Network Working Group S. Leontiev, Ed.
Request for Comments: 4491 CRYPTO-PRO
Updates: 3279 D. Shefanovski, Ed.
Category: Standards Track Mobile TeleSystems OJSC
May 2006
Using the GOST R 34.10-94, GOST R 34.10-2001, and
GOST R 34.11-94 Algorithms with the
Internet X.509 Public Key Infrastructure
Certificate and CRL Profile
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2006).
Abstract
This document supplements RFC 3279. It describes encoding formats,
identifiers, and parameter formats for the algorithms GOST R 34.10-
94, GOST R 34.10-2001, and GOST R 34.11-94 for use in Internet X.509
Public Key Infrastructure (PKI).
Leontiev & Shefanovski Standards Track [Page 1]
RFC 4491 Using GOST with PKIX May 2006
Table of Contents
1. Introduction ....................................................2
1.1. Requirement Words ..........................................3
2. Algorithm Support ...............................................3
2.1. One-Way Hash Function ......................................3
2.1.1. One-Way Hash Function GOST R 34.11-94 ...............3
2.2. Signature Algorithms .......................................4
2.2.1. Signature Algorithm GOST R 34.10-94 .................4
2.2.2. Signature Algorithm GOST R 34.10-2001 ...............5
2.3. Subject Public Key Algorithms ..............................5
2.3.1. GOST R 34.10-94 Keys ................................6
2.3.2. GOST R 34.10-2001 Keys ..............................8
3. Security Considerations .........................................9
4. Examples .......................................................10
4.1. GOST R 34.10-94 Certificate ...............................10
4.2. GOST R 34.10-2001 Certificate .............................12
5. Acknowledgements ...............................................15
6. References .....................................................16
6.1. Normative References ......................................16
6.2. Informative References ....................................17
1. Introduction
This document supplements RFC 3279 [PKALGS]. It describes the
conventions for using the GOST R 34.10-94 [GOST3431095, GOSTR341094]
and GOST R 34.10-2001 [GOST3431004, GOSTR341001] signature
algorithms, VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 key
derivation algorithms, and GOST R 34.11-94 [GOST3431195, GOSTR341194]
one-way hash function in the Internet X.509 Public Key Infrastructure
(PKI) [PROFILE].
This document provides supplemental information and specifications
needed by the "Russian Cryptographic Software Compatibility
Agreement" community.
The algorithm identifiers and associated parameters are specified for
subject public keys that employ the GOST R 34.10-94 [GOSTR341094]/VKO
GOST R 34.10-94 [CPALGS] or the GOST R 34.10-2001 [GOSTR341001]/VKO
GOST R 34.10-2001 [CPALGS] algorithms, as is the encoding format for
the signatures produced by these algorithms. Also, the algorithm
identifiers for using the GOST R 34.11-94 one-way hash function with
the GOST R 34.10-94 and GOST R 34.10-2001 signature algorithms are
specified.
Leontiev & Shefanovski Standards Track [Page 2]
RFC 4491 Using GOST with PKIX May 2006
This specification defines the contents of the signatureAlgorithm,
signatureValue, signature, and subjectPublicKeyInfo fields within
X.509 Certificates and CRLs. For each algorithm, the appropriate
alternatives for the keyUsage certificate extension are provided.
ASN.1 modules, including all the definitions used in this document,
can be found in [CPALGS].
1.1. Requirement Words
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
datatracker.ietf.org