Tech Note 0006 | |

PK Standards Compliance | |

Tom St Denis | |

RSA | |

---- | |

PKCS #1 compliance. | |

Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 | |

Encryption: OAEP as per PKCS #1 | |

Signature : PSS as per PKCS #1 | |

DSA | |

---- | |

The NIST DSA algorithm | |

Key Format: HomeBrew [see below] | |

Signature : ANSI X9.62 format [see below]. | |

Keys are stored as | |

DSAPublicKey ::= SEQUENCE { | |

publicFlags BIT STRING(1), -- must be 0 | |

g INTEGER , -- base generator, check that g^q mod p == 1 | |

-- and that 1 < g < p - 1 | |

p INTEGER , -- prime modulus | |

q INTEGER , -- order of sub-group (must be prime) | |

y INTEGER , -- public key, specifically, g^x mod p, | |

-- check that y^q mod p == 1 | |

-- and that 1 < y < p - 1 | |

} | |

DSAPrivateKey ::= SEQUENCE { | |

publicFlags BIT STRING(1), -- must be 1 | |

g INTEGER , -- base generator, check that g^q mod p == 1 | |

-- and that 1 < g < p - 1 | |

p INTEGER , -- prime modulus | |

q INTEGER , -- order of sub-group (must be prime) | |

y INTEGER , -- public key, specifically, g^x mod p, | |

-- check that y^q mod p == 1 | |

-- and that 1 < y < p - 1 | |

x INTEGER -- private key | |

} | |

Signatures are stored as | |

DSASignature ::= SEQUENCE { | |

r, s INTEGER -- signature parameters | |

} | |

ECC | |

---- | |

The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. | |

Key Format : Homebrew [see below, only GF(p) NIST curves supported] | |

Signature : X9.62 compliant | |

Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] | |

Shared Secret: X9.63 compliant | |

ECCPublicKey ::= SEQUENCE { | |

flags BIT STRING(1), -- public/private flag (always zero), | |

keySize INTEGER, -- Curve size (in bits) divided by eight | |

-- and rounded down, e.g. 521 => 65 | |

pubkey.x INTEGER, -- The X co-ordinate of the public key point | |

pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |

} | |

ECCPrivateKey ::= SEQUENCE { | |

flags BIT STRING(1), -- public/private flag (always one), | |

keySize INTEGER, -- Curve size (in bits) divided by eight | |

-- and rounded down, e.g. 521 => 65 | |

pubkey.x INTEGER, -- The X co-ordinate of the public key point | |

pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |

secret.k INTEGER, -- The secret key scalar | |

} | |

The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size | |

of the hash digest]. The format of the encrypted text is as follows | |

ECCEncrypted ::= SEQUENCE { | |

hashOID OBJECT IDENTIFIER, -- The OID of the hash used | |

pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey | |

skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) | |

} | |

% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ | |

% $Revision: 1.2 $ | |

% $Date: 2005/06/18 02:26:27 $ |