalgid> ::= "DES-CBC"
+ <ikalgid> ::= "DES-EDE" / "DES-ECB" / "RSA"
+ <sigalgid> ::= "RSA"
+ <micalgid> ::= "RSA-MD2" / "RSA-MD5"
+
+ <dekparameters> ::= <DESCBCparameters>
+ <DESCBCparameters> ::= <IV>
+ <IV> ::= <hexchar16>
+
+ <symencdek> ::= <DESECBencDESCBC> / <DESEDEencDESCBC>
+ <DESECBencDESCBC> ::= <hexchar16>
+ <DESEDEencDESCBC> ::= <hexchar16>
+
+ <symencmic> ::= <DESECBencRSAMD2> / <DESECBencRSAMD5>
+
+
+
+Balenson [Page 11]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ <DESECBencRSAMD2> ::= 2*2<hexchar16>
+ <DESECBencRSAMD5> ::= 2*2<hexchar16>
+
+ <asymsignmic> ::= <RSAsignmic>
+ <RSAsignmic> ::= <encbin>
+
+ <asymencdek> ::= <RSAencdek>
+ <RSAencdek> ::= <encbin>
+
+ <hexchar16> ::= 16*16<hexchar>
+
+References
+
+ [1] Federal Information Processing Standards Publication (FIPS PUB)
+ 46-1, Data Encryption Standard, Reaffirmed 1988 January 22
+ (supersedes FIPS PUB 46, 1977 January 15).
+
+ [2] ANSI X3.92-1981, American National Standard Data Encryption
+ Algorithm, American National Standards Institute, Approved 30
+ December 1980.
+
+ [3] Federal Information Processing Standards Publication (FIPS PUB)
+ 81, DES Modes of Operation, 1980 December 2.
+
+ [4] ANSI X3.106-1983, American National Standard for Information
+ Systems - Data Encryption Algorithm - Modes of Operation,
+ American National Standards Institute, Approved 16 May 1983.
+
+ [5] ISO 8372, Information Processing Systems: Data Encipherment:
+ Modes of Operation of a 64-bit Block Cipher.
+
+ [6] ANSI X9.17-1985, American National Standard, Financial
+ Institution Key Management (Wholesale), American Bankers
+ Association, April 4, 1985, Section 7.2.
+
+ [7] Voydock, V. L. and Kent, S. T., "Security Mechanisms in High-
+ Level Network Protocols", ACM Computing Surveys, Vol. 15, No. 2,
+ June 1983, pp. 135-171.
+
+ [8] CCITT Recommendation X.509, "The Directory - Authentication
+ Framework", November 1988, (Developed in collaboration, and
+ technically aligned, with ISO 9594-8).
+
+ [9] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, RSA
+ Laboratories, April 1992.
+
+ [10] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, MIT
+ Laboratory for Computer Science and RSA Data Security, Inc.,
+
+
+
+Balenson [Page 12]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ April 1992.
+
+ [11] PKCS #1: RSA Encryption Standard, Version 1.4, RSA Data Security,
+ Inc., June 3, 1991.
+
+ [12] Linn, J., "Privacy Enhancement for Internet Electronic Mail: Part
+ I: Message Encryption and Authentication Procedures", RFC 1421,
+ DEC, February 1993.
+
+ [13] Kent, S., "Privacy Enhancement for Internet Electronic Mail: Part
+ II: Certificate-Based Key Management", RFC 1422, BBN, February
+ 1993.
+
+ [14] Kaliski, B., "Privacy Enhancement for Internet Electronic Mail:
+ Part IV: Key Certification and Related Services", RFC 1424, RSA
+ Laboratories, February 1993.
+
+Patent Statement
+
+ This version of Privacy Enhanced Mail (PEM) relies on the use of
+ patented public key encryption technology for authentication and
+ encryption. The Internet Standards Process as defined in RFC 1310
+ requires a written statement from the Patent holder that a license
+ will be made available to applicants under reasonable terms and
+ conditions prior to approving a specification as a Proposed, Draft or
+ Internet Standard.
+
+ The Massachusetts Institute of Technology and the Board of Trustees
+ of the Leland Stanford Junior University have granted Public Key
+ Partners (PKP) exclusive sub-licensing rights to the following
+ patents issued in the United States, and all of their corresponding
+ foreign patents:
+
+ Cryptographic Apparatus and Method
+ ("Diffie-Hellman")............................... No. 4,200,770
+
+ Public Key Cryptographic Apparatus
+ and Method ("Hellman-Merkle").................... No. 4,218,582
+
+ Cryptographic Communications System and
+ Method ("RSA")................................... No. 4,405,829
+
+ Exponential Cryptographic Apparatus
+ and Method ("Hellman-Pohlig").................... No. 4,424,414
+
+ These patents are stated by PKP to cover all known methods of
+ practicing the art of Public Key encryption, including the variations
+ collectively known as El Gamal.
+
+
+
+Balenson [Page 13]
+
+RFC 1423 PEM: Algorithms, Modes and Identifiers February 1993
+
+
+ Public Key Partners has provided written assurance to the Internet
+ Society that parties will be able to obtain, under reasonable,
+ nondiscriminatory terms, the right to use the technology covered by
+ these patents. This assurance is documented in RFC 1170 titled
+ "Public Key Standards and Licenses". A copy of the written assurance
+ dated April 20, 1990, may be obtained from the Internet Assigned
+ Number Authority (IANA).
+
+ The Internet Society, Internet Architecture Board, Internet
+ Engineering Steering Group and the Corporation for National Research
+ Initiatives take no position on the validity or scope of the patents
+ and patent applications, nor on the appropriateness of the terms of
+ the assurance. The Internet Society and other groups mentioned above
+ have not made any determination as to any other intellectual property
+ rights which may apply to the practice of this standard. Any further
+ consideration of these matters is the user's own responsibility.
+
+Security Considerations
+
+ This entire document is about security.
+
+Author's Address
+
+ David Balenson
+ Trusted Information Systems
+ 3060 Washington Road
+ Glenwood, Maryland 21738
+
+ Phone: 301-854-6889
+ EMail: balenson@tis.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Balenson [Page 14]
+ \ No newline at end of file
View Lorry Controller Status