Network Working Group Sean Turner, IECA
Internet Draft Dan Brown, Certicom
Intended Status: Informational October 19, 2009
Expires: April 19, 2010
Elliptic Curve Private Key Structure
draft-turner-ecprivatekey-00.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 19, 2010.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Turner & Brown Expires April 19, 2010 [Page 1]
Internet-Draft Elliptic Curve Private Key Structure October 2009
Abstract
This document specifies the syntax and semantics for conveying
Elliptic Curve (EC) private key information. This syntax and
semantics defined herein are based on a similar syntax and semantics
defined in Standards for Efficient Cryptography Group (SECG).
1. Introduction
This document specifies a syntax and semantics for Elliptic Curve
(EC) private key information. EC private key information includes a
private key and parameters. Additionally, it may include the
corresponding public key. The syntax and semantics defined herein
are based on a similar syntax and semantics defined in Standards for
Efficient Cryptography Group (SECG) [SECG1].
Most Public Key Infrastructures (PKIs) mandate local key generation;
however, there are some PKIs that also support centralized key
generation (e.g., the public-private key pair is generated by a CA).
The structure defined in this document allows the entity that
generates the private and public keys to distribute the key pair and
optionally the associated domain parameters.
A scenario in which this syntax is useful distributes EC private keys
using PrivateKeyInfo, as defined in PKCS #8 [RFC5208]. Distributing
an EC private key with PKCS#8 [RFC5208] involves including a) id-
ecPublicKey, id-ecDH, or id-ecMQV (from [RFC5480]) with the
namedCurve as the parameters in the privateKeyAlgorithm field b)
ECPrivateKey in the PrivateKey field, which is an OCTET STRING c)
optionally including any attributes in the attributes field.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Elliptic Curve Private Key Format
This section gives the syntax for an EC private key. Computationally
an EC private key is an unsigned integer, but for representation, EC
private key information SHALL have ASN.1 type ECPrivateKey:
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
Turner & Brown Expires April 19, 2010 [Page 2]
Internet-Draft Elliptic Curve Private Key Structure October 2009
The fields of type ECPrivateKey have the following meanings:
o version specifies the syntax version number of the elliptic curve
private key structure. For this version of the document, it SHALL
be set to ecPrivkeyVer1, which is of type INTEGER and whose value
is one (1).
o privateKey is the private key. It is a DER encoding of an octet
string of length [log2 n/8] (where n is the order of the curve)
obtained from the unsigned integer via following encoding:
Input: A non-negative integer x together with the desired length
mlen of the octet string. It must be the case that:
2^(8(mlen)) > x.
Output: An octet string M of length mlen octets.
Actions: Convert:
x = x[mlen-1]*2^(8(mlen-1))+x[mlen-2]*2^(8(mlen-2))+...+
x[1]*2^8+x[0] represented in base 2^8=256 to an octet string
M=M[0]|M[1]|...|M[mlen-1], where | denotes concatenation, as
follows:
1. For 0 <= i <= mlen-1 set M[i]=x[mlen-1-i]
2. Output M.
o parameters, which is OPTIONAL, specifies the elliptic curve domain
parameters associated to the private key. The type ECParameters
are discussed in [RFC5480]. As specified in [RFC5480], only the
namedCurve CHOICE, which is an object identifier that fully
identifies the required values for a particular set of elliptic
curve domain parameters, is permitted.
o publicKey, which is OPTIONAL, contains the elliptic curve public
key associated with the private key in question. EC public keys
are discussed in Section 2.2 of [RFC5480].
4. Security Considerations
This structure does not protect the EC private key information in any
way. This structure can be combined with a security protocol to
protect it.
Protection of the private-key information is vital to public-key
cryptography. Disclosure of the private-key material to another
Turner & Brown Expires April 19, 2010 [Page 3]
Internet-Draft Elliptic Curve Private Key Structure October 2009
entity can lead to masquerades. The encryption algorithm used in the
encryption process must be as 'strong' as the key it is protecting.
5. IANA Considerations
None: All identifiers are already registered. Please remove this
section prior to publication as an RFC.
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and W. Polk,
"Elliptic Curve Cryptography Subject Public Key
Information", RFC 5480, March 2009.
[RFCXXXX] Schaad, J., and P. Hoffman, "New ASN.1 Modules for PKIX",
draft-ietf-pkix-new-asn1-07.txt, work-in-progress.
[SECG1] Standards for Efficient Cryptography Group (SECG), "SEC
1: Elliptic Curve Cryptography", Version 2.0, May 2009.
[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002.
Information Technology - Abstract Syntax Notation One.
[X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002.
Information Technology - Abstract Syntax Notation One:
Information Object Specification.
[X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002.
Information Technology - Abstract Syntax Notation One:
Constraint Specification.
[X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002.
Information Technology - Abstract Syntax Notation One:
Parameterization of ASN.1 Specifications, 2002.
6.2. Informative References
[RFC5208] Kaliski, B., "Public-Key Cryptography Standards (PKCS)
#8: Private-Key Information Syntax Specification Version
1.2, RFC 5208, May 2008.
Turner & Brown Expires April 19, 2010 [Page 4]
Internet-Draft Elliptic Curve Private Key Structure October 2009
Appendix A ASN.1 Module
This appendix provides informative ASN.1 definitions for the
structures described in this specification using ASN.1 as defined in
[X.680], [X.681], [X.682], and [X.683] for compilers that support the
2002 ASN.1.
ECPrivateKey-2009-02 { id-tbd }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
-- EXPORTS ALL;
IMPORTS
ECParameters, NamedCurve
FROM PKIXAlgs-2009 -- FROM [RFCXXXX]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-algorithms2008-02(56) }
;
ECPrivateKey ::= SEQUENCE {
version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
privateKey OCTET STRING,
parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
publicKey [1] BIT STRING OPTIONAL
}
END
Turner & Brown Expires April 19, 2010 [Page 5]
Internet-Draft Elliptic Curve Private Key Structure October 2009
Author's Addresses
Sean Turner
IECA, Inc.
3057 Nutley Street, Suite 106
Fairfax, VA 22031
USA
EMail: turners@ieca.com
Daniel R. L. Brown
Certicom Corp
5520 Explorer Drive #400
Mississauga, ON L4W 5L1
CANADA
Email: dbrown@certicom.com
Turner & Brown Expires April 19, 2010 [Page 6]