comparison libtomcrypt/notes/tech0006.txt @ 389:5ff8218bcee9

propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e) to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 03:14:55 +0000
parents 1b9e69c058d2
children
comparison
equal deleted inserted replaced
388:fb54020f78e1 389:5ff8218bcee9
1 Tech Note 0006
2 PK Standards Compliance
3 Tom St Denis
4
5 RSA
6 ----
7
8 PKCS #1 compliance.
9
10 Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
11 Encryption: OAEP as per PKCS #1
12 Signature : PSS as per PKCS #1
13
14 DSA
15 ----
16
17 The NIST DSA algorithm
18
19 Key Format: HomeBrew [see below]
20 Signature : ANSI X9.62 format [see below].
21
22 Keys are stored as
23
24 DSAPublicKey ::= SEQUENCE {
25 publicFlags BIT STRING(1), -- must be 0
26 g INTEGER , -- base generator, check that g^q mod p == 1
27 -- and that 1 < g < p - 1
28 p INTEGER , -- prime modulus
29 q INTEGER , -- order of sub-group (must be prime)
30 y INTEGER , -- public key, specifically, g^x mod p,
31 -- check that y^q mod p == 1
32 -- and that 1 < y < p - 1
33 }
34
35 DSAPrivateKey ::= SEQUENCE {
36 publicFlags BIT STRING(1), -- must be 1
37 g INTEGER , -- base generator, check that g^q mod p == 1
38 -- and that 1 < g < p - 1
39 p INTEGER , -- prime modulus
40 q INTEGER , -- order of sub-group (must be prime)
41 y INTEGER , -- public key, specifically, g^x mod p,
42 -- check that y^q mod p == 1
43 -- and that 1 < y < p - 1
44 x INTEGER -- private key
45 }
46
47 Signatures are stored as
48
49 DSASignature ::= SEQUENCE {
50 r, s INTEGER -- signature parameters
51 }
52
53 ECC
54 ----
55
56 The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves.
57
58 Key Format : Homebrew [see below, only GF(p) NIST curves supported]
59 Signature : X9.62 compliant
60 Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
61 Shared Secret: X9.63 compliant
62
63 ECCPublicKey ::= SEQUENCE {
64 flags BIT STRING(1), -- public/private flag (always zero),
65 keySize INTEGER, -- Curve size (in bits) divided by eight
66 -- and rounded down, e.g. 521 => 65
67 pubkey.x INTEGER, -- The X co-ordinate of the public key point
68 pubkey.y INTEGER, -- The Y co-ordinate of the public key point
69 }
70
71 ECCPrivateKey ::= SEQUENCE {
72 flags BIT STRING(1), -- public/private flag (always one),
73 keySize INTEGER, -- Curve size (in bits) divided by eight
74 -- and rounded down, e.g. 521 => 65
75 pubkey.x INTEGER, -- The X co-ordinate of the public key point
76 pubkey.y INTEGER, -- The Y co-ordinate of the public key point
77 secret.k INTEGER, -- The secret key scalar
78 }
79
80 The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size
81 of the hash digest]. The format of the encrypted text is as follows
82
83 ECCEncrypted ::= SEQUENCE {
84 hashOID OBJECT IDENTIFIER, -- The OID of the hash used
85 pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey
86 skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against)
87 }
88
89 % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $
90 % $Revision: 1.2 $
91 % $Date: 2005/06/18 02:26:27 $