📄 rfc-2898.txt
字号:
SHA-1 hash function [18]. HMAC-SHA-1 has a variable key length and a 20-octet (160-bit) message authentication code. The object identifier id-hmacWithSHA1 (see Appendix B.1.1) identifies the HMAC-SHA-1 message authentication scheme. (The object identifier is the same for both the pseudorandom function and the message authentication scheme; the distinction is to be understood by context.) This object identifier is intended to be employed in the object set PBMAC1-Macs (Appendix A.5).C. ASN.1 Module For reference purposes, the ASN.1 syntax in the preceding sections is presented as an ASN.1 module here. -- PKCS #5 v2.0 ASN.1 Module -- Revised March 25, 1999 -- This module has been checked for conformance with the -- ASN.1 standard by the OSS ASN.1 Tools PKCS5v2-0 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) pkcs5v2-0(1)} DEFINITIONS ::= BEGINKaliski Informational [Page 26]
RFC 2898 Password-Based Cryptography September 2000 -- Basic object identifiers rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} pkcs OBJECT IDENTIFIER ::= {rsadsi 1} pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5} -- Basic types and classes AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL } ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER -- PBKDF2 PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...} id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::= {algorithm id-hmacWithSHA1, parameters NULL : NULL} PBKDF2-params ::= SEQUENCE { salt CHOICE { specified OCTET STRING, otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} }, iterationCount INTEGER (1..MAX), keyLength INTEGER (1..MAX) OPTIONAL, prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 } PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= { {NULL IDENTIFIED BY id-hmacWithSHA1}, ... } -- PBES1 PBES1Algorithms ALGORITHM-IDENTIFIER ::= {Kaliski Informational [Page 27]
RFC 2898 Password-Based Cryptography September 2000 {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} | {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} | {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} | {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} | {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} | {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, ... } pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} PBEParameter ::= SEQUENCE { salt OCTET STRING (SIZE(8)), iterationCount INTEGER } -- PBES2 PBES2Algorithms ALGORITHM-IDENTIFIER ::= { {PBES2-params IDENTIFIED BY id-PBES2}, ...} id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} PBES2-params ::= SEQUENCE { keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} } PBES2-KDFs ALGORITHM-IDENTIFIER ::= { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... } PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } -- PBMAC1 PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= { {PBMAC1-params IDENTIFIED BY id-PBMAC1}, ...} id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} PBMAC1-params ::= SEQUENCE { keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}}, messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}}Kaliski Informational [Page 28]
RFC 2898 Password-Based Cryptography September 2000 } PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... } PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... } -- Supporting techniques digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} SupportingAlgorithms ALGORITHM-IDENTIFIER ::= { {NULL IDENTIFIED BY id-hmacWithSHA1} | {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} | {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} | {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} | {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD}, ... } id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7} desCBC OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7} -- from OIW des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2} RC2-CBC-Parameter ::= SEQUENCE { rc2ParameterVersion INTEGER OPTIONAL, iv OCTET STRING (SIZE(8)) } rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} RC5-CBC-Parameters ::= SEQUENCE { version INTEGER {v1-0(16)} (v1-0), rounds INTEGER (8..127), blockSizeInBits INTEGER (64 | 128), iv OCTET STRING OPTIONAL } ENDKaliski Informational [Page 29]
