1 Tech Note 0006 2 PK Standards Compliance 3 Tom St Denis 4 5 RSA 6 ---- 7 8 PKCS #1 compliance. 9 10 Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 11 Encryption: OAEP as per PKCS #1 12 Signature : PSS as per PKCS #1 13 14 DSA 15 ---- 16 17 The NIST DSA algorithm 18 19 Key Format: HomeBrew [see below] 20 Signature : ANSI X9.62 format [see below]. 21 22 Keys are stored as 23 24 DSAPublicKey ::= SEQUENCE { 25 publicFlags BIT STRING(1), -- must be 0 26 g INTEGER , -- base generator, check that g^q mod p == 1 27 -- and that 1 < g < p - 1 28 p INTEGER , -- prime modulus 29 q INTEGER , -- order of sub-group (must be prime) 30 y INTEGER , -- public key, specifically, g^x mod p, 31 -- check that y^q mod p == 1 32 -- and that 1 < y < p - 1 33 } 34 35 DSAPrivateKey ::= SEQUENCE { 36 publicFlags BIT STRING(1), -- must be 1 37 g INTEGER , -- base generator, check that g^q mod p == 1 38 -- and that 1 < g < p - 1 39 p INTEGER , -- prime modulus 40 q INTEGER , -- order of sub-group (must be prime) 41 y INTEGER , -- public key, specifically, g^x mod p, 42 -- check that y^q mod p == 1 43 -- and that 1 < y < p - 1 44 x INTEGER -- private key 45 } 46 47 Signatures are stored as 48 49 DSASignature ::= SEQUENCE { 50 r, s INTEGER -- signature parameters 51 } 52 53 ECC 54 ---- 55 56 The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. 57 58 Key Format : Homebrew [see below, only GF(p) NIST curves supported] 59 Signature : X9.62 compliant 60 Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] 61 Shared Secret: X9.63 compliant 62 63 ECCPublicKey ::= SEQUENCE { 64 flags BIT STRING(1), -- public/private flag (always zero), 65 keySize INTEGER, -- Curve size (in bits) divided by eight 66 -- and rounded down, e.g. 521 => 65 67 pubkey.x INTEGER, -- The X co-ordinate of the public key point 68 pubkey.y INTEGER, -- The Y co-ordinate of the public key point 69 } 70 71 ECCPrivateKey ::= SEQUENCE { 72 flags BIT STRING(1), -- public/private flag (always one), 73 keySize INTEGER, -- Curve size (in bits) divided by eight 74 -- and rounded down, e.g. 521 => 65 75 pubkey.x INTEGER, -- The X co-ordinate of the public key point 76 pubkey.y INTEGER, -- The Y co-ordinate of the public key point 77 secret.k INTEGER, -- The secret key scalar 78 } 79 80 The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size 81 of the hash digest]. The format of the encrypted text is as follows 82 83 ECCEncrypted ::= SEQUENCE { 84 hashOID OBJECT IDENTIFIER, -- The OID of the hash used 85 pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey 86 skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) 87 } 88 89 % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ 90 % $Revision: 1.2 $ 91 % $Date: 2005/06/18 02:26:27 $ 92
