Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages
RFC 8230
Document | Type |
RFC - Proposed Standard
(September 2017; No errata)
Was draft-jones-cose-rsa (individual)
|
|
---|---|---|---|
Author | Michael Jones | ||
Last updated | 2017-09-05 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | Rich Salz | ||
Shepherd write-up | Show (last changed 2017-05-03) | ||
IESG | IESG state | RFC 8230 (Proposed Standard) | |
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Kathleen Moriarty | ||
Send notices to | (None) | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | RFC-Ed-Ack |
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 8230 Microsoft Category: Standards Track September 2017 ISSN: 2070-1721 Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages Abstract The CBOR Object Signing and Encryption (COSE) specification defines cryptographic message encodings using Concise Binary Object Representation (CBOR). This specification defines algorithm encodings and representations enabling RSA algorithms to be used for COSE messages. Encodings are specified for the use of RSA Probabilistic Signature Scheme (RSASSA-PSS) signatures, RSA Encryption Scheme - Optimal Asymmetric Encryption Padding (RSAES- OAEP) encryption, and RSA keys. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8230. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Jones Standards Track [Page 1] RFC 8230 Using RSA Algorithms with COSE Messages September 2017 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements Notation and Conventions . . . . . . . . . . 3 2. RSASSA-PSS Signature Algorithm . . . . . . . . . . . . . . . 3 3. RSAES-OAEP Key Encryption Algorithm . . . . . . . . . . . . . 4 4. RSA Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5.1. COSE Algorithms Registrations . . . . . . . . . . . . . . 6 5.2. COSE Key Type Registrations . . . . . . . . . . . . . . . 7 5.3. COSE Key Type Parameters Registrations . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6.1. Key Size Security Considerations . . . . . . . . . . . . 9 6.2. RSASSA-PSS Security Considerations . . . . . . . . . . . 10 6.3. RSAES-OAEP Security Considerations . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 7.1. Normative References . . . . . . . . . . . . . . . . . . 10 7.2. Informative References . . . . . . . . . . . . . . . . . 11 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12 Jones Standards Track [Page 2] RFC 8230 Using RSA Algorithms with COSE Messages September 2017 1. Introduction The CBOR Object Signing and Encryption (COSE) [RFC8152] specification defines cryptographic message encodings using Concise Binary Object Representation (CBOR) [RFC7049]. This specification defines algorithm encodings and representations enabling RSA algorithms to be used for COSE messages. 1.1. Requirements Notation and Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. RSASSA-PSS Signature Algorithm The RSASSA-PSS signature algorithm is defined in [RFC8017]. The RSASSA-PSS signature algorithm is parameterized with a hash function (h), a mask generation function (mgf), and a salt length (sLen). For this specification, the mask generation function is fixed to be MGF1 as defined in [RFC8017]. It has been recommended that the same hash function be used for hashing the data as well as in the mask generation function. This specification follows thisShow full document text