Network Working Group G. Chudov
Internet-Draft S. Leontiev
Intended status: Informational A. Chelpanov
Expires: June 15, 2009 P. Smirnov
CRYPTO-PRO
December 12, 2008
GOST based Security Uniform Resource Identifiers (URIs).
draft-chudov-cryptopro-cpxmldsig-01
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 15, 2009.
Abstract
This document specifies how to use Russian national cryptographic
standards GOST R 34.10-2001, GOST R 34.10-94, GOST R 34.11-94
GOST 28147-89 with XML Signatures and XML encryption. The mechanism
specified provides integrity, message authentication, and/or data
encryption and/or signer authentication services.
Chudov, et al. Expires June 15, 2009 [Page 1]
Internet-Draft GOST based Security URIs December 2008
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. GOST R 34.10-94/2001 . . . . . . . . . . . . . . . . . . . . . 3
3. Specifying GOST within XMLDSIG and XML encryption syntax
and processing . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Version, Namespaces and Identifiers . . . . . . . . . . . 3
3.2. XML Schema Preamble and DTD Replacement . . . . . . . . . 4
3.2.1. XML Schema Preamble . . . . . . . . . . . . . . . . . 4
3.2.2. DTD Replacement . . . . . . . . . . . . . . . . . . . 4
3.3. Public Key Signature Algorithms . . . . . . . . . . . . . 4
3.4. DigestMethod Algorithms . . . . . . . . . . . . . . . . . 5
3.5. Hash Message Authentication Code Algorithms . . . . . . . 5
3.6. GOST Key Values . . . . . . . . . . . . . . . . . . . . . 5
3.6.1. Key Value Root Element . . . . . . . . . . . . . . . . 5
3.6.2. GOST R 34.10 Parameters . . . . . . . . . . . . . . . 7
3.7. EncryptionMethod Algorithms . . . . . . . . . . . . . . . 8
3.8. Key Agreement Algorithms . . . . . . . . . . . . . . . . . 9
3.9. Key Transport Algorithm . . . . . . . . . . . . . . . . . 10
3.10. Symmetric Key Wrap . . . . . . . . . . . . . . . . . . . . 10
3.10.1. GOST 28147-89 Key Wrap . . . . . . . . . . . . . . . . 10
3.10.2. CryptoPro Key Wrap . . . . . . . . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . . 12
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
5.1. Signed message . . . . . . . . . . . . . . . . . . . . . . 12
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
7.1. Normative references . . . . . . . . . . . . . . . . . . . 13
7.2. Informative references . . . . . . . . . . . . . . . . . . 15
Appendix A. Aggregate XML Schema . . . . . . . . . . . . . . . . 15
Appendix B. Aggregate DTD . . . . . . . . . . . . . . . . . . . . 17
Appendix C. Examples . . . . . . . . . . . . . . . . . . . . . . 17
C.1. Signed document . . . . . . . . . . . . . . . . . . . . . 17
Appendix D. Acknowledgments . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
Intellectual Property and Copyright Statements . . . . . . . . . . 21
Chudov, et al. Expires June 15, 2009 [Page 2]
Internet-Draft GOST based Security URIs December 2008
1. Introduction
This document specifies how to use GOST R 34.10-2001, GOST R 34.10-94
digital signatures and public keys, GOST R 34.11-94 hash,
GOST 28147-89 encryption algorithms with XML Signatures [XMLDSIG] and
XML Encryption.
This document uses both XML Schemas ([XML-SCHEMA-1], [XML-SCHEMA-2])
(normative) and DTDs [XML] (informational) for specifying the
corresponding XML structures.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [KEYWORDS].
2. GOST R 34.10-94/2001
Algorithms GOST R 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94
have been developed by Russian Federal Agency of Governmental
Communication and Information (FAGCI) and "All-Russian Scientific and
Research Institute of Standardization". They are described in
[GOSTR341094], [GOSTR341001] and [GOSTR341194] ([GOST3431095],
[GOST3431004] and [GOST3431195]). RECOMMENDED parameters for those
algorithms are described in [CPALGS].
The only hash function used with GOST R 34.10-94/2001 is
GOST R 34.11-94.
3. Specifying GOST within XMLDSIG and XML encryption syntax and
processing
This section specifies the details of how to use GOST algorithms with
XML Signature Syntax and Processing [XMLDSIG] and XML Encryption
Syntax and Processing [XMLENC-CORE]. It relies heavily on syntaxes
and namespaces defined in [XMLDSIG] and [XMLENC-CORE].
3.1. Version, Namespaces and Identifiers
This specification makes no provision for an explicit version number
in the syntax. If a future version is needed, it will use a
different namespace.
The XML namespace [XML-NS] URI [RFC2396] that MUST be used by
implementations of this (dated) specification is:
Chudov, et al. Expires June 15, 2009 [Page 3]
Internet-Draft GOST based Security URIs December 2008
http://www.w3.org/2006/10/xmldsig-gost#
Elements in the namespace of the [XMLDSIG] specification are marked
as such by using the namespace prefix "dsig" in the remaining
sections of this document.
Elements in the namespace of the [XMLENC-CORE] specification are
marked as such by using the namespace prefix "xenc" in the remaining
sections of this document.
3.2. XML Schema Preamble and DTD Replacement
3.2.1. XML Schema Preamble
The subsequent preamble is to be used with the XML Schema definitions
given in the remaining sections of this document.
<xs:schema
xmlns:gost="http://www.w3.org/2006/10/xmldsig-gost#"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.w3.org/2006/10/xmldsig-gost#"
elementFormDefault="qualified" attributeFormDefault="unqualified"
version="0.3">
3.2.2. DTD Replacement
In order to include GOST XML-signature syntax, the following
definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]:
<!ENTITY % KeyValue.ANY '| gost:KeyValue1994| gost:KeyValue2001'>
3.3. Public Key Signature Algorithms
The input to the GOST R 34.10-94/2001 algorithms is the canonicalized
representation of the dsig:SignedInfo element as specified in Section
3 of [XMLDSIG].
The signature value (text value of element dsig:SignatureValue - see
section 4.2 of [XMLDSIG]) consists of the base64 encoding of the 64
octets as described in section 2.2 of [CPPK].
The identifier for the GOST R 34.10-94 signature algorithm is:
http://www.w3.org/2006/10/xmldsig-gost#gostr341094-gostr3411
The identifier for the GOST R 34.10-2001 signature algorithm is:
http://www.w3.org/2006/10/xmldsig-gost#gostr34102001-gostr3411
Chudov, et al. Expires June 15, 2009 [Page 4]
Internet-Draft GOST based Security URIs December 2008
3.4. DigestMethod Algorithms
The identifier for the GOST R 34.11-94 digest algorithm is:
http://www.w3.org/2006/10/xmldsig-gost#gostr3411
The DigestMethod may contain optional element gost:ParametersR3411.
ParametersR3411 contains one OID specified in section 8.2. [CPALGS].
If ParametersR3411 is missed, the application implicitly knows about
it from other means.
It is RECOMMENDED to use parameters defined by id-GostR3411-94-
CryptoProParamSet if ParametersR3411 is omitted (see Section 11.2
[CPALGS]).
Schema Definition:
<xs:element name="ParametersR3411"
type="gost:ObjectIdentifierType"/>
DTD Definition:
<!ELEMENT ParametersR3411 (#PCDATA) >
3.5. Hash Message Authentication Code Algorithms
GOST R 34.11-94 can also be used in HMAC [HMAC] as described in
section 6.3.1 of [XMLDSIG]. Identifier:
http://www.w3.org/2006/10/xmldsig-gost#hmac-gostr3411
The Hash Message Authentication Code Algorithms contain the same
parameters as DigestMethod Algorithms.
If ParametersR3411 is missed, the parameters, identified by id-
GostR3411-94-CryptoProParamSet, are RECOMMENDED to use (see Section
11.2 [CPALGS]).
3.6. GOST Key Values
3.6.1. Key Value Root Element
Elements of KeyValue1994Type and KeyValue2001Type types are used for
GOST public keys encoding. The usage of these elements with
[XMLDSIG] or [XMLENC-CORE] is the same as for dsig:RSAKeyValue or
xenc:DHKeyValue predefined elements in dsig:KeyValue.
The elements consist of an optional subelement PublicKeyParameters
and the mandatory subelement PublicKey. If PublicKeyParameters are
Chudov, et al. Expires June 15, 2009 [Page 5]
Internet-Draft GOST based Security URIs December 2008
missing in an instance, this means that the application knows about
them from other means (implicitly).
