Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 4055
Document Type RFC - Proposed Standard (June 2005; Errata)
Updated by RFC 5756
Updates RFC 3279
Last updated 2015-10-14
Stream IETF
Formats plain text pdf html bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4055 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
Send notices to wpolk@nist.gov
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          J. Schaad
Request for Comments: 4055                       Soaring Hawk Consulting
Updates: 3279                                                 B. Kaliski
Category: Standards Track                               RSA Laboratories
                                                              R. Housley
                                                          Vigil Security
                                                               June 2005

      Additional Algorithms and Identifiers for RSA Cryptography
       for use in the Internet X.509 Public Key Infrastructure
      Certificate and Certificate Revocation List (CRL) Profile

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document supplements RFC 3279.  It describes the conventions for
   using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature
   algorithm, the RSA Encryption Scheme - Optimal Asymmetric Encryption
   Padding (RSAES-OAEP) key transport algorithm and additional one-way
   hash functions with the Public-Key Cryptography Standards (PKCS) #1
   version 1.5 signature algorithm in the Internet X.509 Public Key
   Infrastructure (PKI).  Encoding formats, algorithm identifiers, and
   parameter formats are specified.

Schaad, et al.              Standards Track                     [Page 1]
RFC 4055       Additional RSA Algorithms and Identifiers       June 2005

Table of Contents

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
      1.2. RSA Public Keys ............................................3
   2. Common Functions ................................................5
      2.1. One-way Hash Functions .....................................5
      2.2. Mask Generation Functions ..................................6
   3. RSASSA-PSS Signature Algorithm ..................................7
      3.1. RSASSA-PSS Public Keys .....................................8
      3.2. RSASSA-PSS Signature Values ...............................10
      3.3. RSASSA-PSS Signature Parameter Validation .................10
   4. RSAES-OAEP Key Transport Algorithm .............................10
      4.1. RSAES-OAEP Public Keys ....................................11
   5. PKCS #1 Version 1.5 Signature Algorithm ........................13
   6. ASN.1 Module ...................................................14
   7. References .....................................................20
      7.1. Normative References ......................................20
      7.2. Informative References ....................................21
   8. Security Considerations ........................................21
   9. IANA Considerations ............................................24

1.  Introduction

   This document supplements RFC 3279 [PKALGS].  This document describes
   the conventions for using the RSASSA-PSS signature algorithm and the
   RSAES-OAEP key transport algorithm in the Internet X.509 Public Key
   Infrastructure (PKI) [PROFILE].  Both of these RSA-based algorithms
   are specified in [P1v2.1].  The algorithm identifiers and associated
   parameters for subject public keys that employ either of these
   algorithms, and the encoding format for RSASSA-PSS signatures are
   specified.  Also, the algorithm identifiers for using the SHA-224,
   SHA-256, SHA-384, and SHA-512 one-way hash functions with the PKCS #1
   version 1.5 signature algorithm [P1v1.5] are specified.

   This specification supplements RFC 3280 [PROFILE] which profiles the
   X.509 Certificates and Certificate Revocation Lists (CRLs) for use in
   the Internet.  This specification extends the list of algorithms
   discussed in RFC 3279 [PKALGS].  The X.509 Certificate and CRL
   definitions use ASN.1 [X.208-88], the Basic Encoding Rules (BER)
   [X.209-88], and the Distinguished Encoding Rules (DER) [X.509-88].

   This specification defines the contents of the signatureAlgorithm,
   signatureValue, signature, and subjectPublicKeyInfo fields within
   Internet X.509 Certificates and CRLs.  For each algorithm, the
   appropriate alternatives for the keyUsage certificate extension are
   provided.

Schaad, et al.              Standards Track                     [Page 2]
RFC 4055       Additional RSA Algorithms and Identifiers       June 2005

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA