S/MIME Working Group                       Serguei Leontiev, CRYPTO-PRO
Internet Draft                               Gregory Chudov, CRYPTO-PRO
Expires January 18, March 13, 2006                                  July 18,                               September 13, 2005
Intended Category: Informational

                 Using the GOST 28147-89, GOST R 34.11-94,
         GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the
                    Cryptographic Message Syntax (CMS)

                      <draft-ietf-smime-gost-04.txt>

                      <draft-ietf-smime-gost-05.txt>

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than a "work in progress."

   The list of current Internet Drafts Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html
   http://www.ietf.org/1id-abstracts.html.

   The list of Internet Draft Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on March 13, 2006.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   This document describes the conventions for using cryptographic
   algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R
   34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is
   used for digital signature, digest, authentication and encryption
   arbitrary message contents.

Table of Contents
   1      Introduction . . . . . . . . . . . . . . . . . . . . . .  2
   1.2    Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
   2      Message Digest Algorithms. . . . . . . . . . . . . . . .  3
   2.1    Message Digest Algorithm GOST R 34.11-94 . . . . . . . .  3
   3      Signature Algorithms . . . . . . . . . . . . . . . . . .  4
   3.1    Signature Algorithm GOST R 34.10-94. . . . . . . . . . .  4
   3.2    Signature Algorithm GOST R 34.10-2001. . . . . . . . . .  4
   4      Key Management Algorithms. . . . . . . . . . . . . . . .  5
   4.1    Key Agreement Algorithms . . . . . . . . . . . . . . . .  5
   4.1.1  Key Agreement Algorithm Algorithms Based on GOST R 34.10-94/2001
   Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   4.2    Key Transport Algorithms. .. . . . . . . . . . . . . . .  7
   4.2.1  Key Transport Algorithm Based on GOST R 34.10-94/2001
   Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . .  7  8
   5      Content Encryption Algorithms. . . . . . . . . . . . . .  8  9
   5.1    Key-Encryption Key Algorithm GOST 28147-89 . . . . . . .  8  9
   6      MAC Algorithms . . . . . . . . . . . . . . . . . . . . .  9
   6.1    HMAC with GOST R 34.11-94. . . . . . . . . . . . . . . .  9 10
   7      Using with S/MIME. . . . . . . . . . . . . . . . . . . .  9 10
   7.1    Parameter micalg . . . . . . . . . . . . . . . . . . . .  9 10
   7.2    Atribute SMIMECapabilities . . . . . . . . . . . . . . .  9 10
   8      Security Considerations. . . . . . . . . . . . . . . . . 10 11
   9      Appendix Examples. . . . . . . . . . . . . . . . . . . . 11
   9.1    Signed message . . . . . . . . . . . . . . . . . . . . . 11 12
   9.2    Enveloped message using Key Agreement. . . . . . . . . . 12 13
   9.3    Enveloped message using Key Transport. . . . . . . . . . 14 16
   10     Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 17 18
   10.1   GostR3410-EncryptionSyntax . . . . . . . . . . . . . . . 17 18
   10.2   GostR3410-94-SignatureSyntax . . . . . . . . . . . . . . 19 20
   10.3   GostR3410-2001-SignatureSyntax . . . . . . . . . . . . . 20 21
   11     References . . . . . . . . . . . . . . . . . . . . . . . 21 22
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 23
   Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 23 24
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 25

1  Introduction

   The Cryptographic Message Syntax [CMS] is used for digital signature,
   digest, authentication and encryption of arbitrary message contents.
   This companion specification describes the use of cryptographic
   algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST
   R 34.11-94 in CMS, as proposed by the CRYPTO-PRO Company for "Russian
   Cryptographic Software Compatibility Agreement" community.  This
   document does not describe these cryptographic algorithms; they are
   defined in corresponding national standards.

   The CMS values are generated using ASN.1 [X.208-88], using BER-
   encoding [X.209-88]. This document specifies the algorithm
   identifiers for each algorithm, including ASN.1 for object
   identifiers and any associated parameters.

   The fields in the CMS employed by each algorithm are identified.

1.2   Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2  Message Digest Algorithms

   This section specifies the conventions for using the digest algorithm
   GOST R 34.11-94 employed by CMS.

   Digest values are located in the DigestedData digest field and the
   Message Digest authenticated attribute.  In addition, digest values
   are input to signature algorithms.

2.1   Message Digest Algorithm GOST R 34.11-94

   Hash function GOST R 34.11-94 has been developed by "GUBS of Federal
   Agency Government Communication and Information" and "All-Russian
   Scientific and Research Institute of Standardization".  The algorithm
   GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite
   bit length input. This document does not contain the full GOST R
   34.11-94 specification, which can be found in [GOSTR3411] in Russian.
   [Schneier95] ch. 18.11, p. 454. contains a brief technical
   description in English.

   id-CryptoPro OBJECT IDENTIFIER ::=
          { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }

   id-CryptoPro-algorithms OBJECT IDENTIFIER ::=
          id-CryptoPro

   The hash algorithm GOST R 34.11-94 has the following identifier:

   id-GostR3411-94 OBJECT IDENTIFIER ::=
         { id-CryptoPro-algorithms iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
           gostr3411(9) }

   The AlgorithmIdentifier parameters field MUST be present, and the
   parameters field MUST contain NULL.  Implementations MAY accept the
   GOST R 34.11-94 AlgorithmIdentifiers with absent parameters as well
   as NULL parameters.

   This function is always used with default parameters
   gostR3411CryptoProParamSetAI id-
   GostR3411-94-CryptoProParamSet (see section 8.2 of [CPALGS]).

   When Message Digest authenticated attribute is present, DigestedData
   digest contains a 32-byte digest in little-endian representation:

   GostR3411-94-Digest ::= OCTET STRING (SIZE (32))

3  Signature Algorithms

   This section specifies the CMS procedures for GOST R 34.10-94 and
   GOST R 34.10-2001 signature algorithms.

   Signature algorithm identifiers are located in the SignerInfo
   signatureAlgorithm field of SignedData.  Also, signature algorithm
   identifiers are located in the SignerInfo signatureAlgorithm field of
   countersignature attributes.

   Signature values are located in the SignerInfo signature field of
   SignedData.  Also, signature values are located in the SignerInfo
   signature field of countersignature attributes.

3.1  Signature Algorithm GOST R 34.10-94

   GOST R 34.10-94 has been developed by "GUBS of Federal Agency
   Government Communication and Information" and "All-Russian Scientific
   and Research Institute of Standardization".  This signature algorithm
   MUST be used conjointly with GOST R 34.11-94 message digest
   algorithm.  This document does not contain the full GOST R 34.10-94
   specification, which is fully described in [GOSTR341094] in Russian,
   and a brief description in English can be found in [Schneier95] ch.
   20.3, p. 495.

   The GOST R 34.10-94 signature algorithm has the following public key
   algorithm identifier [CPPK]:

   id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94

   Signature algorithm GOST R 34.10-94 generates a digital signature in
   the form of a binary 512-bit vector (<r'>256||<s>256).
   signatureValue contains its little endian representation.

   GostR3410-94-Signature ::= OCTET STRING (SIZE (64))

3.2 Signature Algorithm GOST R 34.10-2001

   GOST R 34.10-2001 has been developed by "GUBS of Federal Agency
   Government Communication and Information" and "All-Russian Scientific
   and Research Institute of Standardization". This signature algorithm
   MUST be used conjointly with GOST R 34.11-94. This document does not
   contain the full GOST R 34.10-2001 specification, which is fully
   described in [GOSTR341001].

   The signature algorithm GOST R 34.10-2001 has the following public
   key algorithm identifier from [CPPK]:

   id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001

   Signature algorithm GOST R 34.10-2001 generates a digital signature
   in the form of a binary 512-bit vector (<r'>256||<s>256).
   signatureValue contains its little endian representation.

   GostR3410-2001-Signature ::= OCTET STRING (SIZE (64))

4  Key Management Algorithms

   This chapter describes the key agreement and key transport
   algorithms, based on VKO GOST R 34.10-94 and VKO GOST R 34.10-2001
   key derivation algorithms, and the CryptoPro and GOST 28147-89 key
   wrap algorithms, described in [CPALGS]. They MUST be used only with
   content encryption algorithm GOST 28147-89, defined in section 5 of
   this document.

4.1  Key Agreement Algorithms

   This section specifies the conventions employed by CMS
   implementations that support key agreement using both VKO GOST R
   34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].

   Key agreement algorithm identifiers are located in the EnvelopedData
   RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and
   AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
   keyEncryptionAlgorithm fields.

   Wrapped content-encryption keys are located in the EnvelopedData
   RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
   encryptedKey field.  Wrapped message-authentication keys are located
   in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
   RecipientEncryptedKeys encryptedKey field.

4.1.1  Key Agreement Algorithm Algorithms Based on GOST R 34.10-94/2001 Public
   Keys

   The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used
   as follows:

      version MUST be 3.

      originator MUST be the originatorKey alternative. The
      originatorKey algorithm field MUST contain the object identifier
      id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters
      (defined in sections 2.3.1, 2.3.2 of [CPPK]).

      The originatorKey publicKey field MUST contain the sender's public
      key.

      keyEncryptionAlgorithm MUST be the id-GostR3410-94-CryptoPro-ESDH
      or the id-GostR3410-2001-CryptoPro-ESDH algorithm identifier,
      depending on the recipient public key algorithm.  The algorithm
      identifier parameter field for these algorithms is
      KeyWrapAlgorithm, and this parameter MUST be identical present.  The
      KeyWrapAlgorithm denotes the algorithm and parameters used to
      encrypt the
      recipient public content-encryption key with the pairwise key-
      encryption key generated using the VKO GOST R 34.10-94 or the VKO
      GOST R 34.10-2001 key agreement algorithms.

      The algorithm identifiers and parameter syntax is:

        id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
            { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
              gostR3410-94-CryptoPro-ESDH(97) }

        id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
            { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
              gostR3410-2001-CryptoPro-ESDH(96) }

        KeyWrapAlgorithm ::= AlgorithmIdentifier

      When keyEncryptionAlgorithm is id-GostR3410-94-CryptoPro-ESDH,
      KeyWrapAlgorithm algorithm MUST be the id-Gost28147-89-CryptoPro-
      KeyWrap algorithm identifier.

        id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
            { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
              keyWrap(13) cryptoPro(1) }

      The CryptoPro Key Wrap algorithm is described in sections 6.3 and
      6.4 of [CPALGS].

      When keyEncryptionAlgorithm parameters is id-GostR3410-2001-CryptoPro-ESDH,
      KeyWrapAlgorithm algorithm MUST encapsulate
      GostR3410-TransportParameters, containing encryptionParamSet (GOST be either the id-
      Gost28147-89-CryptoPro-KeyWrap or id-Gost28147-89-None-KeyWrap
      algorithm identifier.

        id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
            { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
              keyWrap(13) none(0) }

      The GOST 28147-89 Key Wrap algorithm parameters used for key encryption), is described in sections 6.1
      and UKM.
      GostR3410-TransportParameters ephemeralPublicKey 6.2 of [CPALGS].

      KeyWrapAlgorithm algorithm parameters MUST NOT be present.

      GostR3410-TransportParameters  The syntax
      for KeyWrapAlgorithm algorithm parameters is

        Gost28147-89-KeyWrapParameters ::=
          SEQUENCE {
           encryptionParamSet   OBJECT IDENTIFIER,
        ephemeralPublicKey   [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
        ukm                  OCTET STRING Gost28147-89-ParamSet
          }
          Gost28147-89-ParamSet ::= OBJECT IDENTIFIER

      KeyAgreeRecipientInfo ukm MUST be absent,
      GostR3410-TransportParameters ukm is used instead present, and is not
      optional. contain eight
      octets.

      encryptedKey MUST encapsulate Gost28147-89-EncryptedKey, where
      maskKey MUST be absent.

      Gost28147-89-EncryptedKey ::=   SEQUENCE {
        encryptedKey         Gost28147-89-Key,
        maskKey              [0] IMPLICIT Gost28147-89-Key
                                 OPTIONAL,
        macKey               Gost28147-89-MAC
      }

   Using the secret key, corresponding to the originatorKey publicKey,
   and the recipient's public key, the algorithm VKO GOST R 34.10-94 or
   VKO GOST R 34.10-2001 (described in [CPALGS]) is applied to produce
   the KEK.

   Then the key wrap algorithm, specified by encryptionParamSet, KeyWrapAlgorithm, is
   applied to produce CEK_ENC, CEK_MAC, and IV.
   GostR3410-TransportParameters UKM.
   Gost28147-89-KeyWrapParameters encryptionParamSet is used for all
   encryption operations.

   The resulting encrypted key (CEK_ENC) is placed in
   Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
   placed in Gost28147-89-EncryptedKey macKey field, and synchrovector
   (IV) UKM is placed
   in GostR3410-TransportParameters KeyAgreeRecipientInfo ukm field.

4.2  Key Transport Algorithms

   This section specifies the conventions employed by CMS
   implementations that support key transport using both VKO GOST R
   34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].

   Key transport algorithm identifiers are located in the EnvelopedData
   RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.

   Key transport encrypted content-encryption keys are located in the
   EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
   field.

4.2.1  Key Transport Algorithm Based on GOST R 34.10-94/2001 Public Keys

   The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used
   as follows:

      version MUST be 0 or 3.

      keyEncryptionAlgorithm and parameters MUST be identical to the
      recipient public key algorithm and parameters.

      encryptedKey encapsulates GostR3410-KeyTransport, which consists
      of encrypted content-encryption key, it's MAC, GOST 28147-89
      algorithm parameters used for key encryption, sender's ephemeral
      public key, and UKM (UserKeyingMaterial, see [CMS], 10.2.6).

      transportParameters MUST be present.

      ephemeralPublicKey MUST be present, and its parameters, if
      present, MUST be equal to the recipient public key parameters;

      GostR3410-KeyTransport ::= SEQUENCE {
        sessionEncryptedKey   Gost28147-89-EncryptedKey,
        transportParameters
          [0] IMPLICIT GostR3410-TransportParameters OPTIONAL
      }

      GostR3410-TransportParameters ::= SEQUENCE {
        encryptionParamSet   OBJECT IDENTIFIER,
        ephemeralPublicKey   [0] IMPLICIT SubjectPublicKeyInfo OPTIONAL,
        ukm                  OCTET STRING
      }

   Using the secret key, corresponding to the
   GostR3410-TransportParameters ephemeralPublicKey, and the recipient's
   public key, the algorithm VKO GOST R 34.10-94 or VKO GOST R
   34.10-2001 (described in [CPALGS]) is applied to produce the KEK.

   Then the CryptoPro key wrap algorithm, specified by encryptionParamSet, algorithm is applied to produce CEK_ENC,
   CEK_MAC, and IV. UKM. GostR3410-TransportParameters encryptionParamSet is
   used for all encryption operations.

   The resulting encrypted key (CEK_ENC) is placed in
   Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
   placed in Gost28147-89-EncryptedKey macKey field, and synchrovector
   (IV) UKM is placed
   in GostR3410-TransportParameters ukm field.

5  Content Encryption Algorithms

   This section specifies the conventions employed by CMS
   implementations that support content encryption using GOST 28147-89.

   Content encryption algorithm identifiers are located in the
   EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the
   EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields.

   Content encryption algorithms are used to encipher the content
   located in the EnvelopedData EncryptedContentInfo encryptedContent
   field and the EncryptedData EncryptedContentInfo encryptedContent
   field.

5.1  Content Encryption Algorithm GOST 28147-89

   This section specifies the use of GOST 28147-89 algorithm for data
   encipherment.

   GOST 28147-89 is fully described in [GOST28147] (in Russian).

   This document specifies the following OID for this algorithm:

   id-Gost28147-89 OBJECT IDENTIFIER ::=
         { id-CryptoPro-algorithms iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
           gost28147-89(21) }

   Algorithm parameters MUST be present and have the following
   structure:

     Gost28147-89-Parameters ::=
       SEQUENCE {
         iv                   Gost28147-89-IV,
         encryptionParamSet   OBJECT IDENTIFIER
        }

     Gost28147-89-IV ::= OCTET STRING (SIZE (8))

   encryptionParamSet specifies the set of corresponding
   Gost28147-89-ParamSetParameters (see section 8.1 of [CPALGS])

6  MAC Algorithms

   This section specifies the conventions employed by CMS
   implementations that support the message authentication code (MAC)
   based on GOST R 34.11-94.

   MAC algorithm identifiers are located in the AuthenticatedData
   macAlgorithm field.

   MAC values are located in the AuthenticatedData mac field.

6.1  HMAC with GOST R 34.11-94

   HMAC_GOSTR3411 (K,text) function is based on hash function GOST R
   34.11-94, as defined in section 3 of [CPALGS].

   This document specifies the following OID for this algorithm:

   id-HMACGostR3411-94 OBJECT IDENTIFIER ::=
         { id-CryptoPro-algorithms iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
           hmacgostr3411(10) }

   This algorithm has the same parameters, as GOST R 34.11-94 digest
   algorithm, and uses the same OIDs for their identification (see
   [CPPK]).

7  Using with S/MIME

   This section defines use of the algorithms defined in this document
   together with S/MIME [RFC 3851].

7.1  Parameter micalg

   When using the algorithms defined in this document, micalg parameter
   SHOULD be set to "gostr3411-94" or it MAY be set to "unknown".

7.2  Attribute SMIMECapabilities

   The SMIMECapability value which indicates support for the GOST R
   34.11-94 digest algorithm is the SEQUENCE with the capabilityID field
   containing the object identifier id-GostR3411-94 and no parameters.
   The DER encoding is:

     30 08 06 06  2A 85 03 02  02 09

   The SMIMECapability value which indicates support for the GOST
   28147-89 encryption algorithm is the SEQUENCE with the capabilityID
   field containing the object identifier id-Gost28147-89 and no
   parameters.  The DER encoding is:

     30 08 06 06  2A 85 03 02  02 15

   If the sender wishes to indicate support for a specific parameter
   set, SMIMECapability parameters MUST contain the
   Gost28147-89-Parameters structure. Recipients MUST ignore the
   Gost28147-89-Parameters iv field, and assume that the sender supports
   parameters, specified in Gost28147-89-Parameters encryptionParamSet
   field.

   The DER encoding for the SMIMECapability, indicating support for GOST
   28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]) is:

     30 1D 06 06  2A 85 03 02  02 15 30 13  04 08 00 00
     00 00 00 00  00 00 06 07  2A 85 03 02  02 1F 01

8  Security Considerations

   Conforming applications MUST use unique values for ukm and iv.
   Recipients MAY verify that ukm and iv, specified by the sender, are
   unique.

   It is RECCOMENDED RECOMMENDED that software applications verify signature values,
   subject public keys and algorithm parameters to conform to
   [GOSTR341001] [GOSTR341094] standards prior to their use.

   Cryptographic algorithm parameters affect rigidity of algorithms.
   The use of parameters not listed in [CPALGS] is NOT RECOMENDED RECOMMENDED (see
   Security Considerations section of [CPALGS]).

   Use of the same key for signature and key derivation is NOT
   RECOMMENDED.  When signed CMS documents are used as an analogue to a
   manual signing, in the context of Russian Federal Digital Signature
   Law [RFDSL], signer certificate MUST contain the keyUsage extension,
   it MUST be critical, and keyUsage MUST NOT include keyEncipherment or
   keyAgreement.  Application SHOULD be submited for examination by an
   authorized agency in appropriate levels of target_of_evaluation
   (TOE), according to [RFDSL], [RFLLIC] and [CRYPTOLIC].

9  Appendix Examples

   Examples here are stored in the same format as the examples in [RFC
   4134], and can be extracted using the same program.

   If you want to extract without the program, copy all the lines
   between the "|>" and "|<" markers, remove any page breaks, and remove
   the "|" in the first column of each line.  The result is a valid
   Base64 blob that can be processed by any Base64 decoder.

9.1  Signed message

   This message is signed using certificate from section 4.2 of [CPPK].

   0 30  296: SEQUENCE {
   4 06    9:  OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
  15 A0  281:  [0] {
  19 30  277:   SEQUENCE {
  23 02    1:    INTEGER 1
  26 31   12:    SET {
  28 30   10:     SEQUENCE {
  30 06    6:      OBJECT IDENTIFIER id_GostR3411_94 ( 1 2 643 2 2 9) id-GostR3411-94
  38 05    0:      NULL
         :      }
         :     }
  40 30   27:    SEQUENCE {
  42 06    9:     OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  53 A0   14:     [0] {
  55 04   12:      OCTET STRING
            : 73 61 6D 70 6C 65 20 74 65 78 74 0A
         :      }
         :     }
  69 31  228:    SET {
  72 30  225:     SEQUENCE {
  75 02    1:      INTEGER 1
  78 30  129:      SEQUENCE {
  81 30  109:       SEQUENCE {
  83 31   31:        SET {
  85 30   29:         SEQUENCE {
  87 06    3:          OBJECT IDENTIFIER commonName (2 5 4 3)
  92 0C   22:          UTF8String 'GostR3410-2001 example'
         :          }
         :         }
 116 31   18:        SET {
 118 30   16:         SEQUENCE {
 120 06    3:          OBJECT IDENTIFIER organizationName (2 5 4 10)
 125 0C    9:          UTF8String 'CryptoPro'
         :          }
         :         }
 136 31   11:        SET {
 138 30    9:         SEQUENCE {
 140 06    3:          OBJECT IDENTIFIER countryName (2 5 4 6)
 145 13    2:          PrintableString 'RU'
         :          }
         :         }
 149 31   41:        SET {
 151 30   39:         SEQUENCE {
 153 06    9:          OBJECT IDENTIFIER
            : emailAddress (1 2 840 113549 1 9 1)
 164 16   26:          IA5String 'GostR3410-2001@example.com'
         :          }
         :         }
         :        }
 192 02   16:       INTEGER
         :        48 E9 54 A5 CF E9 69        2B F5 C9 5C F7 55 E7 83 41 AF C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
         :       }
 210 30   10:      SEQUENCE {
 212 06    6:       OBJECT IDENTIFIER
            :        id_GostR3411_94 ( 1 2 643 2 2 9) id-GostR3411-94
 220 05    0:       NULL
         :       }
 222 30   10:      SEQUENCE {
 224 06    6:       OBJECT IDENTIFIER
            :        id_GostR3410_2001 ( 1 2 643 2 2 19) id-GostR3410-2001
 232 05    0:       NULL
         :       }
 234 04   64:      OCTET STRING
         :       6D C4 2D E5 C8 E8 8C 2E E0       C0 C3 42 D9 3F 8F FE 25 11 11 88 77 AA 8C 75 0F C4 18 BF 89 C3 DB
         :       09 0B 8A 23 D4 50 F3 0E 2B 6F 59 E8 8D 54 5D       83 42 04 D6 20 F9
            :       A7 4D 36 41 48 36 22 17 32 A1 F5 CA 1C FD 56 68 2A 99 F6 FE 30 3B E4 F4 C8
         :       C4 53 47       F8 D5 B4 DA FB E1 C6 91 67 34 1F BC A6 7A 0D 5D 24 B9 88 70 D9 F6 0A 8A 54 DB 54
            :      }
            :     }
            :    }
            :   } 12
         :  }

9.2       7B FD 10 25 C6 51 DB 8D B2 F4 8C 71 7E ED 72 A9
         :      }
         :     }
         :    }
         :   }
         :  }

|>GostR3410-2001-signed.bin
|MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
|9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
|c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
|BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
|AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
|P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
|xlHbjbL0jHF+7XKp
|<GostR3410-2001-signed.bin

9.2  Enveloped message using Key Agreement

   0 30  452:  420: SEQUENCE {
   4 06    9:  OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
  15 A0  437:  405:  [0] {
  19 30  433:  401:   SEQUENCE {
  23 02    1:    INTEGER 2
  26 31  377:  336:    SET {
  30 A1  373:  332:     [1] {
  34 02    1:      INTEGER 3
  37 A0  168:  101:      [0] {
  40 A1  165:
  39   99:       [1] {
  43 30
  41   28:        SEQUENCE {
  45 06
  43    6:         OBJECT IDENTIFIER
            :           GOST R 34.10-94 (1 2 643 2 2 20)
  53 30 id-GostR3410-2001
  51   18:         SEQUENCE {
  55 06
  53    7:          OBJECT IDENTIFIER '1 2 643 2 2 32 2'
  64 06
         :           id-GostR3410-2001-CryptoPro-XchA-ParamSet
  62    7:          OBJECT IDENTIFIER '1 2 643 2 2 30 1'
         :           id-GostR3411-94-CryptoProParamSet
         :          }
         :         }
  73 03  132:
  71   67:        BIT STRING 0 unused bits, STRING, encapsulates {
  77 04  128:
  74   64:         OCTET STRING
         :          4D FC D3 19 15 65 E6 A8 CD 2E F4 94 1D E9 1D 8E
            :          38 74 EF 67 CD 39 59 DB          B3 55 39 F4 07 63 A0 A1 0D 72 67 81 97 2B A5 C4 D9 84 1F 27 FB 81
         :          1B 88          ED 08 32 E6 9A DB FC 0A C6 D6 27 D4 F2 00 78 B8 FF 83 64 EA D2 1D 0A 40 8A 4E C7 E8
         :          B0 78 3C 7D FE 5B 36 C9 03 C1 F4 06 E4 3B CC 16 B9 A2 71 13 89 29 09 C7 73 AD 7E 07
            :          CD AB FA 4B FA FC 0D 1B 66 D2 60 49 87 B0 B2 ED
            :          13 EE BA D2 2F BB 4B E5 DD 84 B7 65 85 10 49 8A C5 F6
         :          01          F6 19 37 1C 17 B8 A0 AA C7 D1 A1 94 B3 A5 F5 4C 24 FB 49 AB 1D 5D D8 A6 F4 F4 27 9B 36 20
         :          F7 F7 97 7A F9 D9 7B DB F5 A0 29 F6 8D C9 AB 46         }
         :        }
         :       }
 140   10:      [1] {
 142    8:       OCTET STRING 2F F0 F6 D1 86 4B 32 8A
         :       }
 208 30   29:
 152   30:      SEQUENCE {
 210 06
 154    6:       OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20)
 218 30   19: id-GostR3410-2001-CryptoPro-ESDH
 162   20:       SEQUENCE {
 220 06
 164    7:        OBJECT IDENTIFIER id-Gost28147-89-None-KeyWrap
 173    9:        SEQUENCE {
 175    7:         OBJECT IDENTIFIER '1 2 643 2 2 31 1'
 229 04    8:          OCTET STRING
         :            97 27 17 E0 05 B0 D0 5A          id-Gost28147-89-CryptoPro-A-ParamSet
         :         }
         :        }
 239 30  165:      SEQUENCE {
 242 30  162:
         :       }
 184  179:      SEQUENCE {
 245 30  116:
 187  176:       SEQUENCE {
 247 30  102:
 190  129:        SEQUENCE {
 249 31   11:          SET {
 251 30    9:
 193  109:         SEQUENCE {
 253 06    3:              OBJECT IDENTIFIER countryName (2 5 4 6)
 258 13    2:              PrintableString 'RU'
            :              }
            :            }
 262 31   15:
 195   31:          SET {
 264 30   13:
 197   29:           SEQUENCE {
 266 06
 199    3:            OBJECT IDENTIFIER localityName (2 5 4 7)
 271 13    6:              PrintableString 'Moscow' commonName
 204   22:            UTF8String 'GostR3410-2001 example'
         :            }
         :           }
 279 31   23:
 228   18:          SET {
 281 30   21:
 230   16:           SEQUENCE {
 283 06
 232    3:            OBJECT IDENTIFIER
            : organizationName (2 5 4 10)
 288 13   14:              PrintableString 'OOO Crypto-Pro'
 237    9:            UTF8String 'CryptoPro'
         :            }
         :           }
 304 31   20:
 248   11:          SET {
 306 30   18:
 250    9:           SEQUENCE {
 308 06
 252    3:            OBJECT IDENTIFIER
            :                organizationalUnitName (2 5 4 11)
 313 13   11: countryName
 257    2:            PrintableString 'Development' 'RU'
         :            }
         :           }
 326 31   23:
 261   41:          SET {
 328 30   21:
 263   39:           SEQUENCE {
 330 06    3:
 265    9:            OBJECT IDENTIFIER commonName (2 5 4 3)
 335 13   14:              PrintableString 'CP CSP Test CA' emailAddress
 276   26:            IA5String 'GostR3410-2001@example.com'
         :            }
         :           }
         :          }
 351 02   10:
 304   16:         INTEGER
         :           32          2B F5 C6 1E C2 11 BD 17 C7 ED 5B 00 03 00 00 12 82 DC D4 62 66 B4 2E 21
         :         }
 363 04
 322   42:        OCTET STRING, encapsulates {
 365 30
 324   40:         SEQUENCE {
 367 04
 326   32:          OCTET STRING
         :          57 22 EF 5F 03 7C AF AD 74 7E 0C C4 52 9F 0D 96
            :          F2 5B 42 23           16 A3 1C E7 CE 4E E9 0D 6A F1 EC 7A 98 90 7F CC D8 2F E5 72
 401 74 69 04 68 1E C7
         :           9F 3A ED B8 3B 1F 1D 4A 7E F9 A5 D9 CB 19 D5 E8
 360    4:          OCTET STRING
         :          C6 E0 DE 69           93 FD 86 7E
         :          }
         :         }
         :        }
         :       }
         :      }
         :     }
 407 30   47:
 366   56:    SEQUENCE {
 409 06
 368    9:     OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 420 30
 379   29:     SEQUENCE {
 422 06
 381    6:      OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21)
 430 30 id-Gost28147-89
 389   19:      SEQUENCE {
 432 04
 391    8:       OCTET STRING
            :        BF 68 D1 74 95 19 F0 13
 442 06 B7 35 E1 7A 07 35 A2 1D
 401    7:       OBJECT IDENTIFIER '1 2 643 2 2 31 1' id-Gost28147-89-CryptoPro-A-ParamSet
         :       }
         :      }
 451 80    3:
 410   12:     [0]
            : 39 B1 7F 12 8A F4 BF A9 E2 65 25 B6 55 C9
         :     }
         :    }
         :   }
         :  }

|>GostR3410-2001-keyagree.bin
|MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQIxggFQoYIBTAIBA6BloWMwHAYGKoUD
|AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
|mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
|L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
|gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD

|cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
|MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
|8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
|hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
|<GostR3410-2001-keyagree.bin

9.3  Enveloped message using Key Transport

   0 30  468:  423: SEQUENCE {
   4 06    9:  OBJECT IDENTIFIER envelopedData (1 2 840 113549 1 7 3)
  15 A0  453:  408:  [0] {
  19 30  449:  404:   SEQUENCE {
  23 02    1:    INTEGER 0
  26 31  393:  339:    SET {
  30 30  389:  335:     SEQUENCE {
  34 02    1:      INTEGER 0
  37 30  116:      SEQUENCE {
  39 30  102:  129:      SEQUENCE {
  41 31   11:        SET {
  43 30    9:
  40  109:       SEQUENCE {
  45 06    3:            OBJECT IDENTIFIER countryName (2 5 4 6)
  50 13    2:            PrintableString 'RU'
            :            }
            :          }
  54 31   15:
  42   31:        SET {
  56 30   13:
  44   29:         SEQUENCE {
  58 06
  46    3:          OBJECT IDENTIFIER localityName (2 5 4 7)
  63 13    6:            PrintableString 'Moscow' commonName
  51   22:          UTF8String 'GostR3410-2001 example'
         :          }
         :         }
  71 31   23:
  75   18:        SET {
  73 30   21:
  77   16:         SEQUENCE {
  75 06
  79    3:          OBJECT IDENTIFIER organizationName (2 5 4 10)
  80 13   14:            PrintableString 'OOO Crypto-Pro'
  84    9:          UTF8String 'CryptoPro'
         :          }
         :         }
  96 31   20:
  95   11:        SET {
  98 30   18:
  97    9:         SEQUENCE {
 100 06
  99    3:          OBJECT IDENTIFIER
            :              organizationalUnitName (2 5 4 11)
 105 13   11: countryName
 104    2:          PrintableString 'Development' 'RU'
         :          }
         :         }
 118 31   23:
 108   41:        SET {
 120 30   21:
 110   39:         SEQUENCE {
 122 06    3:
 112    9:          OBJECT IDENTIFIER commonName (2 5 4 3)
 127 13   14:            PrintableString 'CP CSP Test CA' emailAddress
 123   26:          IA5String 'GostR3410-2001@example.com'
         :          }
         :         }
         :        }
 143 02   10:
 151   16:       INTEGER
         :         1A 04 13 2F 00 03 00 00 0F 61        2B F5 C6 1E C2 11 BD 17 C7 DC D4 62 66 B4 2E 21
         :       }
 155 30
 169   28:      SEQUENCE {
 157 06
 171    6:       OBJECT IDENTIFIER GOST R 34.10-94 (1 2 643 2 2 20)
 165 30 id-GostR3410-2001
 179   18:       SEQUENCE {
 167 06
 181    7:        OBJECT IDENTIFIER '1 2 643 2 2 32 2'
 176 06
         :         id-GostR3410-2001-CryptoPro-XchA-ParamSet
 190    7:        OBJECT IDENTIFIER '1 2 643 2 2 30 1'
         :         id-GostR3411-94-CryptoProParamSet
         :        }
         :       }
 185 04  235:
 199  167:      OCTET STRING, encapsulates {
 188 30  232:
 202  164:       SEQUENCE {
 191 30
 205   40:        SEQUENCE {
 193 04
 207   32:         OCTET STRING
         :          6B B6 75 7D 48 FD FC 6C B1 51 48 4F 0D 92 1F B0          6A 2F A8 21 06 95 68 9F 9F E4 47 AA 9E CB 61 15
         :          2B 7E 41 60 BC 5D 3A 93 11 DC 8A 13 0D 42 77 6C DC 1A 5E 87 F7
 227 04 8D FB F5 3D 28 1B 18 9A F9 75
 241    4:         OCTET STRING
         :          0A A3 26 A0          36 6D 98 B7
         :         }
 233 A0  187:
 247  120:        [0] {
 236 06
 249    7:         OBJECT IDENTIFIER '1 2 643 2 2 31 1'
 245 A0  165:
         :          id-Gost28147-89-CryptoPro-A-ParamSet
 258   99:         [0] {
 248 30
 260   28:          SEQUENCE {
 250 06
 262    6:           OBJECT IDENTIFIER
            :             GOST R 34.10-94 (1 2 643 2 2 20)
 258 30 id-GostR3410-2001
 270   18:           SEQUENCE {
 260 06
 272    7:            OBJECT IDENTIFIER '1 2 643 2 2 32 2'
 269 06
         :             id-GostR3410-2001-CryptoPro-XchA-ParamSet
 281    7:            OBJECT IDENTIFIER '1 2 643 2 2 30 1'
         :             id-GostR3411-94-CryptoProParamSet
         :            }
         :           }
 278 03  132:
 290   67:          BIT STRING 0 1 unused bits, encapsulates {
 282 04  128:
 293   64:           OCTET STRING
         :         47 A6 19 5E D6 FF E2 6A 6C 32 94 9D 6D 8C 1A 82
            :         C2 C4 0D 73 09 4E 01 3B B0 32 FE EE 79 1F C7 CC
            :         DB 27 B0 52 4F E1 10 B1 26 B9 22 51 37 64 F2 06
            :            4D 2B 2F 33 13 00 D0 31 3F E4 B6 D2 D6 F7 31 B9 63 4F 02
            :         05 90 E6 DC A3 DD 16 E1 AD 0E E4 B7 CC B8 89 D1 20 D3 EA 45 55 2A CD DF E0 EF FB
         :         53 02 8C 03 21 7C F2 0C BE BB 0D 7F            31 F7 73 7E 4E 04 E5 A5
            :         3D F6 7F 2A 1E 17 40 59 4D 9D C5 4A ED 03 15 93 FF BF 78 89 8A 2B C3 CD 31 94 04
         :         B9 76 E6 41 BC 3B 70 18 90 B7 4A 7C 8F            4B 06 7D 0E 60 48 96 1F DB C7 5D 12 6F DA B2 40 8A 77
         :            B5 BD EA F2 EC 34 CB 23 9F 9B 8B DD 9E 12 C0 F6
         :           }
         :          }
 413 04
 359    8:         OCTET STRING
         :         CA CD 7B 87 B9 60 17 68          97 95 E3 2C 2B AD 2B 0C
         :         }
         :        }
         :       }
         :      }
         :     }
 423 30   47:
 369   56:    SEQUENCE {
 425 06
 371    9:     OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
 436 30
 382   29:     SEQUENCE {
 438 06
 384    6:      OBJECT IDENTIFIER GOST 28147-89 (1 2 643 2 2 21)
 446 30 id-Gost28147-89
 392   19:      SEQUENCE {
 448 04
 394    8:       OCTET STRING
            :            56 9C 94 5C 37 0F B2 59
 458 06 BC 10 8B 1F 0B FF 34 29
 404    7:       OBJECT IDENTIFIER '1 2 643 2 2 31 1' id-Gost28147-89-CryptoPro-A-ParamSet
         :       }
         :      }
 467 80    3:
 413   12:     [0]
            :        E5 CE CA AA 8E 72 1D EE 4F B3 2E E3 0F A1 37
         :     }
         :    }
         :   }
         :  }

|>GostR3410-2001-keytrans.bin
|MIIBpwYJKoZIhvcNAQcDoIIBmDCCAZQCAQAxggFTMIIBTwIBADCBgTBtMR8wHQYD
|VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
|CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
|cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
|KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
|dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
|HgEDQwEEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
|Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
|BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
|<GostR3410-2001-keytrans.bin

10  Appendix ASN.1 Modules

   Additional ASN.1 modules, referenced here, can be found in [CPALGS].

10.1  GostR3410-EncryptionSyntax

GostR3410-EncryptionSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        id-CryptoPro-algorithms,
        gost28147-89-EncryptionSyntax,
        gostR3410-94-PKISyntax,
        gostR3410-2001-PKISyntax,
        ALGORITHM-IDENTIFIER,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-GostR3410-94,
        GostR3410-94-PublicKeyParameters,
        GostR3410-94-PublicKeyAlgorithms
        id-GostR3410-94
        FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
        id-GostR3410-2001,
        GostR3410-2001-PublicKeyParameters,
        GostR3410-2001-PublicKeyAlgorithms
        id-GostR3410-2001
        FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
        id-Gost28147-89-TestParamSet,
        id-Gost28147-89-CryptoPro-A-ParamSet,
        id-Gost28147-89-CryptoPro-B-ParamSet,
        id-Gost28147-89-CryptoPro-C-ParamSet,
        id-Gost28147-89-CryptoPro-D-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-A-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-B-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-C-ParamSet,
        id-Gost28147-89-CryptoPro-Simple-D-ParamSet,
        Gost28147-89-ParamSet,
        Gost28147-89-EncryptedKey
        FROM Gost28147-89-EncryptionSyntax
             gost28147-89-EncryptionSyntax
        SubjectPublicKeyInfo, AlgorithmIdentifier
        SubjectPublicKeyInfo
        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
        id-mod(0) id-pkix1-explicit-88(1)}
    ;
  -- CMS/PKCS#7 key agreement algorithms & parameters
    Gost28147-89-KeyWrapParameters ::=
      SEQUENCE {
        encryptionParamSet Gost28147-89-ParamSet
      }
    id-Gost28147-89-CryptoPro-KeyWrap OBJECT IDENTIFIER ::=
      { id-CryptoPro-algorithms keyWrap(13) cryptoPro(1) }
    id-Gost28147-89-None-KeyWrap OBJECT IDENTIFIER ::=
      { id-CryptoPro-algorithms keyWrap(13) none(0) }
    Gost28147-89-KeyWrapAlgorithms  ALGORITHM-IDENTIFIER ::= {
      { Gost28147-89-KeyWrapParameters IDENTIFIED BY
        id-Gost28147-89-CryptoPro-KeyWrap } |
      { Gost28147-89-KeyWrapParameters IDENTIFIED BY
        id-Gost28147-89-None-KeyWrap }
    }
    id-GostR3410-2001-CryptoPro-ESDH OBJECT IDENTIFIER ::=
      { id-CryptoPro-algorithms
        gostR3410-2001-CryptoPro-ESDH(96) }
    id-GostR3410-94-CryptoPro-ESDH OBJECT IDENTIFIER ::=
      { id-CryptoPro-algorithms
        gostR3410-94-CryptoPro-ESDH(97) }
  -- CMS/PKCS#7 key transport algorithm algorithms & parameters
    -- OID for CMS/PKCS#7 Key transport is id-GostR3410-94 from
    --      GostR3410-94-PKISyntax or id-GostR3410-2001 from
    --      GostR3410-2001-PKISyntax
    -- Parameters Algorithms for CMS/PKCS#7 Key transport are
    --      GostR3410-94-PublicKeyParameters from
    --      GostR3410-94-PKISyntax with encryptionParameterOID or
    --      GostR3410-2001-PublicKeyParameters from
    --      GostR3410-2001-PKISyntax with encryptionParameterOID
    -- Algorithm for CMS/PKCS#7 Key transport iare
    --      GostR3410-94-PublicKeyAlgorithms from
    --      GostR3410-94-PKISyntax or
    --      GostR3410-2001-PublicKeyAlgorithms from
    --      GostR3410-2001-PKISyntax
    -- SMIMECapability for CMS/PKCS#7 Key transport are
    --      id-GostR3410-94 from GostR3410-94-PKISyntax or
    --      id-GostR3410-2001 from GostR3410-2001-PKISyntax
    id-GostR3410-94-KeyTransportSMIMECapability
        OBJECT IDENTIFIER ::= id-GostR3410-94
    id-GostR3410-2001-KeyTransportSMIMECapability
        OBJECT IDENTIFIER ::= id-GostR3410-2001
    GostR3410-KeyTransport ::=
        SEQUENCE {
            sessionEncryptedKey Gost28147-89-EncryptedKey,
            transportParameters [0]
                IMPLICIT GostR3410-TransportParameters OPTIONAL
        }
    GostR3410-TransportParameters ::=
        SEQUENCE {
            encryptionParamSet
                OBJECT IDENTIFIER (
                    id-Gost28147-89-TestParamSet |
                        -- Only for testing purposes
                    id-Gost28147-89-CryptoPro-A-ParamSet |
                    id-Gost28147-89-CryptoPro-B-ParamSet |
                    id-Gost28147-89-CryptoPro-C-ParamSet |
                    id-Gost28147-89-CryptoPro-D-ParamSet |
                    id-Gost28147-89-CryptoPro-Simple-A-ParamSet |
                    id-Gost28147-89-CryptoPro-Simple-B-ParamSet |
                    id-Gost28147-89-CryptoPro-Simple-C-ParamSet |
                    id-Gost28147-89-CryptoPro-Simple-D-ParamSet
                ), Gost28147-89-ParamSet,
            ephemeralPublicKey [0]
                IMPLICIT SubjectPublicKeyInfo OPTIONAL,
            ukm                OCTET STRING ( SIZE(8) )
        }
    GostR3410-KeyEncryptionAlgorithms
        ALGORITHM-IDENTIFIER ::= {
                { GostR3410-94-PublicKeyParameters IDENTIFIED BY
                        id-GostR3410-94 } |
                { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
                        id-GostR3410-2001 }
        }
END -- GostR3410-EncryptionSyntax

10.2   GostR3410-94-SignatureSyntax

GostR3410-94-SignatureSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-GostR3410-94,
        GostR3410-94-PublicKeyParameters
        FROM GostR3410-94-PKISyntax gostR3410-94-PKISyntax
    ;
  -- GOST R 34.10-94 signature data type
    GostR3410-94-Signature ::=
        OCTET STRING (SIZE (64))
  -- GOST R 34.10-94 signature algorithm & parameters
    GostR3410-94-CMSSignatureAlgorithms  ALGORITHM-IDENTIFIER ::= {
        { GostR3410-94-PublicKeyParameters IDENTIFIED BY
                        id-GostR3410-94 }
    }

END -- GostR3410-94-SignatureSyntax

10.3  GostR3410-2001-SignatureSyntax

GostR3410-2001-SignatureSyntax
    { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
      other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 }
DEFINITIONS ::=
BEGIN
-- EXPORTS All --
-- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian
-- Cryptography service.
    IMPORTS
        gostR3410-2001-PKISyntax, ALGORITHM-IDENTIFIER,
        cryptographic-Gost-Useful-Definitions
        FROM Cryptographic-Gost-Useful-Definitions
            { iso(1) member-body(2) ru(643) rans(2)
              cryptopro(2) other(1) modules(1)
              cryptographic-Gost-Useful-Definitions(0) 1 }
        id-GostR3410-2001,
        GostR3410-2001-PublicKeyParameters
        FROM GostR3410-2001-PKISyntax gostR3410-2001-PKISyntax
    ;
  -- GOST R 34.10-2001 signature data type
    GostR3410-2001-Signature ::=
        OCTET STRING (SIZE (64))
  -- GOST R 34.10-2001 signature algorithms and parameters
    GostR3410-2001-CMSSignatureAlgorithms
        ALGORITHM-IDENTIFIER ::= {
                { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
                        id-GostR3410-2001 }
        }
END -- GostR3410-2001-SignatureSyntax

11  References

   Normative references:

   [CPALGS]      V. Popov, I. Kurepkin, S. Leontiev, "Additional crypto-
                 graphic algorithms for use with GOST 28147-89, GOST R
                 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algo-
                 rithms.", September 2005, draft-popov-cryptopro-
                 cpalgs-04.txt

   [CPPK]        S. Leontiev, D. Shefanovskij, "Algorithms and Identi-
                 fiers for the Internet X.509 Public Key Infrastructure
                 Certificates and Certificate Revocation List (CRL),
                 corresponding to the algorithms GOST R 34.10-94, GOST R
                 34.10-2001, GOST R 34.11-94", September 2005, draft-
                 ietf-pkix-gost-cppk-03.txt

   [GOST28147]   "Cryptographic Protection for Data Processing System",
                 GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov-
                 ernment Committee of the USSR for Standards, 1989. (In
                 Russian);

   [GOSTR341094] "Information technology. Cryptographic Data Security.
                 Produce and check procedures of Electronic Digital Sig-
                 natures based on Asymmetric Cryptographic Algorithm.",
                 GOST R 34.10-94, Gosudarstvennyi Standard of Russian
                 Federation, Government Committee of the Russia for
                 Standards, 1994. (In Russian);

   [GOSTR341001] "Information technology. Cryptographic data security.
                 Signature and verification processes of [electronic]
                 digital signature.", GOST R 34.10-2001, Gosudarstvennyi
                 Standard of Russian Federation, Government Committee of
                 the Russia for Standards, 2001. (In Russian);

   [GOSTR341194] "Information technology. Cryptographic Data Security.
                 Hashing function.", GOST R 34.10-94, Gosudarstvennyi
                 Standard of Russian Federation, Government Committee of
                 the Russia for Standards, 1994. (In Russian);

   [RFC 3280]    Housley, R., Polk, W., Ford, W.   and D.   Solo,
                 "Internet X.509 Public Key Infrastructure Certificate
                 and Certificate Revocation List (CRL) Profile", RFC
                 3280, April 2002.

   [RFC 3279]    Algorithms and Identifiers for the Internet X.509 Pub-
                 lic Key Infrastructure Certificate and Certificate
                 Revocation List (CRL) Profile.   L.   Bassham, W.
                 Polk, R.   Housley.   April 2002.

   [RFC 2119]    Bradner, S., "Key Words for Use in RFCs to Indi-
                 cateRequirement Levels", BCP 14, RFC 2119, March 1997.

   [CMS]         R. Housley, "Cryptographic Message Syntax", RFC 3369,
                 August 2002
   [RFC 3851]    B. Ramsdell, "Secure/Multipurpose Internet Mail Exten-
                 sions (S/MIME) Version 3.1 Message Specification", RFC
                 3851. July 2004

   [X.208-88]    CCITT.  Recommendation X.208: Specification of Abstract
                 Syntax Notation One (ASN.1).  1988.

   [X.209-88]    CCITT.  Recommendation X.209: Specification of Basic
                 Encoding Rules for Abstract Syntax Notation One
                 (ASN.1).  1988..

   [CPPK]        S. Leontiev, D. Shefanovskij, "Using the GOST R
                 34.10-94, GOST R 34.10-2001 and GOST R 34.11-94 algo-
                 rithms with the Internet X.509 Public Key Infrastruc-
                 ture Certificate and CRL Profile.", draft-ietf-pkix-
                 gost-cppk-02.txt

   [CPALGS]      V. Popov, I. Kurepkin, S. Leontiev "Additional crypto-
                 graphic algorithms for use with GOST 28147-89, GOST R
                 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algo-
                 rithms.", draft-popov-cryptopro-cpalgs-03.txt  1988.

   Informative references:

   [RFC 2119]    Bradner, S., "Key Words for Use in RFCs to Indi-
                 cateRequirement Levels", BCP 14, RFC 2119, March 1997.

   [Schneier95]  B.   Schneier, Applied cryptography, second edition,
                 John Wiley & Sons, Inc., 1995;

   [RFDSL]       "Russian Federal Digital Signature Law", 10 Jan 2002
                 N1-FZ

   [RFLLIC]      "Russian Federal Law on Licensing of Selected Activity
                 Categories", 08 Aug 2001 N 128-FZ

   [CRYPTOLIC]   "Russian Federal Goverment Regulation on Licensing of
                 Selected Activity Categories in Cryptography Area", 23
                 Sep 2002 N 691

Acknowledgments

   This document was created in accordance with "Russian Cryptographic
   Software Compatibility Agreement", signed by FGUE STC "Atlas",
   CRYPTO-PRO, Factor-TC, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
   Cryptocom, R-Alpha.  The aim of this agreement is to achieve mutual
   compatibility of the products and solutions.

   The authors wish to thank:

      Microsoft Corporation Russia for provided information about
      company products and solutions, and also for technical consulting
      in PKI.

      RSA Security Russia and Demos Co Ltd for active collaboration and
      critical help in creation of this document.

      Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
      Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
      creating this document.

   This document is based on a contribution of CRYPTO-PRO Company.  Any
   substantial use of the text from this document must acknowledge
   CRYPTO-PRO.  CRYPTO-PRO requests that all material mentioning or
   referencing this document identify this as "CRYPTO-PRO CPCMS".

Author's Addresses

   Serguei Leontiev
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: lse@cryptopro.ru

   Vladimir Popov
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: vpopov@cryptopro.ru

   Gregory Chudov
   CRYPTO-PRO
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: chudov@cryptopro.ru

   Alexandr Afanasiev
   Factor-TC
   Factor-TS
   office 711, 14, Presnenskij val,
   Moscow, 123557, Russian Federation
   EMail: afa@factor-ts.ru afa1@factor-ts.ru

   Nikolaj Nikishin
   Infotecs GmbH
   p/b 35, 80-5, Leningradskij prospekt,
   Moscow, 125315, Russian Federation
   EMail: nikishin@infotecs.ru

   Boleslav Izotov
   FGUE STC "Atlas"
   38, Obraztsova,
   Moscow, 127018, Russian Federation
   EMail: izotov@stcnet.ru izotov@nii.voskhod.ru

   Elena Minaeva
   MD PREI
   build 3, 6A, Vtoroj Troitskij per.,
   Moscow, Russian Federation
   EMail: evminaeva@mo.msk.ru evminaeva@mail.ru

   Serguei Murugov
   R-Alpha
   4/1, Raspletina,
   Moscow, 123060, Russian Federation
   EMail: msm@office.ru

   Igori msm@top-cross.ru

   Igor Ustinov
   Cryptocom
   office 239, 51, Leninskij prospekt,
   Moscow, 119991, Russian Federation
   EMail: igus@cryptocom.ru

   Anatolij Erkin
   SPRCIS (SPbRCZI)
   1, Obrucheva,
   St.Petersburg, 195220, Russian Federation
   EMail: erkin@nevsky.net

Intellectual Property Statement
   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Disclaimer of Validity

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Full Copyright Statement

   Copyright (C) The Internet Society (2005).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78, and
   except as set forth therein, the authors retain all their rights.

Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Expires January 2006