rfc9548v6.txt | rfc9548.txt | |||
---|---|---|---|---|
skipping to change at line 128 ¶ | skipping to change at line 128 ¶ | |||
capitals, as shown here. | capitals, as shown here. | |||
3. Basic Terms and Definitions | 3. Basic Terms and Definitions | |||
Throughout this document, the following notations are used: | Throughout this document, the following notations are used: | |||
P a password encoded as a Unicode UTF-8 string | P a password encoded as a Unicode UTF-8 string | |||
S a random initializing value | S a random initializing value | |||
V_s the set of byte strings of length s, where s >= 0; the string š | V_s the set of byte strings of length s, where s >= 0; the string b | |||
= (b_1,...,b_s) belongs to the set V_s if b_1,...,b_sā{0,...,255} | = (b_1,...,b_s) belongs to the set V_s if b_1,...,b_s belongs to | |||
{0,...,255} | ||||
|A| the number of components (a length) of the vector A belonging to | |A| the number of components (a length) of the vector A belonging to | |||
V_s (if A is an empty string, then |A| = 0) | V_s (if A is an empty string, then |A| = 0) | |||
A||C a concatenation of two byte strings A, C from V_s, i.e., a | A||C a concatenation of two byte strings A, C from V_s, i.e., a | |||
string from V_(|A|+|C|), where the left substring from V_(|A|) is | string from V_(|A|+|C|), where the left substring from V_(|A|) is | |||
equal to the string A and the right substring from V_(|C|) is | equal to the string A and the right substring from V_(|C|) is | |||
equal to the string C: A = (a_(n_1),...,a_1) in V_(n_1) and C = | equal to the string C: A = (a_1,...,a_(n_1)) in V_(n_1) and C = | |||
(c_(n_2),...,c_1) in V_(n_2), res = | (c_2,...,c_(n_2)) in V_(n_2), res = | |||
(a_(n_1),...,a_1,c_(n_2),...,c_1) in V_(n_1+n_2)) | (a_1,...,a_(n_1),c_2,...,c_(n_2)) in V_(n_1+n_2) | |||
F_q a finite prime field represented as a set of q integers | F_q a finite prime field represented as a set of q integers | |||
{0,1,...,q - 1}, where q > 3 - prime number | {0,1,...,q - 1}, where q > 3 - prime number | |||
b mod q the minimum non-negative number comparable to b modulo p | b mod q the minimum non-negative number comparable to b modulo p | |||
INT(b) integer INT(b) = b_1 +b_2 * 256+āÆ+b_s * 256^(s-1), where b | INT(b) integer INT(b) = b_1 + b_2 * 256 +...+ b_s * 256^(s-1), where | |||
belongs to V_s | b belongs to V_s | |||
This document uses the following terms and abbreviations: | This document uses the following terms and abbreviations: | |||
Signature one or more data elements resulting from the signature | Signature one or more data elements resulting from the signature | |||
process (Clause 3.12 of [ISO14888-1]). Note: The terms "digital | process (Clause 3.12 of [ISO14888-1]). Note: The terms "digital | |||
signature", "electronic signature", and "electronic digital | signature", "electronic signature", and "electronic digital | |||
signature" are considered equivalent in this document. | signature" are considered equivalent in this document. | |||
Signature key set of private data elements specific to an entity and | Signature key set of private data elements specific to an entity and | |||
usable only by this entity in the signature process (Clause 3.13 | usable only by this entity in the signature process (Clause 3.13 | |||
skipping to change at line 787 ¶ | skipping to change at line 788 ¶ | |||
