Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures
RFC 4050
This RFC was published on the Independent Submission stream.
This RFC is not endorsed by the IETF and has no formal standing in the
IETF standards process.
Document | Type | RFC - Informational (April 2005) | |
---|---|---|---|
Authors | Simon Blake-Wilson , Yongge Wang , Tetsutaro Kobayashi , Gregor Karlinger | ||
Last updated | 2013-03-02 | ||
RFC stream | Independent Submission | ||
Formats | |||
IESG | Responsible AD | Russ Housley | |
Send notices to | (None) |
RFC 4050
Network Working Group S. Blake-Wilson Request for Comments: 4050 BCI Category: Informational G. Karlinger CIO Austria T. Kobayashi NTT Y. Wang UNCC April 2005 Using the Elliptic Curve Signature Algorithm (ECDSA) for XML Digital Signatures Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). IESG Note This document is not a candidate for any level of Internet Standard. The IETF disclaims any knowledge of the fitness of this document for any purpose, and in particular notes that it has not had IETF review for such things as security, congestion control, or inappropriate interaction with deployed protocols. The RFC Editor has chosen to publish this document at its discretion. Readers of this document should exercise caution in evaluating its value for implementation and deployment. Abstract This document specifies how to use Elliptic Curve Digital Signature Algorithm (ECDSA) with XML Signatures. The mechanism specified provides integrity, message authentication, and/or signer authentication services for data of any type, whether located within the XML that includes the signature or included by reference. Blake-Wilson, et al. Informational [Page 1] RFC 4050 ECDSA for XML Digital Signatures April 2005 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. ECDSA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Specifying ECDSA within XMLDSIG . . . . . . . . . . . . . . . 3 3.1. Version, Namespaces, and Identifiers . . . . . . . . . . 3 3.2. XML Schema Preamble and DTD Replacement. . . . . . . . . 4 3.2.1. XML Schema Preamble. . . . . . . . . . . . . . . 4 3.2.2. DTD Replacement. . . . . . . . . . . . . . . . . 4 3.3. ECDSA Signatures . . . . . . . . . . . . . . . . . . . . 4 3.4. ECDSA Key Values . . . . . . . . . . . . . . . . . . . . 4 3.4.1. Key Value Root Element . . . . . . . . . . . . . 4 3.4.2. EC Domain Parameters . . . . . . . . . . . . . . 5 3.4.2.1. Field Parameters . . . . . . . . . . . 6 3.4.2.2. Curve Parameters . . . . . . . . . . . 8 3.4.2.3. Base Point Parameters. . . . . . . . . 9 3.4.3. EC Points . . . . . . . . . . . . . . . . . . . 10 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 5. Normative References . . . . . . . . . . . . . . . . . . . . . 11 6. Informative References . . . . . . . . . . . . . . . . . . . . 12 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 Appendix A: Aggregate XML Schema . . . . . . . . . . . . . . . . . 14 Appendix B: Aggregate DTD. . . . . . . . . . . . . . . . . . . . . 17 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction This document specifies how to use the Elliptic Curve Digital Signature Algorithm (ECDSA) with XML signatures, as specified in [XMLDSIG]. [XMLDSIG] defines only two digital signature methods: RSA and DSA (DSS) signatures. This document introduces ECDSA signatures as an additional method. This document uses both XML Schemas [XML-schema] (normative) and DTDs [XML] (informational) to specify the corresponding XML structures. 2. ECDSA The Elliptic Curve Digital Signature Algorithm (ECDSA) is the elliptic curve analogue of the DSA (DSS) signature method [FIPS-186-2]. It is defined in the ANSI X9.62 standard [X9.62]. Other compatible specifications include FIPS 186-2 [FIPS-186-2], IEEE 1363 [IEEE1363], IEEE 1363a [IEEE1363a], and SEC1 [SEC1]. [RFC3279] describes ways to carry ECDSA keys in X.509 certificates. [FIPS-186-2], [SEC2], and [X9.62] provide recommended elliptic curve domain parameters for use with ECDSA. Blake-Wilson, et al. Informational [Page 2] RFC 4050 ECDSA for XML Digital Signatures April 2005 Like DSA, ECDSA incorporates the use of a hash function. Currently, the only hash function defined for use with ECDSA is the SHA-1 message digest algorithm [FIPS-180-1]. ECDSA signatures are smaller than RSA signatures of similar cryptographic strength. ECDSA public keys (and certificates) are smaller than similar strength DSA keys and result in improved communication efficiency. On many platforms, ECDSA operations can be computed faster than similar strength RSA or DSA operations (see [KEYS] for a security analysis of key sizes across public key algorithms). These advantages of signature size, bandwidth, and computational efficiency may make ECDSA an attractive choice for XMLDSIG implementations. 3. Specifying ECDSA within XMLDSIG This section specifies how to use ECDSA with XML Signature Syntax and Processing [XMLDSIG]. It relies heavily on the syntax and namespace defined in [XMLDSIG]. 3.1. Version, Namespaces, and Identifiers This specification makes no provision for an explicit version number in the syntax. If a future version is needed, it will use a different namespace. The XML namespace [XML-ns] URI that MUST be used by implementations of this (dated) specification is: http://www.w3.org/2001/04/xmldsig-more# Elements in the namespace of the [XMLDSIG] specification are marked by using the namespace prefix "dsig" in the remaining sections of this document. The identifier for the ECDSA signature algorithm as defined in [Eastlake] is: http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 Blake-Wilson, et al. Informational [Page 3] RFC 4050 ECDSA for XML Digital Signatures April 2005 3.2. XML Schema Preamble and DTD Replacement 3.2.1. XML Schema Preamble The subsequent preamble is to be used with the XML Schema definitions given in the remaining sections of this document. <?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.2"> 3.2.2. DTD Replacement To include ECDSA in XML-signature syntax, the following definition of the entity Key.ANY SHOULD replace the one in [XMLDSIG]: <!ENTITY % KeyValue.ANY '| ecdsa:ECDSAKeyValue'> 3.3. ECDSA Signatures The input to the ECDSA algorithm is the canonicalized representation of the dsig:SignedInfo element as specified in Section 3 of [XMLDSIG]. The output of the ECDSA algorithm consists of a pair of integers usually referred by the pair (r, s). The signature value (text value of element dsig:SignatureValue - see section 4.2 of [XMLDSIG]) consists of the base64 encoding of the concatenation of two octet- streams that respectively result from the octet-encoding of the values r and s. This concatenation is described in section E3.1 of [IEEE1363]. 3.4. ECDSA Key Values The syntax used for ECDSA key values closely follows the ASN.1 syntax defined in ANSI X9.62 [X9.62]. 3.4.1. Key Value Root Element The element ECDSAKeyValue is used for encoding ECDSA public keys. For use with XMLDSIG, simply use this element inside dsig:KeyValue (such as the predefined elements dsig:RSAKeyValue or dsig:DSAKeyValue). Blake-Wilson, et al. Informational [Page 4] RFC 4050 ECDSA for XML Digital Signatures April 2005 The element consists of an optional subelement DomainParameters and the mandatory subelement PublicKey. If Domainparameters is missing, the application implicitly knows about it from other means. Schema Definition: <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/> <xs:complexType name="ECDSAKeyValueType"> <xs:sequence> <xs:element name="DomainParameters" type="ecdsa:DomainParamsType" minOccurs="0"/> <xs:element name="PublicKey" type="ecdsa:ECPointType"/> </xs:sequence> </xs:complexType> DTD Definition: <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)> <!ELEMENT PublicKey (X, Y)?> <!ELEMENT X EMPTY> <!ATTLIST X Value CDATA #REQUIRED> <!ELEMENT Y EMPTY> <!ATTLIST Y Value CDATA #REQUIRED> 3.4.2. EC Domain Parameters Domain parameters can be encoded either explicitly using element ExplicitParams, or by reference using element NamedCurve. The latter simply consists of an attribute named URN, which bears a uniform resource name as its value. For the named curves of standards like [X9.62], [FIPS-186-2], or [SEC2], the OIDs of these curves SHOULD be used in this attribute, e.g., URN="urn:oid:1.2.840.10045.3.1.1". The mechanism for encoding OIDs in URNs is shown in [RFC3061]. Schema Definition: <xs:complexType name="DomainParamsType"> <xs:choice> <xs:element name="ExplicitParams" type="ecdsa:ExplicitParamsType"/> <xs:element name="NamedCurve"> <xs:complexType> <xs:attribute name="URN" type="xs:anyURI" use="required"/> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> Blake-Wilson, et al. Informational [Page 5] RFC 4050 ECDSA for XML Digital Signatures April 2005 DTD Definition: <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)> <!ELEMENT NamedCurve EMPTY> <!ATTLIST NamedCurve URN CDATA #REQUIRED> The element ExplicitParams is used for explicit encoding of domain parameters. It contains three subelements: FieldParams describes the underlying field, CurveParams describes the elliptic curve, and BasePointParams describes the base point of the elliptic curve. Schema Definition: <xs:complexType name="ExplicitParamsType"> <xs:sequence> <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/> <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/> <xs:element name="BasePointParams" type="ecdsa:BasePointParamsType"/> </xs:sequence> </xs:complexType> DTD Definition: <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)> 3.4.2.1. Field Parameters The element FieldParams is used for encoding field parameters. The corresponding XML Schema type FieldParamsType is declared abstract and will be extended by specialized types for prime field, characteristic two field, and odd characteristic extension fields parameters. The XML Schema type PrimeFieldParamsType is derived from the FieldParamsType and is used for encoding prime field parameters. The type contains the order of the prime field as its single subelement P. The XML Schema type CharTwoFieldParamsType is derived from FieldParamsType and is used for encoding parameters of a characteristic two field. It is again an abstract type and will be extended by specialized types for trinomial and pentanomial base fields. F2m Gaussian Normal Base fields are not supported by this specification to relieve interoperability. Common to both specialized types is the element M, the extension degree of the field. Blake-Wilson, et al. Informational [Page 6] RFC 4050 ECDSA for XML Digital Signatures April 2005 The XML Schema type TnBFieldParamsType is derived from the CharTwoFieldParamsType and is used for encoding trinomial base fields. It adds the single element K, which represents the integer k, where x^m + x^k + 1 is the reduction polynomial. The XML Schema type PnBFieldParamsType is derived from the CharTwoFieldParamsType and is used for encoding pentanomial base fields. It adds the three elements K1, K2 and K3, which represent the integers k1, k2 and k3 respectively, where x^m + x^k3 + x^k2 + x^k1 + 1 is the reduction polynomial. The XML Schema type OddCharExtensionFieldParamsType is derived from the FieldParamsType and is used for encoding parameters of an odd characteristic extension field. This type contains two elements: M, which represents the extension degree of the field m, and W, which represents the integer w, where x^m - w is the reduction polynomial. Schema Definition: <xs:complexType name="FieldParamsType" abstract="true"/> <xs:complexType name="PrimeFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="P" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="CharTwoFieldParamsType" abstract="true"> <xs:complexContent> <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="M" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="OddCharExtensionFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="M" type="xs:positiveInteger"/> <xs:element name="W" type="xs:positiveInteger"/> </xs:sequence> Blake-Wilson, et al. Informational [Page 7] RFC 4050 ECDSA for XML Digital Signatures April 2005 </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="TnBFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:CharTwoFieldParamsType"> <xs:sequence> <xs:element name="K" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="PnBFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:CharTwoFieldParamsType"> <xs:sequence> <xs:element name="K1" type="xs:positiveInteger"/> <xs:element name="K2" type="xs:positiveInteger"/> <xs:element name="K3" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> DTD Definition: <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3) | (M, W))> <!ELEMENT P (#PCDATA)> <!ELEMENT M (#PCDATA)> <!ELEMENT K (#PCDATA)> <!ELEMENT K1 (#PCDATA)> <!ELEMENT K2 (#PCDATA)> <!ELEMENT K3 (#PCDATA)> <!ELEMENT W (#PCDATA)> 3.4.2.2. Curve Parameters The element CurveParams is used for encoding parameters of the elliptic curve. The corresponding XML Schema type CurveParamsType bears the elements A and B representing the coefficients a and b of the elliptic curve. According to the algorithm specified in annex A3.3 of [X9.62], the optional element Seed contains the value used to derive the coefficients of a randomly generated elliptic curve. Blake-Wilson, et al. Informational [Page 8] RFC 4050 ECDSA for XML Digital Signatures April 2005 Schema Definition: <xs:complexType name="CurveParamsType"> <xs:sequence> <xs:element name="A" type="ecdsa:FieldElemType"/> <xs:element name="B" type="ecdsa:FieldElemType"/> <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/> </xs:sequence> </xs:complexType> DTD Definition: <!ELEMENT CurveParams (A, B, Seed?)> <!ELEMENT A EMPTY> <!ATTLIST A Value CDATA #REQUIRED> <!ELEMENT B EMPTY> <!ATTLIST B Value CDATA #REQUIRED> <!ELEMENT Seed (#PCDATA)> 3.4.2.3. Base Point Parameters The element BasePointParams is used for encoding parameters regarding the base point of the elliptic curve. BasePoint represents the base point itself, Order provides the order of the base point, and Cofactor optionally provides the cofactor of the base point. Schema Definition: <xs:complexType name="BasePointParamsType"> <xs:sequence> <xs:element name="BasePoint" type="ecdsa:ECPointType"/> <xs:element name="Order" type="xs:positiveInteger"/> <xs:element name="Cofactor" type="xs:positiveInteger" minOccurs="0"/> </xs:sequence> </xs:complexType> DTD Definition: <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)> <!ELEMENT BasePoint (X, Y)?> <!ELEMENT Order (#PCDATA)> <!ELEMENT Cofactor (#PCDATA)> Blake-Wilson, et al. Informational [Page 9] RFC 4050 ECDSA for XML Digital Signatures April 2005 3.4.3. EC Points The XML Schema type ECPointType is used for encoding a point on the elliptic curve. It consists of the subelements X and Y, providing the x and y coordinates of the point. Point compression representation is not supported by this specification for the sake of simple design. The point at infinity is encoded by omitting both elements X and Y. The subelements X and Y are of type FieldElemType. This is an abstract type for encoding elements of the elliptic curves underlying field and is extended by specialized types for prime field elements and characteristic two field elements. The XML Schema type PrimeFieldElemType is used for encoding prime field elements. It contains a single attribute named Value whose value represents the field element as an integer. The XML Schema type CharTwoFieldElemType is used for encoding characteristic two field elements. It contains a single attribute named Value whose value represents the field element as an octet string. The octet string must be composed as shown in paragraph 2 of section 4.3.3 of [X9.62]. The XML Schema type OddCharExtensionFieldElemType is used for encoding odd characteristic extension field elements. It contains a single attribute named Value whose value represents the field element as an integer. The integer must be composed as shown in section 5.3.3 of [IEEE1363a]. Schema Definition: <xs:complexType name="ECPointType"> <xs:sequence minOccurs="0"> <xs:element name="X" type="ecdsa:FieldElemType"/> <xs:element name="Y" type="ecdsa:FieldElemType"/> </xs:sequence> </xs:complexType> <xs:complexType name="FieldElemType" abstract="true"/> Blake-Wilson, et al. Informational [Page 10] RFC 4050 ECDSA for XML Digital Signatures April 2005 <xs:complexType name="PrimeFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="CharTwoFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:hexBinary" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="OddCharExtensionFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> 4. Security Considerations Implementers should ensure that appropriate security measures are in place when they deploy ECDSA within XMLDSIG. In particular, the security of ECDSA requires careful selection of both key sizes and elliptic curve domain parameters. Selection guidelines for these parameters and some specific recommended curves that are considered safe are provided in [X9.62], [FIPS-186-2], and [SEC2]. For further security discussion, see [XMLDSIG]. 5. Normative References [Eastlake] Eastlake 3rd, D., "Additional XML Security Uniform Resource Identifiers (URIs)", RFC 4051, April 2005. [X9.62] American National Standards Institute. ANSI X9.62-1998, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm. January 1999. Blake-Wilson, et al. Informational [Page 11] RFC 4050 ECDSA for XML Digital Signatures April 2005 [XMLDSIG] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002. [XML-schema] Beech, D., Maloney, M., Mendelsohn, N., and Thompson, H., XML Schema Part 1: Structures, W3C Recommendation, May 2001. http://www.w3.org/TR/2001/REC-xmlschema-1- 20010502/ Biron, P., and Malhotra, A., ML Schema Part 2: Datatypes, W3C Recommendation, May 2001. http://www.w3.org/TR/2001/REC-xmlschema-2-20010502/ 6. Informative References [FIPS-180-1] Federal Information Processing Standards Publication (FIPS PUB) 180-1, Secure Hash Standard, April 1995. [FIPS-186-2] Federal Information Processing Standards Publication (FIPS PUB) 186-2, Digital Signature Standard, January 2000. [IEEE1363] Institute for Electrical and Electronics Engineers (IEEE) Standard 1363-2000, Standard Specifications for Public Key Cryptography, January 2000. [IEEE1363a] Institute for Electrical and Electronics Engineers (IEEE) Standard 1363, Draft Standard Specifications for Public Key Cryptography -- Amendment 1: Additional Techniques, October 2002. [KEYS] Lenstra, A.K. and Verheul, E.R., Selecting Cryptographic Key Sizes. October 1999. Presented at Public Key Cryptography Conference, Melbourne, Australia, January 2000. http://www.cryptosavvy.com/ [RFC3061] Mealling, M., "A URN Namespace of Object Identifiers", RFC 3061, February 2001. [RFC3279] Bassham, L., Polk, W., and R. Housley, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279, April 2002. [SEC1] Standards for Efficient Cryptography Group, SEC 1: Elliptic Curve Cryptography, Version 1.0, September 2000. http://www.secg.org Blake-Wilson, et al. Informational [Page 12] RFC 4050 ECDSA for XML Digital Signatures April 2005 [SEC2] Standards for Efficient Cryptography Group, SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0, September 2000. http://www.secg.org [XML] Bray, T., Maler, E., Paoli, J., and Sperberg-McQueen, C. M., Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation, October 2000. http://www.w3.org/TR/2000/REC-xml-20001006 [XML-ns] Bray, T., Hollander, D., and Layman, A., Namespaces in XML, W3C Recommendation, January 1999. http://www.w3.org/TR/1999/REC-xml-names-19990114/ 7. Acknowledgements The authors would like to acknowledge the many helpful comments of Wolfgang Bauer, Donald Eastlake, Tom Gindin, Chris Hawk, Akihiro Kato, Shiho Moriai, Joseph M. Reagle Jr., and Francois Rousseau. Blake-Wilson, et al. Informational [Page 13] RFC 4050 ECDSA for XML Digital Signatures April 2005 Appendix A. Aggregate XML Schema <?xml version="1.0" encoding="UTF-8"?> <xs:schema targetNamespace="http://www.w3.org/2001/04/xmldsig-more#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified" version="0.2"> <!--ECDSA key value root element--> <xs:element name="ECDSAKeyValue" type="ecdsa:ECDSAKeyValueType"/> <xs:complexType name="ECDSAKeyValueType"> <xs:sequence> <xs:element name="DomainParameters" type="ecdsa:DomainParamsType" minOccurs="0"/> <xs:element name="PublicKey" type="ecdsa:ECPointType"/> </xs:sequence> </xs:complexType> <!--EC domain parameters--> <xs:complexType name="DomainParamsType"> <xs:choice> <xs:element name="ExplicitParams" type="ecdsa:ExplicitParamsType"/> <xs:element name="NamedCurve"> <xs:complexType> <xs:attribute name="URN" type="xs:anyURI" use="required"/> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> <xs:complexType name="FieldParamsType" abstract="true"/> <xs:complexType name="PrimeFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="P" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="CharTwoFieldParamsType" abstract="true"> <xs:complexContent> Blake-Wilson, et al. Informational [Page 14] RFC 4050 ECDSA for XML Digital Signatures April 2005 <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="M" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="OddCharExtensionFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:FieldParamsType"> <xs:sequence> <xs:element name="M" type="xs:positiveInteger"/> <xs:element name="W" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="TnBFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:CharTwoFieldParamsType"> <xs:sequence> <xs:element name="K" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="PnBFieldParamsType"> <xs:complexContent> <xs:extension base="ecdsa:CharTwoFieldParamsType"> <xs:sequence> <xs:element name="K1" type="xs:positiveInteger"/> <xs:element name="K2" type="xs:positiveInteger"/> <xs:element name="K3" type="xs:positiveInteger"/> </xs:sequence> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="ExplicitParamsType"> <xs:sequence> <xs:element name="FieldParams" type="ecdsa:FieldParamsType"/> <xs:element name="CurveParams" type="ecdsa:CurveParamsType"/> <xs:element name="BasePointParams" type="ecdsa:BasePointParamsType"/> </xs:sequence> </xs:complexType> <xs:complexType name="CurveParamsType"> <xs:sequence> <xs:element name="A" type="ecdsa:FieldElemType"/> Blake-Wilson, et al. Informational [Page 15] RFC 4050 ECDSA for XML Digital Signatures April 2005 <xs:element name="B" type="ecdsa:FieldElemType"/> <xs:element name="Seed" type="xs:hexBinary" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:complexType name="BasePointParamsType"> <xs:sequence> <xs:element name="BasePoint" type="ecdsa:ECPointType"/> <xs:element name="Order" type="xs:positiveInteger"/> <xs:element name="Cofactor" type="xs:positiveInteger" minOccurs="0"/> </xs:sequence> </xs:complexType> <!--EC point--> <xs:complexType name="ECPointType"> <xs:sequence minOccurs="0"> <xs:element name="X" type="ecdsa:FieldElemType"/> <xs:element name="Y" type="ecdsa:FieldElemType"/> </xs:sequence> </xs:complexType> <!--Field element--> <xs:complexType name="FieldElemType" abstract="true"/> <xs:complexType name="PrimeFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="CharTwoFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:hexBinary" use="required"/> </xs:extension> </xs:complexContent> </xs:complexType> <xs:complexType name="OddCharExtensionFieldElemType"> <xs:complexContent> <xs:extension base="ecdsa:FieldElemType"> <xs:attribute name="Value" type="xs:nonNegativeInteger" use="required"/> </xs:extension> </xs:complexContent> Blake-Wilson, et al. Informational [Page 16] RFC 4050 ECDSA for XML Digital Signatures April 2005 </xs:complexType> </xs:schema> Appendix B. Aggregate DTD <!ELEMENT ECDSAKeyValue (DomainParameters?, PublicKey)> <!ELEMENT PublicKey (X, Y)?> <!ELEMENT X EMPTY> <!ATTLIST X Value CDATA #REQUIRED> <!ELEMENT Y EMPTY> <!ATTLIST Y Value CDATA #REQUIRED> <!ELEMENT DomainParameters (ExplicitParams | NamedCurve)> <!ELEMENT NamedCurve EMPTY> <!ATTLIST NamedCurve URN CDATA #REQUIRED> <!ELEMENT ExplicitParams (FieldParams, CurveParams, BasePointParams)> <!ELEMENT FieldParams (P | (M, K) | (M, K1, K2, K3) | (M, W))> <!ELEMENT P (#PCDATA)> <!ELEMENT M (#PCDATA)> <!ELEMENT W (#PCDATA)> <!ELEMENT K (#PCDATA)> <!ELEMENT K1 (#PCDATA)> <!ELEMENT K2 (#PCDATA)> <!ELEMENT K3 (#PCDATA)> <!ELEMENT CurveParams (A, B, Seed?)> <!ELEMENT A EMPTY> <!ATTLIST A Value CDATA #REQUIRED> <!ELEMENT B EMPTY> <!ATTLIST B Value CDATA #REQUIRED> <!ELEMENT Seed (#PCDATA)> <!ELEMENT BasePointParams (BasePoint, Order, Cofactor?)> <!ELEMENT BasePoint (X, Y)?> <!ELEMENT Order (#PCDATA)> <!ELEMENT Cofactor (#PCDATA)> Blake-Wilson, et al. Informational [Page 17] RFC 4050 ECDSA for XML Digital Signatures April 2005 Authors' Addresses Simon Blake-Wilson BCI 96 Spadina Ave, Unit 606 Toronto, ON, M5V 2J6, Canada EMail: sblakewilson@bcisse.com Gregor Karlinger Federal Staff Office for IT Strategies/Federal Chancellery Ballhausplatz 2 1014 Wien, Austria EMail: gregor.karlinger@cio.gv.at Tetsutaro Kobayashi NTT Laboratories 1-1 Hikarinooka, Yokosuka, 239-0847, Japan EMail: kotetsu@isl.ntt.co.jp Yongge Wang University of North Carolina at Charlotte 9201 University City Blvd Charlotte, NC 28223, USA EMail: yonwang@uncc.edu Blake-Wilson, et al. Informational [Page 18] RFC 4050 ECDSA for XML Digital Signatures April 2005 Full Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Blake-Wilson, et al. Informational [Page 19]