Schema Definition:
<xs:element name="KeyValue1994"
type="gost:KeyValue1994Type"/>
<xs:complexType name="KeyValue1994Type">
<xs:sequence>
<xs:element name="PublicKeyParameters"
type="gost:PublicKeyParameters1994Type"
minOccurs="0"/>
<xs:element name="PublicKey" type="xs:base64Binary"/>
</xs:sequence>
</xs:complexType>
<xs:element name="KeyValue2001"
type="gost:KeyValue2001Type"/>
<xs:complexType name="KeyValue2001Type">
<xs:sequence>
<xs:element name="PublicKeyParameters"
type="gost:PublicKeyParameters2001Type"
minOccurs="0"/>
<xs:element name="PublicKey" type="xs:base64Binary"/>
</xs:sequence>
</xs:complexType>
DTD Definition:
<!ELEMENT KeyValue1994 (
PublicKeyParameters1994?, PublicKey) >
<!ELEMENT KeyValue2001 (
PublicKeyParameters2001?, PublicKey) >
<!ELEMENT PublicKey (#PCDATA) >
If KeyValue2001Type PublicKeyParameters subelement is missed, the
parameters, identified by DefaultPublicKeyParameters2001, are
RECOMMENDED to use.
Chudov, et al. Expires June 15, 2009 [Page 6]
Internet-Draft GOST based Security URIs December 2008
DefaultPublicKeyParameters2001:
<PublicKeyParameters>
<publicKeyParamSet>1.2.643.2.2.35.1</publicKeyParamSet>
<!-- id-GostR3410-2001-CryptoPro-A-ParamSet -->
<digestParamSet>1.2.643.2.2.30.1</digestParamSet>
<!-- id-GostR3411-94-CryptoProParamSet -->
<encryptionParamSet>1.2.643.2.2.31.1</encryptionParamSet>
<!-- id-Gost28147-89-CryptoPro-A-ParamSet -->
</PublicKeyParameters>
If KeyValue1994Type PublicKeyParameters subelement is missed, the
parameters, defined by DefaultPublicKeyParameters1994, are
RECOMMENDED to use.
DefaultPublicKeyParameters1994:
<PublicKeyParameters>
<publicKeyParamSet>1.2.643.2.2.32.2</publicKeyParamSet>
<!-- id-GostR3410-94-CryptoPro-A-ParamSet -->
<digestParamSet>1.2.643.2.2.30.1</digestParamSet>
<!-- id-GostR3411-94-CryptoProParamSet -->
<encryptionParamSet>1.2.643.2.2.31.1</encryptionParamSet>
<!-- id-Gost28147-89-CryptoPro-A-ParamSet -->
</PublicKeyParameters>
3.6.2. GOST R 34.10 Parameters
Gost paramaters contain three OIDs: publicKeyParamSet, digestParamSet
and optional encryptionParamSet. Parameter values, corresponding to
these OIDs, can be found in [CPALGS].
Chudov, et al. Expires June 15, 2009 [Page 7]
Internet-Draft GOST based Security URIs December 2008
Schema Definition:
<xs:complexType name="PublicKeyParameters1994Type">
<xs:sequence>
<xs:element name="publicKeyParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="digestParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="encryptionParamSet"
type="gost:ObjectIdentifierType"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PublicKeyParameters2001Type">
<xs:sequence>
<xs:element name="publicKeyParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="digestParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="encryptionParamSet"
type="gost:ObjectIdentifierType"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="ObjectIdentifierType">
<xs:restriction base="xs:token">
<xs:pattern value="[0-2](\.[1-3]?[0-9]?(\.\d+)*)?"/>
</xs:restriction>
</xs:simpleType>
DTD Definition:
<!ELEMENT PublicKeyParameters1994 (
publicKeyParamSet, digestParamSet,
encryptionParamSet?) >
<!ELEMENT PublicKeyParameters2001 (
publicKeyParamSet, digestParamSet,
encryptionParamSet?) >
<!ELEMENT publicKeyParamSet (#PCDATA) >
<!ELEMENT digestParamSet (#PCDATA) >
<!ELEMENT encryptionParamSet (#PCDATA) >
3.7. EncryptionMethod Algorithms
This subsection gives identifiers and information for GOST 28147-89
EncryptionMethod Algorithms.