: 937E4ECFC9525BF9F6A0850 | : 937E4ECFC9525BF9F6A0850 | |||
: 76718A45C81FF4921E3E2BB | : 76718A45C81FF4921E3E2BB | |||
: F72BF3EEBF3EE1613412665 | : F72BF3EEBF3EE1613412665 | |||
: FF13DDA7BF275268EB11AE9 | : FF13DDA7BF275268EB11AE9 | |||
: DE707D7F1B884CB6CF4760B | : DE707D7F1B884CB6CF4760B | |||
: 9F16F024330D546B881D5EA0CE | : 9F16F024330D546B881D5EA0CE | |||
451 135: CONTEXT SPECIFIC (3): | 451 135: CONTEXT SPECIFIC (3): | |||
454 132: SEQUENCE: | 454 132: SEQUENCE: | |||
457 99: SEQUENCE: | 457 99: SEQUENCE: | |||
459 3: OBJECT IDENTIFIER: | 459 3: OBJECT IDENTIFIER: | |||
: authorityKeyIdentifier [2.5.29.35] | : authorityKeyIdentifier | |||
: [2.5.29.35] | ||||
464 92: OCTET STRING: | 464 92: OCTET STRING: | |||
466 90: SEQUENCE: | 466 90: SEQUENCE: | |||
468 20: CONTEXT SPECIFIC (0): | 468 20: CONTEXT SPECIFIC (0): | |||
: AC6C0E4C4466A24296E2 | : AC6C0E4C4466A24296E2 | |||
: 9F093B2566F3CBA4532A | : 9F093B2566F3CBA4532A | |||
490 60: CONTEXT SPECIFIC (1): | 490 60: CONTEXT SPECIFIC (1): | |||
492 58: CONTEXT SPECIFIC (4): | 492 58: CONTEXT SPECIFIC (4): | |||
494 56: SEQUENCE: | 494 56: SEQUENCE: | |||
496 13: SET: | 496 13: SET: | |||
498 11: SEQUENCE: | 498 11: SEQUENCE: | |||
500 3: OBJECT IDENTIFIER: | 500 3: OBJECT IDENTIFIER: | |||
: organizationName | : organizationName | |||
: [2.5.4.10] | : [2.5.4.10] | |||
505 4: PRINTABLE STRING:'TK26' | 505 4: PRINTABLE STRING: | |||
: 'TK26' | ||||
511 39: SET: | 511 39: SET: | |||
513 37: SEQUENCE: | 513 37: SEQUENCE: | |||
515 3: OBJECT IDENTIFIER: | 515 3: OBJECT IDENTIFIER: | |||
: commonName [2.5.4.3] | : commonName | |||
: [2.5.4.3] | ||||
520 30: PRINTABLE STRING: | 520 30: PRINTABLE STRING: | |||
: 'CA TK26: GOST ' | : 'CA TK26: GOST ' | |||
: '34.10-12 256-bit' | : '34.10-12 256-bit' | |||
552 4: CONTEXT SPECIFIC (2): | 552 4: CONTEXT SPECIFIC (2): | |||
: 018CBA81 | : 018CBA81 | |||
558 29: SEQUENCE: | 558 29: SEQUENCE: | |||
560 3: OBJECT IDENTIFIER: | 560 3: OBJECT IDENTIFIER: | |||
: subjectKeyIdentifier [2.5.29.14] | : subjectKeyIdentifier | |||
: [2.5.29.14] | ||||
565 22: OCTET STRING: | 565 22: OCTET STRING: | |||
567 20: OCTET STRING: | 567 20: OCTET STRING: | |||
: 7E065709980CAD6B08A8 | : 7E065709980CAD6B08A8 | |||
: 57EE7900583AC9D7A0A4 | : 57EE7900583AC9D7A0A4 | |||
589 10: SEQUENCE: | 589 10: SEQUENCE: | |||
591 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.3.2] | 591 8: OBJECT IDENTIFIER: | |||
: [1.2.643.7.1.1.3.2] | ||||
601 65: BIT STRING UnusedBits:0: | 601 65: BIT STRING UnusedBits:0: | |||
: 0A5EA9F1D01BA62F4793EDE680CC88D1 | : 0A5EA9F1D01BA62F4793EDE680CC88D1 | |||
: 6221D7B22B96B4A9FE607417B67332DF | : 6221D7B22B96B4A9FE607417B67332DF | |||
: 17503D43C33DC9AEB9F17979DF32F380 | : 17503D43C33DC9AEB9F17979DF32F380 | |||
: E4175427D842C8380C5401ACFC870410 | : E4175427D842C8380C5401ACFC870410 | |||
668 84: SET: | 668 84: SET: | |||
670 35: SEQUENCE: | 670 35: SEQUENCE: | |||
672 9: OBJECT IDENTIFIER:localKeyID | 672 9: OBJECT IDENTIFIER:localKeyID | |||
: [1.2.840.113549.1.9.21] | : [1.2.840.113549.1.9.21] | |||
683 22: SET: | 683 22: SET: | |||
skipping to change at line 844 ¶ | skipping to change at line 850 ¶ | |||
709 9: OBJECT IDENTIFIER:friendlyName | 709 9: OBJECT IDENTIFIER:friendlyName | |||
: [1.2.840.113549.1.9.20] | : [1.2.840.113549.1.9.20] | |||
720 32: SET: | 720 32: SET: | |||
