Tech Note 0006
PK Standards Compliance
Tom St Denis
RSA
----
PKCS #1 compliance.
Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
Encryption: OAEP as per PKCS #1
Signature : PSS as per PKCS #1
DSA
----
The NIST DSA algorithm
Key Format: HomeBrew [see below]
Signature : ANSI X9.62 format [see below].
Keys are stored as
DSAPublicKey ::= SEQUENCE {
publicFlags BIT STRING(1), -- must be 0
g INTEGER , -- base generator, check that g^q mod p == 1
-- and that 1 < g < p - 1
p INTEGER , -- prime modulus
q INTEGER , -- order of sub-group (must be prime)
y INTEGER , -- public key, specifically, g^x mod p,
-- check that y^q mod p == 1
-- and that 1 < y < p - 1
}
DSAPrivateKey ::= SEQUENCE {
publicFlags BIT STRING(1), -- must be 1
g INTEGER , -- base generator, check that g^q mod p == 1
-- and that 1 < g < p - 1
p INTEGER , -- prime modulus
q INTEGER , -- order of sub-group (must be prime)
y INTEGER , -- public key, specifically, g^x mod p,
-- check that y^q mod p == 1
-- and that 1 < y < p - 1
x INTEGER -- private key
}
Signatures are stored as
DSASignature ::= SEQUENCE {
r, s INTEGER -- signature parameters
}
ECC
----
The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves.
Key Format : Homebrew [see below, only GF(p) NIST curves supported]
Signature : X9.62 compliant
Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
Shared Secret: X9.63 compliant
ECCPublicKey ::= SEQUENCE {
flags BIT STRING(1), -- public/private flag (always zero),
keySize INTEGER, -- Curve size (in bits) divided by eight
-- and rounded down, e.g. 521 => 65
pubkey.x INTEGER, -- The X co-ordinate of the public key point
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
}
ECCPrivateKey ::= SEQUENCE {
flags BIT STRING(1), -- public/private flag (always one),
keySize INTEGER, -- Curve size (in bits) divided by eight
-- and rounded down, e.g. 521 => 65
pubkey.x INTEGER, -- The X co-ordinate of the public key point
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
secret.k INTEGER, -- The secret key scalar
}
The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size
of the hash digest]. The format of the encrypted text is as follows
ECCEncrypted ::= SEQUENCE {
hashOID OBJECT IDENTIFIER, -- The OID of the hash used
pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey
skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against)
}
% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $
% $Revision: 1.2 $
% $Date: 2005/06/18 02:26:27 $