RFC 2898 Password-Based Cryptography September 2000Intellectual Property Considerations RSA Security makes no patent claims on the general constructions described in this document, although specific underlying techniques may be covered. Among the underlying techniques, the RC5 encryption algorithm (Appendix B.2.4) is protected by U.S. Patents 5,724,428 [22] and 5,835,600 [23]. RC2 and RC5 are trademarks of RSA Security. License to copy this document is granted provided that it is identified as RSA Security Inc. Public-Key Cryptography Standards (PKCS) in all material mentioning or referencing this document. RSA Security makes no representations regarding intellectual property claims by other parties. Such determination is the responsibility of the user.Revision history Versions 1.0-1.3 Versions 1.0-1.3 were distributed to participants in RSA Data Security Inc.'s Public-Key Cryptography Standards meetings in February and March 1991. Version 1.4 Version 1.4 was part of the June 3, 1991 initial public release of PKCS. Version 1.4 was published as NIST/OSI Implementors' Workshop document SEC-SIG-91-20. Version 1.5 Version 1.5 incorporated several editorial changes, including updates to the references and the addition of a revision history. Version 2.0 Version 2.0 incorporates major editorial changes in terms of the document structure, and introduces the PBES2 encryption scheme, the PBMAC1 message authentication scheme, and independent password-based key derivation functions. This version continues to support the encryption process in version 1.5.Kaliski Informational [Page 30]
RFC 2898 Password-Based Cryptography September 2000References [1] American National Standard X9.52 - 1998, Triple Data Encryption Algorithm Modes of Operation. Working draft, Accredited Standards Committee X9, July 27, 1998. [2] Baldwin, R. and R. Rivest, "The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms", RFC 2040, October 1996. [3] Balenson, D., "Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers", RFC 1423, February 1993. [4] S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy, pages 72-84, IEEE Computer Society, 1992. [5] D. Jablon. Strong password-only authenticated key exchange. ACM Computer Communications Review, October 1996. [6] Kaliski, B., "The MD2 Message-Digest Algorithm", RFC 1319, April 1992. [7] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. [8] Robert Morris and Ken Thompson. Password security: A case history. Communications of the ACM, 22(11):594-597, November 1979. [9] ISO/IEC 8824-1:1995: Information technology - Abstract Syntax Notation One (ASN.1) - Specification of basic notation. 1995. [10] ISO/IEC 8824-1:1995/Amd.1:1995 Information technology - Abstract Syntax Notation One (ASN.1) - Specification of basic notation - Amendment 1 - Rules of extensibility. 1995. [11] ISO/IEC 8824-2:1995 Information technology - Abstract Syntax Notation One (ASN.1) - Information object specification. 1995. [12] ISO/IEC 8824-2:1995/Amd.1:1995 Information technology - Abstract Syntax Notation One (ASN.1) - Information object specification - Amendment 1 - Rules of extensibility. 1995. [13] ISO/IEC 8824-3:1995 Information technology - Abstract Syntax Notation One (ASN.1) - Constraint specification. 1995.Kaliski Informational [Page 31]
RFC 2898 Password-Based Cryptography September 2000 [14] ISO/IEC 8824-4:1995 Information technology - Abstract Syntax Notation One (ASN.1) - Parameterization of ASN.1 specifications. 1995. [15] National Institute of Standards and Technology (NIST). FIPS PUB 46-2: Data Encryption Standard. December 30, 1993. [16] National Institute of Standards and Technology (NIST). FIPS PUB 81: DES Modes of Operation. December 2, 1980. [17] National Institute of Standards and Technology (NIST). FIPS PUB 112: Password Usage. May 30, 1985. [18] National Institute of Standards and Technology (NIST). FIPS PUB 180-1: Secure Hash Standard. April 1994. [19] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992. [20] R.L. Rivest. The RC5 encryption algorithm. In Proceedings of the Second International Workshop on Fast Software Encryption, pages 86-96, Springer-Verlag, 1994. [21] Rivest, R., "A Description of the RC2(r) Encryption Algorithm", RFC 2268, March 1998. [22] R.L. Rivest. Block-Encryption Algorithm with Data-Dependent Rotations. U.S. Patent No. 5,724,428, March 3, 1998. [23] R.L. Rivest. Block Encryption Algorithm with Data-Dependent Rotations. U.S. Patent No. 5,835,600, November 10, 1998. [24] RSA Laboratories. PKCS #5: Password-Based Encryption Standard. Version 1.5, November 1993. [25] RSA Laboratories. PKCS #8: Private-Key Information Syntax Standard. Version 1.2, November 1993. [26] T. Wu. The Secure Remote Password protocol. In Proceedings of the 1998 Internet Society Network and D⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -