Mercurial > dropbear
comparison libtomcrypt/notes/tech0006.txt @ 389:5ff8218bcee9
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e)
to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 11 Jan 2007 03:14:55 +0000 |
parents | 1b9e69c058d2 |
children |
comparison
equal
deleted
inserted
replaced
388:fb54020f78e1 | 389:5ff8218bcee9 |
---|---|
1 Tech Note 0006 | |
2 PK Standards Compliance | |
3 Tom St Denis | |
4 | |
5 RSA | |
6 ---- | |
7 | |
8 PKCS #1 compliance. | |
9 | |
10 Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1 | |
11 Encryption: OAEP as per PKCS #1 | |
12 Signature : PSS as per PKCS #1 | |
13 | |
14 DSA | |
15 ---- | |
16 | |
17 The NIST DSA algorithm | |
18 | |
19 Key Format: HomeBrew [see below] | |
20 Signature : ANSI X9.62 format [see below]. | |
21 | |
22 Keys are stored as | |
23 | |
24 DSAPublicKey ::= SEQUENCE { | |
25 publicFlags BIT STRING(1), -- must be 0 | |
26 g INTEGER , -- base generator, check that g^q mod p == 1 | |
27 -- and that 1 < g < p - 1 | |
28 p INTEGER , -- prime modulus | |
29 q INTEGER , -- order of sub-group (must be prime) | |
30 y INTEGER , -- public key, specifically, g^x mod p, | |
31 -- check that y^q mod p == 1 | |
32 -- and that 1 < y < p - 1 | |
33 } | |
34 | |
35 DSAPrivateKey ::= SEQUENCE { | |
36 publicFlags BIT STRING(1), -- must be 1 | |
37 g INTEGER , -- base generator, check that g^q mod p == 1 | |
38 -- and that 1 < g < p - 1 | |
39 p INTEGER , -- prime modulus | |
40 q INTEGER , -- order of sub-group (must be prime) | |
41 y INTEGER , -- public key, specifically, g^x mod p, | |
42 -- check that y^q mod p == 1 | |
43 -- and that 1 < y < p - 1 | |
44 x INTEGER -- private key | |
45 } | |
46 | |
47 Signatures are stored as | |
48 | |
49 DSASignature ::= SEQUENCE { | |
50 r, s INTEGER -- signature parameters | |
51 } | |
52 | |
53 ECC | |
54 ---- | |
55 | |
56 The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves. | |
57 | |
58 Key Format : Homebrew [see below, only GF(p) NIST curves supported] | |
59 Signature : X9.62 compliant | |
60 Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey] | |
61 Shared Secret: X9.63 compliant | |
62 | |
63 ECCPublicKey ::= SEQUENCE { | |
64 flags BIT STRING(1), -- public/private flag (always zero), | |
65 keySize INTEGER, -- Curve size (in bits) divided by eight | |
66 -- and rounded down, e.g. 521 => 65 | |
67 pubkey.x INTEGER, -- The X co-ordinate of the public key point | |
68 pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |
69 } | |
70 | |
71 ECCPrivateKey ::= SEQUENCE { | |
72 flags BIT STRING(1), -- public/private flag (always one), | |
73 keySize INTEGER, -- Curve size (in bits) divided by eight | |
74 -- and rounded down, e.g. 521 => 65 | |
75 pubkey.x INTEGER, -- The X co-ordinate of the public key point | |
76 pubkey.y INTEGER, -- The Y co-ordinate of the public key point | |
77 secret.k INTEGER, -- The secret key scalar | |
78 } | |
79 | |
80 The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size | |
81 of the hash digest]. The format of the encrypted text is as follows | |
82 | |
83 ECCEncrypted ::= SEQUENCE { | |
84 hashOID OBJECT IDENTIFIER, -- The OID of the hash used | |
85 pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey | |
86 skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against) | |
87 } | |
88 | |
89 % $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $ | |
90 % $Revision: 1.2 $ | |
91 % $Date: 2005/06/18 02:26:27 $ |