Chudov, et al. Expires June 15, 2009 [Page 8]
Internet-Draft GOST based Security URIs December 2008
The identifier for the GOST 28147-89 encryption algorithm is:
http://www.w3.org/2006/10/xmldsig-gost#gost28147
Complete description of GOST 28147-89 can be found in [GOST28147] (in
Russian).
256-bit key, 64-bit Initialization Vector (IV), and optional
parameters are used in GOST 28147-89 encryption method algorithms.
The resulting cipher text is prefixed by the IV. If included in XML
output, it is then base64 encoded.
GostParameters28147 specifies the set of corresponding Gost28147-89-
ParamSetParameters (see Section 8.1 of [CPALGS] ). Encryption mode
is specified by mode parameter of Gost28147-89-ParamSetParameters
structure. CFB and CNT modes are RECOMMENDED to use. If
ParametersR3411 is missed, the application implicitly knows about it
from other means.
If GostParameters28147 is omitted, the parameters, defined by id-
Gost28147-89-CryptoPro-A-ParamSet, are RECOMMENDED to use (see
Section 8.1 [CPALGS]).
Schema Definition:
<xs:simpleType name="Parameters28147Type">
<xs:restriction base="gost:ObjectIdentifierType" />
</xs:simpleType>
DTD Definition:
<!ELEMENT Parameters28147 (#PCDATA) >
3.8. Key Agreement Algorithms
Key agreement algorithms based on GOST R 34.10-94/2001 public keys
(see Section 5 [CPALGS]) involves the derivation of shared secret
information based on compatible keys from the sender and recipient.
The identifiers for the algorithms based on GOST R 34.10-94/2001 are:
http://www.w3.org/2006/10/xmldsig-gost#agree-gost1994
http://www.w3.org/2006/10/xmldsig-gost#agree-gost2001
The shared keying material for algorithm based on GOST R 34.10-94
needed will be calculated as a result of function VKO GOST R 34.10-94
(see Section 5.1 [CPALGS]), which generates GOST KEK using two
GOST R 34.10-94 keypairs.
Chudov, et al. Expires June 15, 2009 [Page 9]
Internet-Draft GOST based Security URIs December 2008
The shared keying material for algorithm based on GOST R 34.10-2001
needed will be calculated as a result of function VKO GOST R 34.10-
2001 (see Section 5.2 [CPALGS]), which generates GOST KEK using two
GOST R 34.10-2001 keypairs and UKM. KA-Nonce field of
AgreementMethod contains base64 encoded 64-bits value of UKM, if UKM
is used.
3.9. Key Transport Algorithm
The key transport alogorithms based on VKO GOST R 34.10-2001 or VKO
GOST R 34.10-1994, specified in [CPALGS], are public key encryption
algorithms, which MUST be used for key encryption/decryption only.
The identifiers for the algorithms based on VKO GOST R 34.10-94/2001
are:
http://www.w3.org/2006/10/xmldsig-gost#transport-gost1994
http://www.w3.org/2006/10/xmldsig-gost#transport-gost2001
The CipherValue for such encrypted key is the base64 encoding of the
[X.208-88] encoding structure GostR3410-KeyTransport (see section
4.2.1 [CPCMS]).
In order to produce the KEK, the algorithm VKO GOST R 34.10-94/2001
(described in [CPALGS]) is used with the secret key, which
corresponds to the GostR3410-TransportParameters ephemeralPublicKey,
and recipient's public key.
If the CryptoPro key wrap algorithm is used to produce CEK_ENC,
CEK_MAC, and UKM, then GostR3410-TransportParameters
encryptionParamSet is used for all encryption operations.
The resulting encrypted key (CEK_ENC) is placed in the Gost28147-89-
EncryptedKey encryptedKey field, its mac (CEK_MAC) is placed in the
Gost28147-89-EncryptedKey macKey field, and UKM is placed in the
GostR3410-TransportParameters ukm field.
3.10. Symmetric Key Wrap
Symmetric Key Wrap algorithms are shared secret key encryption
algorithms, which MUST be used for symmetric keys encryption/
decryption only.
3.10.1. GOST 28147-89 Key Wrap
The GOST 28147-89 Key Wrap algorithms wrap (encrypt) a key (the
wrapped key, WK) under a GOST 28147-89 Key Wrap (specified in
sections 6.1, 6.2 [CPALGS]).
Chudov, et al. Expires June 15, 2009 [Page 10]
Internet-Draft GOST based Security URIs December 2008
Note: These algorithms MUST NOT be used without Key Agreement
algorithm, because such WK is constant for every wrappnig-encrypting
pair. The encryption of many different keys with the same constant
WK may reveal that WK.
The identifier for the GOST 28147-89 Key Wrap algorithms is
http://www.w3.org/2006/10/xmldsig-gost#kw-gost
The CipherValue for such wrapped key is the base64 encoding of the
[X.208-88] DER encoding structure GostR3410-KeyWrap.
ASN.1 structure:
GostR3410-KeyWrap ::=
SEQUENCE {
encryptedKey Gost28147-89-EncryptedKey,
encryptedParameters Gost28147-89-KeyWrapParameters
}
Gost28147-89-KeyWrapParameters is described in section 4.1.1 of
[CPCMS]. KA-Nonce field of AgreementMethod tag MUST be used as ukm.
The resulting wrapped key (WK) is placed in the Gost28147-89-
EncryptedKey encryptedKey field, its mac (CEK_MAC) is placed in the
Gost28147-89-EncryptedKey macKey field. ukm field of Gost28147-89-
KeyWrapParameters MUST be absent.
3.10.2. CryptoPro Key Wrap
The CryptoPro Key Wrap algorithm wraps (encrypts) a key (wrapped key,
WK) under a CryptoPro Key Wrap (specified in sections 6.3, 6.4
[CPALGS]).
The identifier for the CryptoPro Key Wrap algorithms is
http://www.w3.org/2006/10/xmldsig-gost#kw-cp
The CipherValue for such wrapped key is the base64 encoding of the
[X.208-88] DER encoding structure GostR3410-KeyWrap (See 'GOST
28147-89 Key Wrap').
The resulting wrapped key (WK) is placed in the Gost28147-89-
EncryptedKey encryptedKey field, its mac (CEK_MAC) is placed in the
Gost28147-89-EncryptedKey macKey field.
If CryptoPro Key wrap algorithm is combined with Key Agreement
Algorithm, KA-Nonce field of AgreementMethod tag MUST be used as ukm.
ukm field of Gost28147-89-KeyWrapParameters type must be absent.
Chudov, et al. Expires June 15, 2009 [Page 11]
Internet-Draft GOST based Security URIs December 2008
If CryptoPro Key wrap algorithm is not combined with Key Agreement
Algorithm, ukm field of Gost28147-89-KeyWrapParameters type MUST be
present.
4. Security Considerations
Conforming applications MUST use unique values for ukm and iv.
Recipients MAY verify that ukm and iv, specified by the sender, are
unique.
It is RECOMMENDED that software applications verify signature values,
subject public keys and algorithm parameters to conform to
[GOSTR341001], [GOSTR341094] standards before to use them.
Cryptographic algorithm parameters affect algorithm strength. The
use of parameters not listed in [CPALGS] is NOT RECOMMENDED (see the
Security Considerations section of [CPALGS]).
Use of the same key for signature and key derivation is NOT
RECOMMENDED.
SHOULD NOT use XML encryption without XML signature or HMAC.
5. Examples
5.1. Signed message
This message is signed using the sample certificate.
6. IANA Considerations
IANA has assigned the following values for GOST 28147-89 mode ciphers
definitions:
IANA has assigned the following XML namespace [XML-NS] URN:
http://www.w3.org/2006/10/xmldsig-gost#
[IANA please remove] Note: The above URN have not yet been
registered.
7. References
Chudov, et al. Expires June 15, 2009 [Page 12]
Internet-Draft GOST based Security URIs December 2008
7.1. Normative references
[CPALGS] Popov, V., Kurepkin, I., and S. Leontiev, "Additional
Cryptographic Algorithms for Use with GOST 28147-89,
GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
Algorithms", RFC 4357, January 2006.
[CPCMS] Leontiev, S. and G. Chudov, "Using the GOST 28147-89,
GOST R 34.11-94, GOST R 34.10-94, and GOST R 34.10-2001
Algorithms with Cryptographic Message Syntax (CMS)",
RFC 4490, May 2006.
[CPPK] Leontiev, S. and D. Shefanovski, "Using the
GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
Algorithms with the Internet X.509 Public Key
Infrastructure Certificate and CRL Profile", RFC 4491,
May 2006.
[GOST28147]
Government Committee of the USSR for Standards,
"Cryptographic Protection for Data Processing System,
Gosudarstvennyi Standard of USSR (In Russian)",
GOST 28147-89, 1989.
[GOST3431004]
Council for Standardization, Metrology and Certification
of the Commonwealth of Independence States (EASC), Minsk,
"Information technology. Cryptographic Data Security.
Formation and verification processes of (electronic)
digital signature based on Asymmetric Cryptographic
Algorithm (In Russian)", GOST 34.310-2004, 2004.
[GOST3431095]
Council for Standardization, Metrology and Certification
of the Commonwealth of Independence States (EASC), Minsk,
"Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital
Signature based on Asymmetric Cryptographic Algorithm (In
Russian)", GOST 34.310-95, 1995.
[GOST3431195]
Council for Standardization, Metrology and Certification
of the Commonwealth of Independence States (EASC), Minsk,
"Information technology. Cryptographic Data Security.
Cashing function (In Russian)", GOST 34.311-95, 1995.
[GOSTR341001]
Government Committee of the Russia for Standards,
Chudov, et al. Expires June 15, 2009 [Page 13]
Internet-Draft GOST based Security URIs December 2008
"Information technology. Cryptographic Data
Security.Signature and verification processes of
[electronic] digital signature, Gosudarstvennyi Standard
of Russian Federation (In Russian)", GOST R 34.10-2001,
2001.
[GOSTR341094]
Government Committee of the Russia for Standards,
"Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital
Signatures based on Asymmetric Cryptographic Algorithm,
Gosudarstvennyi Standard of Russian Federation (In
Russian)", GOST R 34.10-94, 1994.
[GOSTR341194]
Government Committee of the Russia for Standards,
"Information technology. Cryptographic Data Security.
Hashing function, Gosudarstvennyi Standard of Russian
Federation (In Russian)", GOST R 34.11-94, 1994.
[HMAC] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
February 1997.
[KEYWORDS]
Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2396] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396,
August 1998.
[X.208-88]
International International Telephone and Telegraph
Consultative Committee, "Specification of Abstract Syntax
Notation One (ASN.1)", CCITT Recommendation X.208,
November 1988.
[XML-NS] Bray, T., Hollander, D., Layman, A., and R. Tobin,
"Namespaces in XML (Second Edition)", W3C REC-xml-names,
August 2006,
<http://www.w3.org/TR/REC-xml-names-20060816>.
[XML-SCHEMA-1]
Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn,
"XML Schema Part 1: Structures Second Edition", W3C REC-
xmlschema-1, October 2004,
<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/>.
Chudov, et al. Expires June 15, 2009 [Page 14]
Internet-Draft GOST based Security URIs December 2008
[XML-SCHEMA-2]
Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
Second Edition", W3C REC-xmlschema-2, October 2004,
<http://www.w3.org/TR/2004/REC-xmlschema-2-20041028/>.
[XMLDSIG] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup
Language) XML-Signature Syntax and Processing", RFC 3275,
March 2002.
[XMLENC-CORE]
Eastlake, D. and J. Reagle , "XML Encryption Syntax and
Processing", W3C Candidate Recommendation xmlenc-core,
August 2002, <http://www.w3.org/TR/xmlenc-core/>.
7.2. Informative references
[RFC4134] Hoffman, P., "Examples of S/MIME Messages", RFC 4134,
July 2005.
[XML] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and
F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fourth
Edition)", W3C REC-xml, August 2006,
<http://www.w3.org/TR/2006/REC-xml-20060816>.
Appendix A. Aggregate XML Schema
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema
xmlns:gost="http://www.w3.org/2006/10/xmldsig-gost#"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
targetNamespace="http://www.w3.org/2006/10/xmldsig-gost#"
elementFormDefault="qualified" attributeFormDefault="unqualified"
version="0.3">
<xs:element name="KeyValue1994" type="gost:KeyValue1994Type"/>
<xs:complexType name="KeyValue1994Type">
<xs:sequence>
<xs:element name="PublicKeyParameters1994"
type="gost:PublicKeyParameters1994Type"
minOccurs="0"/>
<xs:element name="PublicKey" type="xs:base64Binary"/>
</xs:sequence>
</xs:complexType>
Chudov, et al. Expires June 15, 2009 [Page 15]
Internet-Draft GOST based Security URIs December 2008
<xs:element name="KeyValue2001" type="gost:KeyValue2001Type"/>
<xs:complexType name="KeyValue2001Type">
<xs:sequence>
<xs:element name="PublicKeyParameters2001"
type="gost:PublicKeyParameters2001Type"
minOccurs="0"/>
<xs:element name="PublicKey" type="xs:base64Binary"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PublicKeyParameters1994Type">
<xs:sequence>
<xs:element name="publicKeyParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="digestParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="encryptionParamSet"
type="gost:ObjectIdentifierType"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="PublicKeyParameters2001Type">
<xs:sequence>
<xs:element name="publicKeyParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="digestParamSet"
type="gost:ObjectIdentifierType"/>
<xs:element name="encryptionParamSet"
type="gost:ObjectIdentifierType"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="Parameters28147Type">
<xs:restriction base="gost:ObjectIdentifierType" />
</xs:simpleType>
<xs:simpleType name="ObjectIdentifierType">
<xs:restriction base="xs:token">
<xs:pattern value="[0-2](\.[1-3]?[0-9]?(\.\d+)*)?"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="ParametersR3411"
type="gost:ObjectIdentifierType"/>
Chudov, et al. Expires June 15, 2009 [Page 16]
Internet-Draft GOST based Security URIs December 2008
</xs:schema>
Appendix B. Aggregate DTD
<!ELEMENT KeyValue1994 (
PublicKeyParameters1994?, PublicKey) >
<!ELEMENT KeyValue2001 (
PublicKeyParameters2001?, PublicKey) >
<!ELEMENT PublicKey (#PCDATA) >
<!ELEMENT PublicKeyParameters1994 (
publicKeyParamSet, digestParamSet,
encryptionParamSet?) >
<!ELEMENT PublicKeyParameters2001 (
publicKeyParamSet, digestParamSet,
encryptionParamSet?) >
<!ELEMENT publicKeyParamSet (#PCDATA) >
<!ELEMENT digestParamSet (#PCDATA) >
<!ELEMENT encryptionParamSet (#PCDATA) >
<!ELEMENT Parameters28147 (#PCDATA) >
<!ELEMENT ParametersR3411 (#PCDATA) >
Appendix C. Examples
Examples here are stored in the same format as the examples in
[RFC4134] and can be extracted using the same program.
If you want to extract without the program, copy all the lines
between the "|>" and "|<" markers, remove any page breaks, and remove
the "|" in the first column of each line. The result is a valid
Base64 blob that can be processed by any Base64 decoder.
C.1. Signed document
This sample contain the signed XML document using the sample
certificate from Section 4.2 of [CPPK].
Chudov, et al. Expires June 15, 2009 [Page 17]
Internet-Draft GOST based Security URIs December 2008
|>XmlDocSigned2001.xml
|PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48Q3J5cHRvUHJv