722 30: BMP STRING:'p12FriendlyName' | 722 30: BMP STRING:'p12FriendlyName' | |||
754 473: SEQUENCE: | 754 473: SEQUENCE: | |||
758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] | 758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] | |||
769 458: CONTEXT SPECIFIC (0): | 769 458: CONTEXT SPECIFIC (0): | |||
773 454: OCTET STRING: | 773 454: OCTET STRING: | |||
777 450: SEQUENCE: | 777 450: SEQUENCE: | |||
781 446: SEQUENCE: | 781 446: SEQUENCE: | |||
785 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag | 785 11: OBJECT IDENTIFIER: | |||
: [1.2.840.113549.1.12.10.1.2] | : pkcs-12-pkcs-8ShroudedKeyBag | |||
: [1.2.840.113549.1.12.10.1.2] | ||||
798 343: CONTEXT SPECIFIC (0): | 798 343: CONTEXT SPECIFIC (0): | |||
802 339: SEQUENCE: | 802 339: SEQUENCE: | |||
806 89: SEQUENCE: | 806 89: SEQUENCE: | |||
808 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] | 808 9: OBJECT IDENTIFIER: | |||
: [1.2.840.113549.1.5.13] | ||||
819 76: SEQUENCE: | 819 76: SEQUENCE: | |||
821 41: SEQUENCE: | 821 41: SEQUENCE: | |||
823 9: OBJECT IDENTIFIER: | 823 9: OBJECT IDENTIFIER: | |||
: [1.2.840.113549.1.5.12] | : [1.2.840.113549.1.5.12] | |||
834 28: SEQUENCE: | 834 28: SEQUENCE: | |||
836 8: OCTET STRING:'A7F837B34CC2E82A' | 836 8: OCTET STRING:'A7F837B34CC2E82A' | |||
846 2: INTEGER:2048 | 846 2: INTEGER:2048 | |||
850 12: SEQUENCE: | 850 12: SEQUENCE: | |||
852 8: OBJECT IDENTIFIER: | 852 8: OBJECT IDENTIFIER: | |||
: [1.2.643.7.1.1.4.2] | : [1.2.643.7.1.1.4.2] | |||
862 0: NULL: | 862 0: NULL: | |||
864 31: SEQUENCE: | 864 31: SEQUENCE: | |||
866 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.2.2] | 866 9: OBJECT IDENTIFIER: | |||
: [1.2.643.7.1.1.5.2.2] | ||||
877 18: SEQUENCE: | 877 18: SEQUENCE: | |||
879 16: OCTET STRING: | 879 16: OCTET STRING: | |||
: 259ADD960DF68F265B00B3498B2A0973 | : 259ADD960DF68F265B00B3498B2A0973 | |||
897 245: OCTET STRING: | 897 245: OCTET STRING: | |||
: 0CCBC469C6DB5913435529D724B5B281 | : 0CCBC469C6DB5913435529D724B5B281 | |||
: 8ACAA22A5D3A30C0FF61C49C1677E2E1 | : 8ACAA22A5D3A30C0FF61C49C1677E2E1 | |||
: 4E2CD85E52A88AA423E81696D1D86062 | : 4E2CD85E52A88AA423E81696D1D86062 | |||
: 55855354AF626E273381A71A1106330D | : 55855354AF626E273381A71A1106330D | |||
: 7B5C4B440264EC692967ED78095B7492 | : 7B5C4B440264EC692967ED78095B7492 | |||
: C2FD2A8FBAB3D8C8A8B43154543D13A1 | : C2FD2A8FBAB3D8C8A8B43154543D13A1 | |||
skipping to change at line 889 ¶ | skipping to change at line 898 ¶ | |||
: F730B6DE568364E896669954C8BAD489 | : F730B6DE568364E896669954C8BAD489 | |||
: 309B1EBB67D51A693C398B14D32DF5D2 | : 309B1EBB67D51A693C398B14D32DF5D2 | |||
: 7B28A80290E8BB666E6786A3C285BCB0 | : 7B28A80290E8BB666E6786A3C285BCB0 | |||
: 5F5DF071F6 | : 5F5DF071F6 | |||
1145 84: SET: | 1145 84: SET: | |||
1147 35: SEQUENCE: | 1147 35: SEQUENCE: | |||
1149 9: OBJECT IDENTIFIER:localKeyID | 1149 9: OBJECT IDENTIFIER:localKeyID | |||
: [1.2.840.113549.1.9.21] | : [1.2.840.113549.1.9.21] | |||
1160 22: SET: | 1160 22: SET: | |||
1162 20: OCTET STRING: | 1162 20: OCTET STRING: | |||
: 795574F9D4B6E4C20224286998673FF00A14C04D | : 795574F9D4B6E4C20224 | |||
: 286998673FF00A14C04D | ||||
1184 45: SEQUENCE: | 1184 45: SEQUENCE: | |||
1186 9: OBJECT IDENTIFIER:friendlyName | 1186 9: OBJECT IDENTIFIER:friendlyName | |||
: [1.2.840.113549.1.9.20] | : [1.2.840.113549.1.9.20] | |||
1197 32: SET: | 1197 32: SET: | |||
1199 30: BMP STRING:'p12FriendlyName' | 1199 30: BMP STRING:'p12FriendlyName' | |||
1231 94: SEQUENCE: | 1231 94: SEQUENCE: | |||
1233 78: SEQUENCE: | 1233 78: SEQUENCE: | |||
1235 10: SEQUENCE: | 1235 10: SEQUENCE: | |||
1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] | 1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] | |||
1247 64: OCTET STRING: | 1247 64: OCTET STRING: | |||
skipping to change at line 944 ¶ | skipping to change at line 954 ¶ | |||
A.3. Example of a PFX with a Password-Protected Key and a Password- | A.3. Example of a PFX with a Password-Protected Key and a Password- | |||
Protected Certificate | Protected Certificate | |||
In this example, the PKCS8SHroudedKeybag structure is used to store | In this example, the PKCS8SHroudedKeybag structure is used to store | |||
the key, which is placed in the Data structure (see [RFC5652]). The | the key, which is placed in the Data structure (see [RFC5652]). The | |||
certBag structure is used to store the certificate, which is placed | certBag structure is used to store the certificate, which is placed | |||
in the EncryptedData structure (see [RFC5652]). The following | in the EncryptedData structure (see [RFC5652]). The following | |||
password is used to encrypt the key and provide integrity control. | password is used to encrypt the key and provide integrity control. | |||
The password is in hexadecimal. | The password is in hexadecimal. | |||
0xD09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658 | D09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658 | |||
The key encryption algorithm identifier: | The key encryption algorithm identifier: | |||
1.2.643.7.1.1.5.1.1 | 1.2.643.7.1.1.5.1.1 | |||
The certificate encryption algorithm identifier: | The certificate encryption algorithm identifier: | |||
1.2.643.7.1.1.5.1.2 | 1.2.643.7.1.1.5.1.2 | |||
A.3.1. PFX in BASE64 Format | A.3.1. PFX in BASE64 Format | |||
skipping to change at line 1068 ¶ | skipping to change at line 1078 ¶ | |||
: 35F0CB6CAD133DA4375A765F264FF55F87D | : 35F0CB6CAD133DA4375A765F264FF55F87D | |||
: F81F1D641655C6042EEF494C3C419EC5B52 | : F81F1D641655C6042EEF494C3C419EC5B52 | |||
: 4607B850829F28BD27457DD92B5B233125C | : 4607B850829F28BD27457DD92B5B233125C | |||
: 656B555E6E | : 656B555E6E | |||
871 453: SEQUENCE: | 871 453: SEQUENCE: | |||
875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] | 875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] | |||
886 438: CONTEXT SPECIFIC (0): | 886 438: CONTEXT SPECIFIC (0): | |||
890 434: OCTET STRING: | 890 434: OCTET STRING: | |||
894 430: SEQUENCE: | 894 430: SEQUENCE: | |||
898 426: SEQUENCE: | 898 426: SEQUENCE: | |||
902 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag | 902 11: OBJECT IDENTIFIER: | |||
: pkcs-12-pkcs-8ShroudedKeyBag | ||||
: [1.2.840.113549.1.12.10.1.2] | : [1.2.840.113549.1.12.10.1.2] | |||
915 323: CONTEXT SPECIFIC (0): | 915 323: CONTEXT SPECIFIC (0): | |||
919 319: SEQUENCE: | 919 319: SEQUENCE: | |||
923 85: SEQUENCE: | 923 85: SEQUENCE: | |||
925 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] | 925 9: OBJECT IDENTIFIER: | |||
: [1.2.840.113549.1.5.13] | ||||
936 72: SEQUENCE: | 936 72: SEQUENCE: | |||
938 41: SEQUENCE: | 938 41: SEQUENCE: | |||
940 9: OBJECT IDENTIFIER: | 940 9: OBJECT IDENTIFIER: | |||
: [1.2.840.113549.1.5.12] | : [1.2.840.113549.1.5.12] | |||
951 28: SEQUENCE: | 951 28: SEQUENCE: | |||
953 8: OCTET STRING: | 953 8: OCTET STRING: | |||
: FD04424D0ED6DC2F | : FD04424D0ED6DC2F | |||
963 2: INTEGER:2048 | 963 2: INTEGER:2048 | |||
967 12: SEQUENCE: | 967 12: SEQUENCE: | |||
969 8: OBJECT IDENTIFIER: | 969 8: OBJECT IDENTIFIER: | |||
skipping to change at line 1114 ¶ | skipping to change at line 1126 ¶ | |||
: 50F1098013386AB3D29C070A55942C70 | : 50F1098013386AB3D29C070A55942C70 | |||
: FD2C86A32CC0761A104AC90C3ABA3225 | : FD2C86A32CC0761A104AC90C3ABA3225 | |||
: 96D26CD13F9635D5FF013D852E2D4B15 | : 96D26CD13F9635D5FF013D852E2D4B15 | |||
: 24B7F828FD | : 24B7F828FD | |||
1242 84: SET: | 1242 84: SET: | |||
1244 35: SEQUENCE: | 1244 35: SEQUENCE: | |||
1246 9: OBJECT IDENTIFIER:localKeyID | 1246 9: OBJECT IDENTIFIER:localKeyID | |||
: [1.2.840.113549.1.9.21] | : [1.2.840.113549.1.9.21] | |||
1257 22: SET: | 1257 22: SET: | |||
1259 20: OCTET STRING: | 1259 20: OCTET STRING: | |||
: 795574F9D4B6E4C20224286998673FF00A14C04D | : 795574F9D4B6E4C20224 | |||
: 286998673FF00A14C04D | ||||
1281 45: SEQUENCE: | 1281 45: SEQUENCE: | |||
1283 9: OBJECT IDENTIFIER: | 1283 9: OBJECT IDENTIFIER: | |||
: friendlyName [1.2.840.113549.1.9.20] | : friendlyName [1.2.840.113549.1.9.20] | |||
1294 32: SET: | 1294 32: SET: | |||
1296 30: BMP STRING:'p12FriendlyName' | 1296 30: BMP STRING:'p12FriendlyName' | |||
1328 94: SEQUENCE: | 1328 94: SEQUENCE: | |||
1330 78: SEQUENCE: | 1330 78: SEQUENCE: | |||
1332 10: SEQUENCE: | 1332 10: SEQUENCE: | |||
1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] | 1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] | |||
1344 64: OCTET STRING: | 1344 64: OCTET STRING: | |||
skipping to change at line 1162 ¶ | skipping to change at line 1175 ¶ | |||
97 129: CONTEXT SPECIFIC (1): | 97 129: CONTEXT SPECIFIC (1): | |||
: 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B | : 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B | |||
: 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3 | : 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3 | |||
: 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B | : 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B | |||
: BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7 | : BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7 | |||
: F1B884CB6CF4760B9F16F024330D546B881D5EA0CE | : F1B884CB6CF4760B9F16F024330D546B881D5EA0CE | |||
Acknowledgments | Acknowledgments | |||
The author thanks Alexander Potashnikov, Semen Pianov, and Valery | The author thanks Alexander Potashnikov, Semen Pianov, and Valery | |||
Smyslov for their careful readings and useful comments. | Smyslov for their careful readings and useful comments, and Alexander | |||
Chelpanov for his help with the registration of identifiers. | ||||
Author's Address | Author's Address | |||
Ekaterina Karelina (editor) | Ekaterina Karelina (editor) | |||
InfoTeCS | InfoTeCS | |||
2B stroenie 1, ul. Otradnaya | 2B stroenie 1, ul. Otradnaya | |||
Moscow | Moscow | |||
127273 | 127273 | |||
Russian Federation | Russian Federation | |||
Email: Ekaterina.Karelina@infotecs.ru | Email: Ekaterina.Karelina@infotecs.ru | |||
End of changes. 17 change blocks. | ||||
22 lines changed or deleted | 36 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. |