Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures
RFC 4050

 
Document Type RFC - Informational (April 2005; No errata)
Last updated 2013-03-02
Stream ISE
Formats plain text pdf html
Stream ISE state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4050 (Informational)
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Network Working Group                                    S. Blake-Wilson
Request for Comments: 4050                                           BCI
Category: Informational                                     G. Karlinger
                                                             CIO Austria
                                                            T. Kobayashi
                                                                     NTT
                                                                 Y. Wang
                                                                    UNCC
                                                              April 2005

         Using the Elliptic Curve Signature Algorithm (ECDSA)
                       for XML Digital Signatures

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

IESG Note

   This document is not a candidate for any level of Internet Standard.
   The IETF disclaims any knowledge of the fitness of this document for
   any purpose, and in particular notes that it has not had IETF review
   for such things as security, congestion control, or inappropriate
   interaction with deployed protocols.  The RFC Editor has chosen to
   publish this document at its discretion.  Readers of this document
   should exercise caution in evaluating its value for implementation
   and deployment.

Abstract

   This document specifies how to use Elliptic Curve Digital Signature
   Algorithm (ECDSA) with XML Signatures.  The mechanism specified
   provides integrity, message authentication, and/or signer
   authentication services for data of any type, whether located within
   the XML that includes the signature or included by reference.

Blake-Wilson, et al.         Informational                      [Page 1]
RFC 4050            ECDSA for XML Digital Signatures          April 2005

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
   2.  ECDSA. . . . . . . . . . . . . . . . . . . . . . . . . . . . .  2
   3.  Specifying ECDSA within XMLDSIG  . . . . . . . . . . . . . . .  3
       3.1.  Version, Namespaces, and Identifiers . . . . . . . . . .  3
       3.2.  XML Schema Preamble and DTD Replacement. . . . . . . . .  4
             3.2.1.  XML Schema Preamble. . . . . . . . . . . . . . .  4
             3.2.2.  DTD Replacement. . . . . . . . . . . . . . . . .  4
       3.3.  ECDSA Signatures . . . . . . . . . . . . . . . . . . . .  4
       3.4.  ECDSA Key Values . . . . . . . . . . . . . . . . . . . .  4
             3.4.1.  Key Value Root Element . . . . . . . . . . . . .  4
             3.4.2.  EC Domain Parameters . . . . . . . . . . . . . .  5
                     3.4.2.1.  Field Parameters . . . . . . . . . . .  6
                     3.4.2.2.  Curve Parameters . . . . . . . . . . .  8
                     3.4.2.3.  Base Point Parameters. . . . . . . . .  9
             3.4.3.  EC Points  . . . . . . . . . . . . . . . . . . . 10
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
   5.  Normative References . . . . . . . . . . . . . . . . . . . . . 11
   6.  Informative References . . . . . . . . . . . . . . . . . . . . 12
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13
   Appendix A: Aggregate XML Schema . . . . . . . . . . . . . . . . . 14
   Appendix B: Aggregate DTD. . . . . . . . . . . . . . . . . . . . . 17
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18
   Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 19

1.  Introduction

   This document specifies how to use the Elliptic Curve Digital
   Signature Algorithm (ECDSA) with XML signatures, as specified in
   [XMLDSIG].  [XMLDSIG] defines only two digital signature methods: RSA
   and DSA (DSS) signatures.  This document introduces ECDSA signatures
   as an additional method.

   This document uses both XML Schemas [XML-schema] (normative) and DTDs
   [XML] (informational) to specify the corresponding XML structures.

2.  ECDSA

   The Elliptic Curve Digital Signature Algorithm (ECDSA) is the
   elliptic curve analogue of the DSA (DSS) signature method
   [FIPS-186-2].  It is defined in the ANSI X9.62 standard [X9.62].
   Other compatible specifications include FIPS 186-2 [FIPS-186-2], IEEE
   1363 [IEEE1363], IEEE 1363a [IEEE1363a], and SEC1 [SEC1].  [RFC3279]
   describes ways to carry ECDSA keys in X.509 certificates.
   [FIPS-186-2], [SEC2], and [X9.62] provide recommended elliptic curve
   domain parameters for use with ECDSA.

Blake-Wilson, et al.         Informational                      [Page 2]
Show full document text