Mercurial > dropbear
comparison libtomcrypt/notes/tech0006.txt @ 330:5488db2e9e4e
merge of 332f709a4cb39cde4cedab7c3be89e05f3023067
and ca4ca78b82c5d430c69ce01bf794e8886ce81431
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sat, 10 Jun 2006 16:39:40 +0000 |
| parents | 1b9e69c058d2 |
| children |
comparison
equal
deleted
inserted
replaced
| 329:8ed0dce45126 | 330:5488db2e9e4e |
|---|---|
| 1 Tech Note 0006 | |
| 2 PK Standards Compliance | |
| 3 Tom St Denis | |
| 4 | |
| 5 RSA | |
| 6 ---- | |
| 7 | |
| 8 PKCS #1 compliance. | |
| 9 | |
| 10 Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 | |
| 11 Encryption: OAEP as per PKCS #1 | |
| 12 Signature : PSS as per PKCS #1 | |
| 13 | |
| 14 DSA | |
| 15 ---- | |
| 16 | |
| 17 The NIST DSA algorithm | |
| 18 | |
| 19 Key Format: HomeBrew [see below] | |
| 20 Signature : ANSI X9.62 format [see below]. | |
| 21 | |
| 22 Keys are stored as | |
| 23 | |
| 24 DSAPublicKey ::= SEQUENCE { | |
| 25 publicFlags BIT STRING(1), -- must be 0 | |
| 26 g INTEGER , -- base generator, check that g^q mod p == 1 | |
| 27 -- and that 1 < g < p - 1 | |
| 28 p INTEGER , -- prime modulus | |
| 29 q INTEGER , -- order of sub-group (must be prime) | |
| 30 y INTEGER , -- public key, specifically, g^x mod p, | |
| 31 -- check that y^q mod p == 1 | |
| 32 -- and that 1 < y < p - 1 | |
| 33 } | |
| 34 | |
| 35 DSAPrivateKey ::= SEQUENCE { | |
| 36 publicFlags BIT STRING(1), -- must be 1 | |
| 37 g INTEGER , -- base generator, check that g^q mod p == 1 | |
| 38 -- and that 1 < g < p - 1 | |
| 39 p INTEGER , -- prime modulus | |
| 40 q INTEGER , -- order of sub-group (must be prime) | |
| 41 y INTEGER , -- public key, specifically, g^x mod p, | |
| 42 -- check that y^q mod p == 1 | |
| 43 -- and that 1 < y < p - 1 | |
| 44 x INTEGER -- private key | |
| 45 } | |
| 46 | |
| 47 Signatures are stored as | |
| 48 | |
| 49 DSASignature ::= SEQUENCE { | |
| 50 r, s INTEGER -- signature parameters | |
| 51 } | |
| 52 | |
| 53 ECC | |
| 54 ---- | |
| 55 | |
| 56 The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. | |
| 57 | |
| 58 Key Format : Homebrew [see below, only GF(p) NIST curves supported] | |
| 59 Signature : X9.62 compliant | |
| 60 Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] | |
| 61 Shared Secret: X9.63 compliant | |
| 62 | |
| 63 ECCPublicKey ::= SEQUENCE { | |
| 64 flags BIT STRING(1), -- public/private flag (always zero), | |
| 65 keySize INTEGER, -- Curve size (in bits) divided by eight | |
| 66 -- and rounded down, e.g. 521 => 65 | |
| 67 pubkey.x INTEGER, -- The X co-ordinate of the public key point | |
| 68 pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |
| 69 } | |
| 70 | |
| 71 ECCPrivateKey ::= SEQUENCE { | |
| 72 flags BIT STRING(1), -- public/private flag (always one), | |
| 73 keySize INTEGER, -- Curve size (in bits) divided by eight | |
| 74 -- and rounded down, e.g. 521 => 65 | |
| 75 pubkey.x INTEGER, -- The X co-ordinate of the public key point | |
| 76 pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |
| 77 secret.k INTEGER, -- The secret key scalar | |
| 78 } | |
| 79 | |
| 80 The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size | |
| 81 of the hash digest]. The format of the encrypted text is as follows | |
| 82 | |
| 83 ECCEncrypted ::= SEQUENCE { | |
| 84 hashOID OBJECT IDENTIFIER, -- The OID of the hash used | |
| 85 pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey | |
| 86 skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) | |
| 87 } | |
| 88 | |
| 89 % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ | |
| 90 % $Revision: 1.2 $ | |
| 91 % $Date: 2005/06/18 02:26:27 $ |