📄 rfc3279.txt
字号:
seed BIT STRING OPTIONAL }
FieldElement ::= OCTET STRING
ECPoint ::= OCTET STRING
The value of FieldElement SHALL be the octet string representation of
a field element following the conversion routine in [X9.62], Section
4.3.3. The value of ECPoint SHALL be the octet string representation
of an elliptic curve point following the conversion routine in
[X9.62], Section 4.3.6. Note that this octet string may represent an
elliptic curve point in compressed or uncompressed form.
Implementations that support elliptic curve according to this
specification MUST support the uncompressed form and MAY support the
compressed form.
The components of type ECParameters have the following meanings:
version specifies the version number of the elliptic curve
parameters. It MUST have the value 1 (ecpVer1).
Polk, et al. Standards Track [Page 14]
RFC 3279 Algorithms and Identifiers April 2002
fieldID identifies the finite field over which the elliptic curve
is defined. Finite fields are represented by values of the
parameterized type FieldID, constrained to the values of the
objects defined in the information object set FieldTypes.
Additional detail regarding fieldID is provided below.
curve specifies the coefficients a and b of the elliptic curve E.
Each coefficient is represented as a value of type FieldElement,
an OCTET STRING. seed is an optional parameter used to derive the
coefficients of a randomly generated elliptic curve.
base specifies the base point P on the elliptic curve. The base
point is represented as a value of type ECPoint, an OCTET STRING.
order specifies the order n of the base point.
cofactor is the integer h = #E(Fq)/n. This parameter is specified
as OPTIONAL. However, the cofactor MUST be included in ECDH
public key parameters. The cofactor is not required to support
ECDSA, except in parameter validation. The cofactor MAY be
included to support parameter validation for ECDSA keys.
Parameter validation is not required by this specification.
The AlgorithmIdentifier within SubjectPublicKeyInfo is the only place
within a certificate where the parameters may be used. If the
elliptic curve parameters are specified as implicitlyCA in the
SubjectPublicKeyInfo AlgorithmIdentifier and the CA signed the
subject certificate using ECDSA, then the certificate issuer's ECDSA
parameters apply to the subject's ECDSA key. If the elliptic curve
parameters are specified as implicitlyCA in the SubjectPublicKeyInfo
AlgorithmIdentifier and the CA signed the certificate using a
signature algorithm other than ECDSA, then clients MUST not make use
of the elliptic curve public key.
FieldID ::= SEQUENCE {
fieldType OBJECT IDENTIFIER,
parameters ANY DEFINED BY fieldType }
FieldID is a SEQUENCE of two components, fieldType and parameters.
The fieldType contains an object identifier value that uniquely
identifies the type contained in the parameters.
The object identifier id-fieldType specifies an arc containing the
object identifiers of each field type. It has the following value:
id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
Polk, et al. Standards Track [Page 15]
RFC 3279 Algorithms and Identifiers April 2002
The object identifiers prime-field and characteristic-two-field name
the two kinds of fields defined in this Standard. They have the
following values:
prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
Prime-p ::= INTEGER -- Field size p (p in bits)
characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 }
Characteristic-two ::= SEQUENCE {
m INTEGER, -- Field size 2^m
basis OBJECT IDENTIFIER,
parameters ANY DEFINED BY basis }
The object identifier id-characteristic-two-basis specifies an arc
containing the object identifiers for each type of basis for the
characteristic-two finite fields. It has the following value:
id-characteristic-two-basis OBJECT IDENTIFIER ::= {
characteristic-two-field basisType(1) }
The object identifiers gnBasis, tpBasis and ppBasis name the three
kinds of basis for characteristic-two finite fields defined by
[X9.62]. They have the following values:
gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 }
-- for gnBasis, the value of the parameters field is NULL
tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 }
-- type of parameters field for tpBasis is Trinomial
Trinomial ::= INTEGER
ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 }
-- type of parameters field for ppBasis is Pentanomial
Pentanomial ::= SEQUENCE {
k1 INTEGER,
k2 INTEGER,
k3 INTEGER }
Polk, et al. Standards Track [Page 16]
RFC 3279 Algorithms and Identifiers April 2002
The elliptic curve public key (an ECPoint which is an OCTET STRING)
is mapped to a subjectPublicKey (a BIT STRING) as follows: the most
significant bit of the OCTET STRING becomes the most significant bit
of the BIT STRING, and the least significant bit of the OCTET STRING
becomes the least significant bit of the BIT STRING. Note that this
octet string may represent an elliptic curve point in compressed or
uncompressed form. Implementations that support elliptic curve
according to this specification MUST support the uncompressed form
and MAY support the compressed form.
If the keyUsage extension is present in a CA or CRL issuer
certificate which conveys an elliptic curve public key, any
combination of the following values MAY be present:
digitalSignature;
nonRepudiation; and
keyAgreement.
If the keyAgreement value is present, either of the following values
MAY be present:
encipherOnly; and
decipherOnly.
The keyUsage extension MUST NOT assert both encipherOnly and
decipherOnly.
If the keyUsage extension is present in a CA certificate which
conveys an elliptic curve public key, any combination of the
following values MAY be present:
digitalSignature;
nonRepudiation;
keyAgreement;
keyCertSign; and
cRLSign.
As above, if the keyUsage extension asserts keyAgreement then it MAY
assert either encipherOnly and decipherOnly. However, this
specification RECOMMENDS that if keyCertSign or cRLSign is present,
keyAgreement, encipherOnly, and decipherOnly SHOULD NOT be present.
Polk, et al. Standards Track [Page 17]
RFC 3279 Algorithms and Identifiers April 2002
3 ASN.1 Module
PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-algorithms(17) }
DEFINITIONS EXPLICIT TAGS ::= BEGIN
-- EXPORTS All;
-- IMPORTS NONE;
--
-- One-way Hash Functions
--
md2 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 2 }
md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 5 }
id-sha1 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) oiw(14) secsig(3)
algorithms(2) 26 }
--
-- DSA Keys and Signatures
--
-- OID for DSA public key
id-dsa OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
-- encoding for DSA public key
DSAPublicKey ::= INTEGER -- public key, y
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
Polk, et al. Standards Track [Page 18]
RFC 3279 Algorithms and Identifiers April 2002
-- OID for DSA signature generated with SHA-1 hash
id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
-- encoding for DSA signature generated with SHA-1 hash
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
--
-- RSA Keys and Signatures
--
-- arc for RSA public key and RSA signature OIDs
pkcs-1 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
-- OID for RSA public keys
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
-- OID for RSA signature generated with MD2 hash
md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
-- OID for RSA signature generated with MD5 hash
md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-- OID for RSA signature generated with SHA-1 hash
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
-- encoding for RSA public key
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER } -- e
Polk, et al. Standards Track [Page 19]
RFC 3279 Algorithms and Identifiers April 2002
--
-- Diffie-Hellman Keys
--
dhpublicnumber OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046)
number-type(2) 1 }
-- encoding for DSA public key
DHPublicKey ::= INTEGER -- public key, y = g^x mod p
DomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor, j>= 2
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
--
-- KEA Keys
--
id-keyExchangeAlgorithm OBJECT IDENTIFIER ::=
{ 2 16 840 1 101 2 1 1 22 }
KEA-Parms-Id ::= OCTET STRING
--
-- Elliptic Curve Keys, Signatures, and Curves
--
ansi-X9-62 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) 10045 }
FieldID ::= SEQUENCE { -- Finite field
fieldType OBJECT IDENTIFIER,
parameters ANY DEFINED BY fieldType }
-- Arc for ECDSA signature OIDS
id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
Polk, et al. Standards Track [Page 20]
RFC 3279 Algorithms and Identifiers April 2002
-- OID for ECDSA signatures with SHA-1
ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
-- OID for an elliptic curve signature
-- format for the value of an ECDSA signature value
ECDSA-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -