📄 draft-ietf-pkix-rsa-pkalgs-00.txt
字号:
implementations MAY support other one-way hash functions listed in section 2.1. The MGF1 algorithm identifier is comprised of the id-mgf1 object identifier and a parameter that contains the algorithm identifier of the one-way hash function employed with MGF1. The SHA-1 algorithm identifier is comprised of the id- sha1 object identifier and a parameter of NULL. Implementations that perform encryption MUST omit the maskGenFunc field when MGF1 with SHA-1 is used, indicating that the default algorithm was used. Implementations that perform decryption MUST recognize both the id-mgf1 and id-sha1 object identifiers as well as an absent maskGenFunc field as an indication that MGF1 with SHA-1 was used. pSourceFunc The pSourceFunc field identifies the source (and possibly the value) of the encoding parameters, commonly called P. Implementations MUST represent P by an algorithm identifier, id-pSpecified, indicating that P is explicitly provided as an OCTET STRING in the parameters. The default value for P is an empty string. In this case, pHash in EME-OAEP contains the hash of a zero length string. Implementations MUST support a zero length P value. Implementations that perform encryption MUST omit the pSourceFunc field when a zero length P value is used, indicating that the default value was used. Implementations that perform decryption MUST recognize both the id-pSpecified object identifier and an absent pSourceFunc field as an indication that a zero length P value was used. Implementations that perform decryption MUST support a zero length P value, and they MAY support other values. If the default values of the hashFunc, maskGenFunc, and pSourceFunc fields of RSAES-OAEP-params are used, then the algorithm identifier will have the following value: rSAES-OAEP-Default-Identifier AlgorithmIdentifier ::= { id-RSAES-OAEP, { sha1Identifier, mgf1SHA1Identifier, pSpecifiedEmptyIdentifier } }5 PKCS #1 Version 1.5 Signature Algorithm RFC 2313 [P1v1.5] specifies the PKCS #1 Version 1.5 signature algorithm. This specification is also included in PKCS #1 Version 2.1 [P1v2.1]. RFC 3279 [PKALGS] specifies the use of the PKCS #1 Version 1.5 signature algorithm with the MD2, MD5, and the SHA-1 one-Housley & Kaliski [Page 12]
INTERNET DRAFT December 2002 way hash functions. This section specifies the algorithm identifiers for using the SHA-256, SHA-384, and SHA-512 one-way hash functions with the PKCS #1 version 1.5 signature algorithm. The RSASSA-PSS signature algorithm is preferred over the PKCS #1 Version 1.5 signature algorithm. Although no attacks are known against PKCS #1 Version 1.5 signature algorithm, in the interest of increased robustness, RSASSA-PSS signature algorithm is recommended for eventual adoption, especially by new applications. This section is included for compatibility with existing applications, and while still appropriate for new applications, a gradual transition to the RSASSA-PSS signature algorithm is encouraged. The PKCS #1 Version 1.5 signature algorithm with these one-way hash functions and the RSA encryption algorithm is implemented using the padding and encoding conventions described in RFC 2313 [P1v1.5]. The message digest is computed using the SHA-256, SHA-384, or SHA-512 one-way hash function. The PKCS #1 version 1.5 signature algorithm, as specified in RFC 2313 includes a data encoding step. In this step, the message digest and the object identifier for the one-way hash function used to compute the message digest are combined. When performing the data encoding step, the id-sha256, id-sha384, and id-sha512 object identifiers (see section 2.1) MUST be used to specify the SHA-256, SHA-384, and SHA-512 one-way hash functions, respectively. The object identifier used to identify the PKCS #1 version 1.5 signature algorithm with SHA-256 is: sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } The object identifier used to identify the PKCS #1 version 1.5 signature algorithm with SHA-384 is: sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } The object identifier used to identify the PKCS #1 version 1.5 signature algorithm with SHA-512 is: sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } When any of these three object identifiers appears within an AlgorithmIdentifier, the parameters MUST be NULL. The RSA signature generation process and the encoding of the result is described in detail in RFC 2313 [P1v1.5].Housley & Kaliski [Page 13]
INTERNET DRAFT December 20026 ASN.1 Module PKIX1-PSS-OAEP-Algorithms { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs(TBD) } DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS All; IMPORTS AlgorithmIdentifier FROM PKIX1Explicit88 -- RFC 3280 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }; -- ============================ -- Basic object identifiers -- ============================ pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } -- When rsaEncryption is used in an AlgorithmIdentifier the -- parameters MUST be present and MUST be NULL. rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } -- When id-RSAES-OAEP is used in an AlgorithmIdentifier the -- parameters MUST be present and MUST be RSAES-OAEP-params. id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } -- When id-pSpecified is used in an AlgorithmIdentifier the -- parameters MUST be an OCTET STRING. id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 }Housley & Kaliski [Page 14]
INTERNET DRAFT December 2002 -- When id-RSASSA-PSS is used in an AlgorithmIdentifier the -- parameters MUST be present and MUST be RSASSA-PSS-params. id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } -- When id-mgf1 is used in an AlgorithmIdentifier the parameters -- MUST be present and MUST be a HashAlgorithm. id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } -- When the following OIDs are used in an AlgorithmIdentifier the -- parameters MUST be present and MUST be NULL. sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } -- When the following OIDs are used in an AlgorithmIdentifier the -- parameters SHOULD be absent, but if the parameters are present, -- they MUST be NULL. id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 }Housley & Kaliski [Page 15]
INTERNET DRAFT December 2002 -- ============= -- Constant -- ============= nullOctetString OCTET STRING (SIZE (0)) ::= { ''H } -- ========================= -- Algorithm Identifiers -- ========================= sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL } sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL } sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } mgf1SHA1Identifier AlgorithmIdentifier ::= { id-mgf1, sha1Identifier } mgf1SHA256Identifier AlgorithmIdentifier ::= { id-mgf1, sha256Identifier } mgf1SHA384Identifier AlgorithmIdentifier ::= { id-mgf1, sha384Identifier } mgf1SHA512Identifier AlgorithmIdentifier ::= { id-mgf1, sha512Identifier } pSpecifiedEmptyIdentifier AlgorithmIdentifier ::= { id-pSpecified, nullOctetString } rSASSA-PSS-Default-Identifier AlgorithmIdentifier ::= { { id-RSASSA-PSS, { sha1Identifier, mgf1SHA1Identifier, 20, 1 } } rSASSA-PSS-SHA256-Identifier AlgorithmIdentifier ::= { { id-RSASSA-PSS, { sha256Identifier, mgf1SHA256Identifier, 20, 1 } }Housley & Kaliski [Page 16]
INTERNET DRAFT December 2002 rSASSA-PSS-SHA384-Identifier AlgorithmIdentifier ::= { { id-RSASSA-PSS, { sha384Identifier, mgf1SHA384Identifier, 20, 1 } } rSASSA-PSS-SHA512-Identifier AlgorithmIdentifier ::= { { id-RSASSA-PSS, { sha512Identifier, mgf1SHA512Identifier, 20, 1 } } rSAES-OAEP-Default-Identifier AlgorithmIdentifier ::= { id-RSAES-OAEP, { sha1Identifier, mgf1SHA1Identifier, pSpecifiedEmptyIdentifier } } rSAES-OAEP-SHA256-Identifier AlgorithmIdentifier ::= { id-RSAES-OAEP, { sha256Identifier, mgf1SHA256Identifier, pSpecifiedEmptyIdentifier } } rSAES-OAEP-SHA384-Identifier AlgorithmIdentifier ::=⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -