datatracker.ietf.org
Sign in
Version 5.6.2.p2, 2014-07-24
Report a bug

Using the GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC 4491

Document type: RFC - Proposed Standard (May 2006; Errata)
Updates RFC 3279
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4491 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: kent@bbn.com, wpolk@nist.gov

Network Working Group                                   S. Leontiev, Ed.
Request for Comments: 4491                                    CRYPTO-PRO
Updates: 3279                                        D. Shefanovski, Ed.
Category: Standards Track                        Mobile TeleSystems OJSC
                                                                May 2006

           Using the GOST R 34.10-94, GOST R 34.10-2001, and
                  GOST R 34.11-94 Algorithms with the
               Internet X.509 Public Key Infrastructure
                      Certificate and CRL Profile

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   This document supplements RFC 3279.  It describes encoding formats,
   identifiers, and parameter formats for the algorithms GOST R 34.10-
   94, GOST R 34.10-2001, and GOST R 34.11-94 for use in Internet X.509
   Public Key Infrastructure (PKI).

Leontiev & Shefanovski      Standards Track                     [Page 1]
RFC 4491                  Using GOST with PKIX                  May 2006

Table of Contents

   1. Introduction ....................................................2
      1.1. Requirement Words ..........................................3
   2. Algorithm Support ...............................................3
      2.1. One-Way Hash Function ......................................3
           2.1.1. One-Way Hash Function GOST R 34.11-94 ...............3
      2.2. Signature Algorithms .......................................4
           2.2.1. Signature Algorithm GOST R 34.10-94 .................4
           2.2.2. Signature Algorithm GOST R 34.10-2001 ...............5
      2.3. Subject Public Key Algorithms ..............................5
           2.3.1. GOST R 34.10-94 Keys ................................6
           2.3.2. GOST R 34.10-2001 Keys ..............................8
   3. Security Considerations .........................................9
   4. Examples .......................................................10
      4.1. GOST R 34.10-94 Certificate ...............................10
      4.2. GOST R 34.10-2001 Certificate .............................12
   5. Acknowledgements ...............................................15
   6. References .....................................................16
      6.1. Normative References ......................................16
      6.2. Informative References ....................................17

1.  Introduction

   This document supplements RFC 3279 [PKALGS].  It describes the
   conventions for using the GOST R 34.10-94 [GOST3431095, GOSTR341094]
   and GOST R 34.10-2001 [GOST3431004, GOSTR341001] signature
   algorithms, VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 key
   derivation algorithms, and GOST R 34.11-94 [GOST3431195, GOSTR341194]
   one-way hash function in the Internet X.509 Public Key Infrastructure
   (PKI) [PROFILE].

   This document provides supplemental information and specifications
   needed by the "Russian Cryptographic Software Compatibility
   Agreement" community.

   The algorithm identifiers and associated parameters are specified for
   subject public keys that employ the GOST R 34.10-94 [GOSTR341094]/VKO
   GOST R 34.10-94 [CPALGS] or the GOST R 34.10-2001 [GOSTR341001]/VKO
   GOST R 34.10-2001 [CPALGS] algorithms, as is the encoding format for
   the signatures produced by these algorithms.  Also, the algorithm
   identifiers for using the GOST R 34.11-94 one-way hash function with
   the GOST R 34.10-94 and GOST R 34.10-2001 signature algorithms are
   specified.

Leontiev & Shefanovski      Standards Track                     [Page 2]
RFC 4491                  Using GOST with PKIX                  May 2006

   This specification defines the contents of the signatureAlgorithm,
   signatureValue, signature, and subjectPublicKeyInfo fields within
   X.509 Certificates and CRLs.  For each algorithm, the appropriate
   alternatives for the keyUsage certificate extension are provided.

   ASN.1 modules, including all the definitions used in this document,
   can be found in [CPALGS].

1.1.  Requirement Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

[include full document text]