92 lines
3.3 KiB
Plaintext
92 lines
3.3 KiB
Plaintext
|
Tech Note 0006
|
||
|
PK Standards Compliance
|
||
|
Tom St Denis
|
||
|
|
||
|
RSA
|
||
|
----
|
||
|
|
||
|
PKCS #1 compliance.
|
||
|
|
||
|
Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
|
||
|
Encryption: OAEP as per PKCS #1
|
||
|
Signature : PSS as per PKCS #1
|
||
|
|
||
|
DSA
|
||
|
----
|
||
|
|
||
|
The NIST DSA algorithm
|
||
|
|
||
|
Key Format: HomeBrew [see below]
|
||
|
Signature : ANSI X9.62 format [see below].
|
||
|
|
||
|
Keys are stored as
|
||
|
|
||
|
DSAPublicKey ::= SEQUENCE {
|
||
|
publicFlags BIT STRING(1), -- must be 0
|
||
|
g INTEGER , -- base generator, check that g^q mod p == 1
|
||
|
-- and that 1 < g < p - 1
|
||
|
p INTEGER , -- prime modulus
|
||
|
q INTEGER , -- order of sub-group (must be prime)
|
||
|
y INTEGER , -- public key, specifically, g^x mod p,
|
||
|
-- check that y^q mod p == 1
|
||
|
-- and that 1 < y < p - 1
|
||
|
}
|
||
|
|
||
|
DSAPrivateKey ::= SEQUENCE {
|
||
|
publicFlags BIT STRING(1), -- must be 1
|
||
|
g INTEGER , -- base generator, check that g^q mod p == 1
|
||
|
-- and that 1 < g < p - 1
|
||
|
p INTEGER , -- prime modulus
|
||
|
q INTEGER , -- order of sub-group (must be prime)
|
||
|
y INTEGER , -- public key, specifically, g^x mod p,
|
||
|
-- check that y^q mod p == 1
|
||
|
-- and that 1 < y < p - 1
|
||
|
x INTEGER -- private key
|
||
|
}
|
||
|
|
||
|
Signatures are stored as
|
||
|
|
||
|
DSASignature ::= SEQUENCE {
|
||
|
r, s INTEGER -- signature parameters
|
||
|
}
|
||
|
|
||
|
ECC
|
||
|
----
|
||
|
|
||
|
The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves.
|
||
|
|
||
|
Key Format : Homebrew [see below, only GF(p) NIST curves supported]
|
||
|
Signature : X9.62 compliant
|
||
|
Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
|
||
|
Shared Secret: X9.63 compliant
|
||
|
|
||
|
ECCPublicKey ::= SEQUENCE {
|
||
|
flags BIT STRING(1), -- public/private flag (always zero),
|
||
|
keySize INTEGER, -- Curve size (in bits) divided by eight
|
||
|
-- and rounded down, e.g. 521 => 65
|
||
|
pubkey.x INTEGER, -- The X co-ordinate of the public key point
|
||
|
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
|
||
|
}
|
||
|
|
||
|
ECCPrivateKey ::= SEQUENCE {
|
||
|
flags BIT STRING(1), -- public/private flag (always one),
|
||
|
keySize INTEGER, -- Curve size (in bits) divided by eight
|
||
|
-- and rounded down, e.g. 521 => 65
|
||
|
pubkey.x INTEGER, -- The X co-ordinate of the public key point
|
||
|
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
|
||
|
secret.k INTEGER, -- The secret key scalar
|
||
|
}
|
||
|
|
||
|
The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size
|
||
|
of the hash digest]. The format of the encrypted text is as follows
|
||
|
|
||
|
ECCEncrypted ::= SEQUENCE {
|
||
|
hashOID OBJECT IDENTIFIER, -- The OID of the hash used
|
||
|
pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey
|
||
|
skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against)
|
||
|
}
|
||
|
|
||
|
% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $
|
||
|
% $Revision: 1.2 $
|
||
|
% $Date: 2005/06/18 02:26:27 $
|