datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

Portable Symmetric Key Container (PSKC)
RFC 6030

Internet Engineering Task Force (IETF)                          P. Hoyer
Request for Comments: 6030                                 ActivIdentity
Category: Standards Track                                         M. Pei
ISSN: 2070-1721                                                 VeriSign
                                                              S. Machani
                                                              Diversinet
                                                            October 2010

                Portable Symmetric Key Container (PSKC)

Abstract

   This document specifies a symmetric key format for the transport and
   provisioning of symmetric keys to different types of crypto modules.
   For example, One-Time Password (OTP) shared secrets or symmetric
   cryptographic keys to strong authentication devices.  A standard key
   transport format enables enterprises to deploy best-of-breed
   solutions combining components from different vendors into the same
   infrastructure.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6030.

Hoyer, et al.                Standards Track                    [Page 1]
RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010

Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................4
      1.1. Key Words ..................................................4
      1.2. Version Support ............................................4
      1.3. Namespace Identifiers ......................................5
           1.3.1. Defined Identifiers .................................5
           1.3.2. Referenced Identifiers ..............................5
   2. Terminology .....................................................6
   3. Portable Key Container Entities Overview and Relationships ......6
   4. <KeyContainer> Element: The Basics ..............................8
      4.1. <Key>: Embedding Keying Material and Key-Related
           Information ................................................8
      4.2. Key Value Encoding ........................................10
           4.2.1. AES Key Value Encoding .............................11
           4.2.2. Triple-DES Key Value Encoding ......................11
      4.3. Transmission of Supplementary Information .................12
           4.3.1. <DeviceInfo> Element: Unique Device
                  Identification .....................................13
           4.3.2. <CryptoModuleInfo> Element: CryptoModule
                  Identification .....................................15
           4.3.3. <UserId> Element: User Identification ..............15
           4.3.4. <AlgorithmParameters> Element:
                  Supplementary Information for OTP and CR Algorithms 15
      4.4. Transmission of Key Derivation Values .....................17
   5. Key Policy .....................................................19
      5.1. PIN Algorithm Definition ..................................23
   6. Key Protection Methods .........................................23
      6.1. Encryption Based on Pre-Shared Keys .......................24
           6.1.1. MAC Method .........................................26
      6.2. Encryption Based on Passphrase-Based Keys .................27
      6.3. Encryption Based on Asymmetric Keys .......................29

Hoyer, et al.                Standards Track                    [Page 2]
RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010

      6.4. Padding of Encrypted Values for Non-Padded

[include full document text]