|WE1MIFNpZ25lZD0idHJ1ZSI+SGVyZSBpcyBzb21lIGRhdGEgdG8gc2lnbi48U2ln
|bmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcj
|Ij48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09
|Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1
|IiAvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9y
|Zy8yMDAxLzA0L3htbGRzaWctbW9yZSNnb3N0cjM0MTAyMDAxLWdvc3RyMzQxMSIg
|Lz48UmVmZXJlbmNlIFVSST0iIj48VHJhbnNmb3Jtcz48VHJhbnNmb3JtIEFsZ29y
|aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
|ZC1zaWduYXR1cmUiIC8+PC9UcmFuc2Zvcm1zPjxEaWdlc3RNZXRob2QgQWxnb3Jp
|dGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNnb3N0
|cjM0MTEiIC8+PERpZ2VzdFZhbHVlPi9Kd3RRc3Z5NWsvUjBWZUx6ZG0ySWlqUEJ0
|U0o1cEpSalQ5RlVRSEV5VGc9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1Np
|Z25lZEluZm8+PFNpZ25hdHVyZVZhbHVlPkZjYjNxNGlCdmRmZ1lvN245NUdhUUN1
|ZDkxWVA3dzhvVjAzUjZ6a1JEZGxjK0RuQ2MwcjlNc0E1YS9iaFlDeVdQZC9jRVU4
|K3FZRnJ5SmJjaXJ5d0hBPT08L1NpZ25hdHVyZVZhbHVlPjxLZXlJbmZvPjxYNTA5
|RGF0YT48WDUwOUNlcnRpZmljYXRlPk1JSUIwRENDQVg4Q0VDdjF4aDdDRWIwWHg5
|elVZbWEwTGlFd0NBWUdLb1VEQWdJRE1HMHhIekFkQmdOVkJBTU1Ga2R2YzNSU016
|UXhNQzB5TURBeElHVjRZVzF3YkdVeEVqQVFCZ05WQkFvTUNVTnllWEIwYjFCeWJ6
|RUxNQWtHQTFVRUJoTUNVbFV4S1RBbkJna3Foa2lHOXcwQkNRRVdHa2R2YzNSU016
|UXhNQzB5TURBeFFHVjRZVzF3YkdVdVkyOXRNQjRYRFRBMU1EZ3hOakUwTVRneU1G
|b1hEVEUxTURneE5qRTBNVGd5TUZvd2JURWZNQjBHQTFVRUF3d1dSMjl6ZEZJek5E
|RXdMVEl3TURFZ1pYaGhiWEJzWlRFU01CQUdBMVVFQ2d3SlEzSjVjSFJ2VUhKdk1R
|c3dDUVlEVlFRR0V3SlNWVEVwTUNjR0NTcUdTSWIzRFFFSkFSWWFSMjl6ZEZJek5E
|RXdMVEl3TURGQVpYaGhiWEJzWlM1amIyMHdZekFjQmdZcWhRTUNBaE13RWdZSEtv
|VURBZ0lrQUFZSEtvVURBZ0llQVFOREFBUkFoSlZvZFdBQ0drQjFDTTBUakRHSkxQ
|M2xCUU42UTF6MGJTc1A1MDh5ZmxlUDY4d1d1WldJQTlDYWZJV3VEK1NONnFhN2Zs
|Ykh5N0RmRDJhOHl1b2FZREFJQmdZcWhRTUNBZ01EUVFBOEw4a0pSTGNucWV5bjFl
|bjdVMjNTdzZwa2ZFUXUzdTB4RmtWUHZGUS8zY0hlRjI2TkcreHh0WlB6M1RhVFZY
|ZG9pWWtYWWlEMDJyRXgxYlVjTTk3aTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURh
|dGE+PC9LZXlJbmZvPjwvU2lnbmF0dXJlPjwvQ3J5cHRvUHJvWE1MPg==
|<XmlDocSigned2001.xml
Appendix D. Acknowledgments
The authors wish to thank:
Microsoft Corporation Russia for provided information about
company products and solutions, and also for technical consulting
in PKI.
Chudov, et al. Expires June 15, 2009 [Page 18]
Internet-Draft GOST based Security URIs December 2008
Authors' Addresses
Grigorij S. Chudov
CRYPTO-PRO, Ltd.
16/5, Suschevskij val
Moscow 127018
Russia
Phone: +7 (495) 780 48 20
Fax: +7 (495) 660 2330
Email: chudov@CryptoPro.ru
URI: http://www.CryptoPro.ru
Serguei E. Leontiev
CRYPTO-PRO, Ltd.
16/5, Suschevskij val
Moscow 127018
Russia
Phone: +7 (495) 780 48 20
Fax: +7 (495) 660 2330
Email: lse@CryptoPro.ru
URI: http://www.CryptoPro.ru
Aleksandr V. Chelpanov
CRYPTO-PRO, Ltd.
16/5, Suschevskij val
Moscow 127018
Russia
Phone: +7 (495) 780 48 20
Fax: +7 (495) 660 2330
Email: cav@CryptoPro.ru
URI: http://www.CryptoPro.ru
Chudov, et al. Expires June 15, 2009 [Page 19]
Internet-Draft GOST based Security URIs December 2008
Pavel V. Smirnov
CRYPTO-PRO, Ltd.
16/5, Suschevskij val
Moscow 127018
Russia
Phone: +7 (495) 780 48 20
Fax: +7 (495) 660 2330
Email: spv@CryptoPro.ru
URI: http://www.CryptoPro.ru
Chudov, et al. Expires June 15, 2009 [Page 20]
Internet-Draft GOST based Security URIs December 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Chudov, et al. Expires June 15, 2009 [Page 21]