Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 4055
| Document | Type |
RFC - Proposed Standard
(June 2005; Errata)
Updated by RFC 5756
Updates RFC 3279
|
|
|---|---|---|---|
| Authors | Russ Housley , Jim Schaad , Burt Kaliski | ||
| Last updated | 2020-01-21 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized with errata bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 4055 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Steven Bellovin | ||
| Send notices to | wpolk@nist.gov | ||
Network Working Group J. Schaad
Request for Comments: 4055 Soaring Hawk Consulting
Updates: 3279 B. Kaliski
Category: Standards Track RSA Laboratories
R. Housley
Vigil Security
June 2005
Additional Algorithms and Identifiers for RSA Cryptography
for use in the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Profile
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract
This document supplements RFC 3279. It describes the conventions for
using the RSA Probabilistic Signature Scheme (RSASSA-PSS) signature
algorithm, the RSA Encryption Scheme - Optimal Asymmetric Encryption
Padding (RSAES-OAEP) key transport algorithm and additional one-way
hash functions with the Public-Key Cryptography Standards (PKCS) #1
version 1.5 signature algorithm in the Internet X.509 Public Key
Infrastructure (PKI). Encoding formats, algorithm identifiers, and
parameter formats are specified.
Schaad, et al. Standards Track [Page 1]
RFC 4055 Additional RSA Algorithms and Identifiers June 2005
Table of Contents
1. Introduction ....................................................2
1.1. Terminology ................................................3
1.2. RSA Public Keys ............................................3
2. Common Functions ................................................5
2.1. One-way Hash Functions .....................................5
2.2. Mask Generation Functions ..................................6
3. RSASSA-PSS Signature Algorithm ..................................7
3.1. RSASSA-PSS Public Keys .....................................8
3.2. RSASSA-PSS Signature Values ...............................10
3.3. RSASSA-PSS Signature Parameter Validation .................10
4. RSAES-OAEP Key Transport Algorithm .............................10
4.1. RSAES-OAEP Public Keys ....................................11
5. PKCS #1 Version 1.5 Signature Algorithm ........................13
6. ASN.1 Module ...................................................14
7. References .....................................................20
7.1. Normative References ......................................20
7.2. Informative References ....................................21
8. Security Considerations ........................................21
9. IANA Considerations ............................................24
1. Introduction
This document supplements RFC 3279 [PKALGS]. This document describes
the conventions for using the RSASSA-PSS signature algorithm and the
RSAES-OAEP key transport algorithm in the Internet X.509 Public Key
Infrastructure (PKI) [PROFILE]. Both of these RSA-based algorithms
are specified in [P1v2.1]. The algorithm identifiers and associated
parameters for subject public keys that employ either of these
algorithms, and the encoding format for RSASSA-PSS signatures are
specified. Also, the algorithm identifiers for using the SHA-224,
SHA-256, SHA-384, and SHA-512 one-way hash functions with the PKCS #1
version 1.5 signature algorithm [P1v1.5] are specified.
This specification supplements RFC 3280 [PROFILE] which profiles the
X.509 Certificates and Certificate Revocation Lists (CRLs) for use in
the Internet. This specification extends the list of algorithms
discussed in RFC 3279 [PKALGS]. The X.509 Certificate and CRL
definitions use ASN.1 [X.208-88], the Basic Encoding Rules (BER)
[X.209-88], and the Distinguished Encoding Rules (DER) [X.509-88].
This specification defines the contents of the signatureAlgorithm,
signatureValue, signature, and subjectPublicKeyInfo fields within
Internet X.509 Certificates and CRLs. For each algorithm, the
appropriate alternatives for the keyUsage certificate extension are
provided.
Schaad, et al. Standards Track [Page 2]
RFC 4055 Additional RSA Algorithms and Identifiers June 2005
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
Show full document text