draft-ietf-smime-gost-06.txt   draft-ietf-smime-gost-07.txt 
S/MIME Working Group Serguei Leontiev, CRYPTO-PRO S/MIME Working Group Serguei Leontiev, CRYPTO-PRO
Internet Draft Gregory Chudov, CRYPTO-PRO Internet Draft Gregory Chudov, CRYPTO-PRO
Expires June 21, 2006 December 21, 2005 Expires July 18, 2006 January 18, 2006
Intended Category: Standards Track Intended Category: Standards Track
Using the GOST 28147-89, GOST R 34.11-94, Using the GOST 28147-89, GOST R 34.11-94,
GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the GOST R 34.10-94 and GOST R 34.10-2001 algorithms with the
Cryptographic Message Syntax (CMS) Cryptographic Message Syntax (CMS)
<draft-ietf-smime-gost-06.txt> <draft-ietf-smime-gost-07.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than a "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html. http://www.ietf.org/1id-abstracts.html.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 21, 2006. This Internet-Draft will expire on July 18, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document describes the conventions for using cryptographic This document describes the conventions for using cryptographic
algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R
34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is 34.11-94, along with Cryptographic Message Syntax (CMS). The CMS is
used for digital signature, digest, authentication and encryption of used for digital signature, digest, authentication and encryption of
arbitrary message contents. arbitrary message contents.
Table of Contents Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Terminology. . . . . . . . . . . . . . . . . . . . . . . 3
2 Message Digest Algorithms. . . . . . . . . . . . . . . . 3
2.1 Message Digest Algorithm GOST R 34.11-94 . . . . . . . . 3
3 Signature Algorithms . . . . . . . . . . . . . . . . . . 4
3.1 Signature Algorithm GOST R 34.10-94. . . . . . . . . . . 4
3.2 Signature Algorithm GOST R 34.10-2001. . . . . . . . . . 4
4 Key Management Algorithms. . . . . . . . . . . . . . . . 5
4.1 Key Agreement Algorithms . . . . . . . . . . . . . . . . 5
4.1.1 Key Agreement Algorithms Based on GOST R 34.10-94/2001
Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.2 Key Transport Algorithms. .. . . . . . . . . . . . . . . 7
4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001
Public Keys . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5 Content Encryption Algorithms. . . . . . . . . . . . . . 9
5.1 Key-Encryption Key Algorithm GOST 28147-89 . . . . . . . 9
6 MAC Algorithms . . . . . . . . . . . . . . . . . . . . . 9
6.1 HMAC with GOST R 34.11-94. . . . . . . . . . . . . . . . 10
7 Using with S/MIME. . . . . . . . . . . . . . . . . . . . 10
7.1 Parameter micalg . . . . . . . . . . . . . . . . . . . . 10
7.2 Atribute SMIMECapabilities . . . . . . . . . . . . . . . 10
8 Security Considerations. . . . . . . . . . . . . . . . . 11
9 Appendix Examples. . . . . . . . . . . . . . . . . . . . 11
9.1 Signed message . . . . . . . . . . . . . . . . . . . . . 12
9.2 Enveloped message using Key Agreement. . . . . . . . . . 13
9.3 Enveloped message using Key Transport. . . . . . . . . . 16
10 Appendix ASN.1 Modules . . . . . . . . . . . . . . . . . 18
10.1 GostR3410-EncryptionSyntax . . . . . . . . . . . . . . . 18
10.2 GostR3410-94-SignatureSyntax . . . . . . . . . . . . . . 20
10.3 GostR3410-2001-SignatureSyntax . . . . . . . . . . . . . 21
11 References . . . . . . . . . . . . . . . . . . . . . . . 22
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . 23
Author's Address. . . . . . . . . . . . . . . . . . . . . . . . 24
Full Copyright Statement. . . . . . . . . . . . . . . . . . . . 25
1 Introduction 1. Introduction..................................................2
1.2. Terminology..............................................3
2. Message Digest Algorithms.....................................3
2.1. Message Digest Algorithm GOST R 34.11-94.................3
3. Signature Algorithms..........................................4
3.1. Signature Algorithm GOST R 34.10-94......................4
3.2. Signature Algorithm GOST R 34.10-2001....................4
4. Key Management Algorithms.....................................5
4.1. Key Agreement Algorithms.................................5
4.1.1. Key Agreement Algorithms Based on
GOST R 34.10-94/2001 Public Keys........................5
4.2. Key Transport Algorithms.................................7
4.2.1. Key Transport Algorithm Based on
GOST R 34.10-94/2001 Public Keys........................8
5. Content Encryption Algorithms.................................9
5.1. Key-Encryption Key Algorithm GOST 28147-89...............9
6. MAC Algorithms................................................9
6.1. HMAC with GOST R 34.11-94...............................10
7. Using with S/MIME............................................10
7.1. Parameter micalg........................................10
7.2. Atribute SMIMECapabilities..............................10
8. Security Considerations......................................11
9. Appendix Examples............................................11
9.1. Signed message..........................................12
9.2. Enveloped message using Key Agreement...................13
9.3. Enveloped message using Key Transport...................16
10. Appendix ASN.1 Modules......................................18
10.1. GostR3410-EncryptionSyntax.............................18
10.2. GostR3410-94-SignatureSyntax...........................20
10.3. GostR3410-2001-SignatureSyntax.........................21
11. Acknowledgments.............................................22
12. References..................................................22
12.1. Normative References...................................23
12.2. Informative References.................................24
Contact Information.............................................24
Full Copyright Statement........................................26
1. Introduction
The Cryptographic Message Syntax [CMS] is used for digital signature, The Cryptographic Message Syntax [CMS] is used for digital signature,
digest, authentication and encryption of arbitrary message contents. digest, authentication and encryption of arbitrary message contents.
This companion specification describes the use of cryptographic This companion specification describes the use of cryptographic
algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST algorithms GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001 and GOST
R 34.11-94 in CMS, as proposed by the CRYPTO-PRO Company for "Russian R 34.11-94 in CMS, as proposed by the CRYPTO-PRO Company for "Russian
Cryptographic Software Compatibility Agreement" community. This Cryptographic Software Compatibility Agreement" community. This
document does not describe these cryptographic algorithms; they are document does not describe these cryptographic algorithms; they are
defined in corresponding national standards. defined in corresponding national standards.
The CMS values are generated using ASN.1 [X.208-88], using BER- The CMS values are generated using ASN.1 [X.208-88], using BER-
encoding [X.209-88]. This document specifies the algorithm encoding [X.209-88]. This document specifies the algorithm
identifiers for each algorithm, including ASN.1 for object identifiers for each algorithm, including ASN.1 for object
identifiers and any associated parameters. identifiers and any associated parameters.
The fields in the CMS employed by each algorithm are identified. The fields in the CMS employed by each algorithm are identified.
1.2 Terminology 1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
2 Message Digest Algorithms 2. Message Digest Algorithms
This section specifies the conventions for using the digest algorithm This section specifies the conventions for using the digest algorithm
GOST R 34.11-94 employed by CMS. GOST R 34.11-94 employed by CMS.
Digest values are located in the DigestedData digest field and the Digest values are located in the DigestedData digest field and the
Message Digest authenticated attribute. In addition, digest values Message Digest authenticated attribute. In addition, digest values
are input to signature algorithms. are input to signature algorithms.
2.1 Message Digest Algorithm GOST R 34.11-94 2.1. Message Digest Algorithm GOST R 34.11-94
Hash function GOST R 34.11-94 has been developed by "GUBS of Federal Hash function GOST R 34.11-94 has been developed by "GUBS of Federal
Agency Government Communication and Information" and "All-Russian Agency Government Communication and Information" and "All-Russian
Scientific and Research Institute of Standardization". The algorithm Scientific and Research Institute of Standardization". The algorithm
GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite GOST R 34.11-94 produces a 256-bit hash value of the arbitrary finite
bit length input. This document does not contain the full GOST R bit length input. This document does not contain the full GOST R
34.11-94 specification, which can be found in [GOSTR3411] in Russian. 34.11-94 specification, which can be found in [GOSTR3411] in Russian.
[Schneier95] ch. 18.11, p. 454. contains a brief technical [Schneier95] ch. 18.11, p. 454. contains a brief technical
description in English. description in English.
skipping to change at page 4, line 7 skipping to change at page 4, line 10
as NULL parameters. as NULL parameters.
This function is always used with default parameters id- This function is always used with default parameters id-
GostR3411-94-CryptoProParamSet (see section 8.2 of [CPALGS]). GostR3411-94-CryptoProParamSet (see section 8.2 of [CPALGS]).
When Message Digest authenticated attribute is present, DigestedData When Message Digest authenticated attribute is present, DigestedData
digest contains a 32-byte digest in little-endian representation: digest contains a 32-byte digest in little-endian representation:
GostR3411-94-Digest ::= OCTET STRING (SIZE (32)) GostR3411-94-Digest ::= OCTET STRING (SIZE (32))
3 Signature Algorithms 3. Signature Algorithms
This section specifies the CMS procedures for GOST R 34.10-94 and This section specifies the CMS procedures for GOST R 34.10-94 and
GOST R 34.10-2001 signature algorithms. GOST R 34.10-2001 signature algorithms.
Signature algorithm identifiers are located in the SignerInfo Signature algorithm identifiers are located in the SignerInfo
signatureAlgorithm field of SignedData. Also, signature algorithm signatureAlgorithm field of SignedData. Also, signature algorithm
identifiers are located in the SignerInfo signatureAlgorithm field of identifiers are located in the SignerInfo signatureAlgorithm field of
countersignature attributes. countersignature attributes.
Signature values are located in the SignerInfo signature field of Signature values are located in the SignerInfo signature field of
SignedData. Also, signature values are located in the SignerInfo SignedData. Also, signature values are located in the SignerInfo
signature field of countersignature attributes. signature field of countersignature attributes.
3.1 Signature Algorithm GOST R 34.10-94 3.1. Signature Algorithm GOST R 34.10-94
GOST R 34.10-94 has been developed by "GUBS of Federal Agency GOST R 34.10-94 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific Government Communication and Information" and "All-Russian Scientific
and Research Institute of Standardization". This signature algorithm and Research Institute of Standardization". This signature algorithm
MUST be used conjointly with GOST R 34.11-94 message digest MUST be used conjointly with GOST R 34.11-94 message digest
algorithm. This document does not contain the full GOST R 34.10-94 algorithm. This document does not contain the full GOST R 34.10-94
specification, which is fully described in [GOSTR341094] in Russian, specification, which is fully described in [GOSTR341094] in Russian,
and a brief description in English can be found in [Schneier95] ch. and a brief description in English can be found in [Schneier95] ch.
20.3, p. 495. 20.3, p. 495.
The GOST R 34.10-94 signature algorithm has the following public key The GOST R 34.10-94 signature algorithm has the following public key
algorithm identifier [CPPK]: algorithm identifier:
id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94 id-GostR3410-94-signature OBJECT IDENTIFIER ::= id-GostR3410-94
id-GostR3410-94 is defined in Section 2.3.1 of [CPPK].
Signature algorithm GOST R 34.10-94 generates a digital signature in Signature algorithm GOST R 34.10-94 generates a digital signature in
the form of a binary 512-bit vector (<r'>256||<s>256). the form of a binary 512-bit vector (<r'>256||<s>256).
signatureValue contains its little endian representation. signatureValue contains its little endian representation.
GostR3410-94-Signature ::= OCTET STRING (SIZE (64)) GostR3410-94-Signature ::= OCTET STRING (SIZE (64))
3.2 Signature Algorithm GOST R 34.10-2001 3.2. Signature Algorithm GOST R 34.10-2001
GOST R 34.10-2001 has been developed by "GUBS of Federal Agency GOST R 34.10-2001 has been developed by "GUBS of Federal Agency
Government Communication and Information" and "All-Russian Scientific Government Communication and Information" and "All-Russian Scientific
and Research Institute of Standardization". This signature algorithm and Research Institute of Standardization". This signature algorithm
MUST be used conjointly with GOST R 34.11-94. This document does not MUST be used conjointly with GOST R 34.11-94. This document does not
contain the full GOST R 34.10-2001 specification, which is fully contain the full GOST R 34.10-2001 specification, which is fully
described in [GOSTR341001]. described in [GOSTR341001].
The signature algorithm GOST R 34.10-2001 has the following public The signature algorithm GOST R 34.10-2001 has the following public
key algorithm identifier from [CPPK]: key algorithm identifier:
id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001 id-GostR3410-2001-signature OBJECT IDENTIFIER ::= id-GostR3410-2001
id-GostR3410-2001 is defined in Section 2.3.2 of [CPPK].
Signature algorithm GOST R 34.10-2001 generates a digital signature Signature algorithm GOST R 34.10-2001 generates a digital signature
in the form of a binary 512-bit vector (<r'>256||<s>256). in the form of a binary 512-bit vector (<r'>256||<s>256).
signatureValue contains its little endian representation. signatureValue contains its little endian representation.
GostR3410-2001-Signature ::= OCTET STRING (SIZE (64)) GostR3410-2001-Signature ::= OCTET STRING (SIZE (64))
4 Key Management Algorithms 4. Key Management Algorithms
This chapter describes the key agreement and key transport This chapter describes the key agreement and key transport
algorithms, based on VKO GOST R 34.10-94 and VKO GOST R 34.10-2001 algorithms, based on VKO GOST R 34.10-94 and VKO GOST R 34.10-2001
key derivation algorithms, and the CryptoPro and GOST 28147-89 key key derivation algorithms, and the CryptoPro and GOST 28147-89 key
wrap algorithms, described in [CPALGS]. They MUST be used only with wrap algorithms, described in [CPALGS]. They MUST be used only with
content encryption algorithm GOST 28147-89, defined in section 5 of content encryption algorithm GOST 28147-89, defined in section 5 of
this document. this document.
4.1 Key Agreement Algorithms 4.1. Key Agreement Algorithms
This section specifies the conventions employed by CMS This section specifies the conventions employed by CMS
implementations that support key agreement using both VKO GOST R implementations that support key agreement using both VKO GOST R
34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS]. 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
Key agreement algorithm identifiers are located in the EnvelopedData Key agreement algorithm identifiers are located in the EnvelopedData
RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm and
AuthenticatedData RecipientInfos KeyAgreeRecipientInfo AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
keyEncryptionAlgorithm fields. keyEncryptionAlgorithm fields.
Wrapped content-encryption keys are located in the EnvelopedData Wrapped content-encryption keys are located in the EnvelopedData
RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
encryptedKey field. Wrapped message-authentication keys are located encryptedKey field. Wrapped message-authentication keys are located
in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo in the AuthenticatedData RecipientInfos KeyAgreeRecipientInfo
RecipientEncryptedKeys encryptedKey field. RecipientEncryptedKeys encryptedKey field.
4.1.1 Key Agreement Algorithms Based on GOST R 34.10-94/2001 Public 4.1.1. Key Agreement Algorithms Based on GOST R 34.10-94/2001 Public
Keys Keys
The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used The EnvelopedData RecipientInfos KeyAgreeRecipientInfo field is used
as follows: as follows:
version MUST be 3. version MUST be 3.
originator MUST be the originatorKey alternative. The originator MUST be the originatorKey alternative. The
originatorKey algorithm field MUST contain the object identifier originatorKey algorithm field MUST contain the object identifier
id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters id-GostR3410-94 or id-GostR3410-2001 and corresponding parameters
skipping to change at page 7, line 45 skipping to change at page 7, line 52
Then the key wrap algorithm, specified by KeyWrapAlgorithm, is Then the key wrap algorithm, specified by KeyWrapAlgorithm, is
applied to produce CEK_ENC, CEK_MAC, and UKM. applied to produce CEK_ENC, CEK_MAC, and UKM.
Gost28147-89-KeyWrapParameters encryptionParamSet is used for all Gost28147-89-KeyWrapParameters encryptionParamSet is used for all
encryption operations. encryption operations.
The resulting encrypted key (CEK_ENC) is placed in The resulting encrypted key (CEK_ENC) is placed in
Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
placed in Gost28147-89-EncryptedKey macKey field, and UKM is placed placed in Gost28147-89-EncryptedKey macKey field, and UKM is placed
in KeyAgreeRecipientInfo ukm field. in KeyAgreeRecipientInfo ukm field.
4.2 Key Transport Algorithms 4.2. Key Transport Algorithms
This section specifies the conventions employed by CMS This section specifies the conventions employed by CMS
implementations that support key transport using both VKO GOST R implementations that support key transport using both VKO GOST R
34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS]. 34.10-94 and VKO GOST R 34.10-2001 algorithms, described in [CPALGS].
Key transport algorithm identifiers are located in the EnvelopedData Key transport algorithm identifiers are located in the EnvelopedData
RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.
Key transport encrypted content-encryption keys are located in the Key transport encrypted content-encryption keys are located in the
EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
field. field.
4.2.1 Key Transport Algorithm Based on GOST R 34.10-94/2001 Public Keys 4.2.1. Key Transport Algorithm Based on GOST R 34.10-94/2001 Public
Keys
The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used The EnvelopedData RecipientInfos KeyTransRecipientInfo field is used
as follows: as follows:
version MUST be 0 or 3. version MUST be 0 or 3.
keyEncryptionAlgorithm and parameters MUST be identical to the keyEncryptionAlgorithm and parameters MUST be identical to the
recipient public key algorithm and parameters. recipient public key algorithm and parameters.
encryptedKey encapsulates GostR3410-KeyTransport, which consists encryptedKey encapsulates GostR3410-KeyTransport, which consists
skipping to change at page 9, line 6 skipping to change at page 9, line 14
Then the CryptoPro key wrap algorithm is applied to produce CEK_ENC, Then the CryptoPro key wrap algorithm is applied to produce CEK_ENC,
CEK_MAC, and UKM. GostR3410-TransportParameters encryptionParamSet is CEK_MAC, and UKM. GostR3410-TransportParameters encryptionParamSet is
used for all encryption operations. used for all encryption operations.
The resulting encrypted key (CEK_ENC) is placed in The resulting encrypted key (CEK_ENC) is placed in
Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is Gost28147-89-EncryptedKey encryptedKey field, its mac (CEK_MAC) is
placed in Gost28147-89-EncryptedKey macKey field, and UKM is placed placed in Gost28147-89-EncryptedKey macKey field, and UKM is placed
in GostR3410-TransportParameters ukm field. in GostR3410-TransportParameters ukm field.
5 Content Encryption Algorithms 5. Content Encryption Algorithms
This section specifies the conventions employed by CMS This section specifies the conventions employed by CMS
implementations that support content encryption using GOST 28147-89. implementations that support content encryption using GOST 28147-89.
Content encryption algorithm identifiers are located in the Content encryption algorithm identifiers are located in the
EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the
EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields. EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields.
Content encryption algorithms are used to encipher the content Content encryption algorithms are used to encipher the content
located in the EnvelopedData EncryptedContentInfo encryptedContent located in the EnvelopedData EncryptedContentInfo encryptedContent
field and the EncryptedData EncryptedContentInfo encryptedContent field and the EncryptedData EncryptedContentInfo encryptedContent
field. field.
5.1 Content Encryption Algorithm GOST 28147-89 5.1. Content Encryption Algorithm GOST 28147-89
This section specifies the use of GOST 28147-89 algorithm for data This section specifies the use of GOST 28147-89 algorithm for data
encipherment. encipherment.
GOST 28147-89 is fully described in [GOST28147] (in Russian). GOST 28147-89 is fully described in [GOST28147] (in Russian).
This document specifies the following OID for this algorithm: This document specifies the following OID for this algorithm:
id-Gost28147-89 OBJECT IDENTIFIER ::= id-Gost28147-89 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
skipping to change at page 9, line 47 skipping to change at page 10, line 6
SEQUENCE { SEQUENCE {
iv Gost28147-89-IV, iv Gost28147-89-IV,
encryptionParamSet OBJECT IDENTIFIER encryptionParamSet OBJECT IDENTIFIER
} }
Gost28147-89-IV ::= OCTET STRING (SIZE (8)) Gost28147-89-IV ::= OCTET STRING (SIZE (8))
encryptionParamSet specifies the set of corresponding encryptionParamSet specifies the set of corresponding
Gost28147-89-ParamSetParameters (see section 8.1 of [CPALGS]) Gost28147-89-ParamSetParameters (see section 8.1 of [CPALGS])
6 MAC Algorithms 6. MAC Algorithms
This section specifies the conventions employed by CMS This section specifies the conventions employed by CMS
implementations that support the message authentication code (MAC) implementations that support the message authentication code (MAC)
based on GOST R 34.11-94. based on GOST R 34.11-94.
MAC algorithm identifiers are located in the AuthenticatedData MAC algorithm identifiers are located in the AuthenticatedData
macAlgorithm field. macAlgorithm field.
MAC values are located in the AuthenticatedData mac field. MAC values are located in the AuthenticatedData mac field.
6.1 HMAC with GOST R 34.11-94 6.1. HMAC with GOST R 34.11-94
HMAC_GOSTR3411 (K,text) function is based on hash function GOST R HMAC_GOSTR3411 (K,text) function is based on hash function GOST R
34.11-94, as defined in section 3 of [CPALGS]. 34.11-94, as defined in section 3 of [CPALGS].
This document specifies the following OID for this algorithm: This document specifies the following OID for this algorithm:
id-HMACGostR3411-94 OBJECT IDENTIFIER ::= id-HMACGostR3411-94 OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
hmacgostr3411(10) } hmacgostr3411(10) }
This algorithm has the same parameters, as GOST R 34.11-94 digest This algorithm has the same parameters, as GOST R 34.11-94 digest
algorithm, and uses the same OIDs for their identification (see algorithm, and uses the same OIDs for their identification (see
[CPPK]). [CPPK]).
7 Using with S/MIME 7. Using with S/MIME
This section defines use of the algorithms defined in this document This section defines use of the algorithms defined in this document
together with S/MIME [RFC 3851]. together with S/MIME [RFC 3851].
7.1 Parameter micalg 7.1. Parameter micalg
When using the algorithms defined in this document, micalg parameter When using the algorithms defined in this document, micalg parameter
SHOULD be set to "gostr3411-94" or it MAY be set to "unknown". SHOULD be set to "gostr3411-94", otherwise it MUST be set to
"unknown".
7.2 Attribute SMIMECapabilities 7.2. Attribute SMIMECapabilities
The SMIMECapability value which indicates support for the GOST R The SMIMECapability value which indicates support for the GOST R
34.11-94 digest algorithm is the SEQUENCE with the capabilityID field 34.11-94 digest algorithm is the SEQUENCE with the capabilityID field
containing the object identifier id-GostR3411-94 and no parameters. containing the object identifier id-GostR3411-94 and no parameters.
The DER encoding is: The DER encoding is:
30 08 06 06 2A 85 03 02 02 09 30 08 06 06 2A 85 03 02 02 09
The SMIMECapability value which indicates support for the GOST The SMIMECapability value which indicates support for the GOST
28147-89 encryption algorithm is the SEQUENCE with the capabilityID 28147-89 encryption algorithm is the SEQUENCE with the capabilityID
field containing the object identifier id-Gost28147-89 and no field containing the object identifier id-Gost28147-89 and no
parameters. The DER encoding is: parameters. The DER encoding is:
30 08 06 06 2A 85 03 02 02 15 30 08 06 06 2A 85 03 02 02 15
If the sender wishes to indicate support for a specific parameter If the sender wishes to indicate support for a specific parameter
set, SMIMECapability parameters MUST contain the set, SMIMECapability parameters MUST contain the
Gost28147-89-Parameters structure. Recipients MUST ignore the Gost28147-89-Parameters structure. Recipients MUST ignore the
skipping to change at page 11, line 15 skipping to change at page 11, line 24
Gost28147-89-Parameters iv field, and assume that the sender supports Gost28147-89-Parameters iv field, and assume that the sender supports
parameters, specified in Gost28147-89-Parameters encryptionParamSet parameters, specified in Gost28147-89-Parameters encryptionParamSet
field. field.
The DER encoding for the SMIMECapability, indicating support for GOST The DER encoding for the SMIMECapability, indicating support for GOST
28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]) is: 28147-89 with id-Gost28147-89-CryptoPro-A-ParamSet (see [CPALGS]) is:
30 1D 06 06 2A 85 03 02 02 15 30 13 04 08 00 00 30 1D 06 06 2A 85 03 02 02 15 30 13 04 08 00 00
00 00 00 00 00 00 06 07 2A 85 03 02 02 1F 01 00 00 00 00 00 00 06 07 2A 85 03 02 02 1F 01
8 Security Considerations 8. Security Considerations
Conforming applications MUST use unique values for ukm and iv. Conforming applications MUST use unique values for ukm and iv.
Recipients MAY verify that ukm and iv, specified by the sender, are Recipients MAY verify that ukm and iv, specified by the sender, are
unique. unique.
It is RECOMMENDED that software applications verify signature values, It is RECOMMENDED that software applications verify signature values,
subject public keys and algorithm parameters to conform to subject public keys and algorithm parameters to conform to
[GOSTR341001] [GOSTR341094] standards prior to their use. [GOSTR341001] [GOSTR341094] standards prior to their use.
Cryptographic algorithm parameters affect rigidity of algorithms. Cryptographic algorithm parameters affect algorithm strength. The
The use of parameters not listed in [CPALGS] is NOT RECOMMENDED (see use of parameters not listed in [CPALGS] is NOT RECOMMENDED (see
Security Considerations section of [CPALGS]). Security Considerations section of [CPALGS]).
Use of the same key for signature and key derivation is NOT Use of the same key for signature and key derivation is NOT
RECOMMENDED. When signed CMS documents are used as an analogue to a RECOMMENDED. When signed CMS documents are used as an analogue to a
manual signing, in the context of Russian Federal Digital Signature manual signing, in the context of Russian Federal Digital Signature
Law [RFDSL], signer certificate MUST contain the keyUsage extension, Law [RFDSL], signer certificate MUST contain the keyUsage extension,
it MUST be critical, and keyUsage MUST NOT include keyEncipherment or it MUST be critical, and keyUsage MUST NOT include keyEncipherment or
keyAgreement (see [PROFILE], section 4.2.1.3). Application SHOULD be keyAgreement (see [PROFILE], section 4.2.1.3). Application SHOULD be
submited for examination by an authorized agency in appropriate submited for examination by an authorized agency in appropriate
levels of target_of_evaluation (TOE), according to [RFDSL], [RFLLIC] levels of target_of_evaluation (TOE), according to [RFDSL], [RFLLIC]
and [CRYPTOLIC]. and [CRYPTOLIC].
9 Appendix Examples 9. Appendix Examples
Examples here are stored in the same format as the examples in [RFC Examples here are stored in the same format as the examples in [RFC
4134], and can be extracted using the same program. 4134], and can be extracted using the same program.
If you want to extract without the program, copy all the lines If you want to extract without the program, copy all the lines
between the "|>" and "|<" markers, remove any page breaks, and remove between the "|>" and "|<" markers, remove any page breaks, and remove
the "|" in the first column of each line. The result is a valid the "|" in the first column of each line. The result is a valid
Base64 blob that can be processed by any Base64 decoder. Base64 blob that can be processed by any Base64 decoder.
9.1 Signed message 9.1. Signed message
This message is signed using the sample certificate from section 4.2 This message is signed using the sample certificate from section 4.2
of [CPPK]. The public key (x,y) from the same section can be used to of [CPPK]. The public key (x,y) from the same section can be used to
verify the message signature. verify the message signature.
0 296: SEQUENCE { 0 296: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData 4 9: OBJECT IDENTIFIER signedData
15 281: [0] { 15 281: [0] {
19 277: SEQUENCE { 19 277: SEQUENCE {
23 1: INTEGER 1 23 1: INTEGER 1
skipping to change at page 13, line 44 skipping to change at page 13, line 46
|>GostR3410-2001-signed.bin |>GostR3410-2001-signed.bin
|MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG |MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
|9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv |9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
|c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE |c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
|BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t |BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
|AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ |AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
|P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl |P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
|xlHbjbL0jHF+7XKp |xlHbjbL0jHF+7XKp
|<GostR3410-2001-signed.bin |<GostR3410-2001-signed.bin
9.2 Enveloped message using Key Agreement 9.2. Enveloped message using Key Agreement
This message is encrypted using the sample certificate from section This message is encrypted using the sample certificate from section
4.2 of [CPPK] as a recipient certificate. The private key 'd' from 4.2 of [CPPK] as a recipient certificate. The private key 'd' from
the same section can be used to decrypt this message. the same section can be used to decrypt this message.
0 420: SEQUENCE { 0 420: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData 4 9: OBJECT IDENTIFIER envelopedData
15 405: [0] { 15 405: [0] {
19 401: SEQUENCE { 19 401: SEQUENCE {
23 1: INTEGER 2 23 1: INTEGER 2
skipping to change at page 16, line 19 skipping to change at page 16, line 21
|AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm |AgITMBIGByqFAwICJAAGByqFAwICHgEDQwAEQLNVOfRngZcrpcTZhB8n+4HtCDLm
|mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI |mtTyAHi4/4Nk6tIdsHg8ff4DwfQG5DvMFrnF9vYZNxwXuKCqx9GhlLOlNiChCgQI
|L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB |L/D20YZLMoowHgYGKoUDAgJgMBQGByqFAwICDQAwCQYHKoUDAgIfATCBszCBsDCB
|gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD |gTBtMR8wHQYDVQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlD
|cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt |cnlwdG9Qcm8xCzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAt
|MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN |MjAwMUBleGFtcGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuIQQqMCgEIBajHOfOTukN
|8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq |8ex0aQRoHsefOu24Ox8dSn75pdnLGdXoBAST/YZ+MDgGCSqGSIb3DQEHATAdBgYq
|hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ== |hQMCAhUwEwQItzXhegc1oh0GByqFAwICHwGADDmxivS/qeJlJbZVyQ==
|<GostR3410-2001-keyagree.bin |<GostR3410-2001-keyagree.bin
9.3 Enveloped message using Key Transport 9.3. Enveloped message using Key Transport
This message is encrypted using the sample certificate from section This message is encrypted using the sample certificate from section
4.2 of [CPPK] as a recipient certificate. The private key 'd' from 4.2 of [CPPK] as a recipient certificate. The private key 'd' from
the same section can be used to decrypt this message. the same section can be used to decrypt this message.
0 423: SEQUENCE { 0 423: SEQUENCE {
4 9: OBJECT IDENTIFIER envelopedData 4 9: OBJECT IDENTIFIER envelopedData
15 408: [0] { 15 408: [0] {
19 404: SEQUENCE { 19 404: SEQUENCE {
23 1: INTEGER 0 23 1: INTEGER 0
skipping to change at page 18, line 40 skipping to change at page 18, line 42
|VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x |VQQDDBZHb3N0UjM0MTAtMjAwMSBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8x
|CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt |CzAJBgNVBAYTAlJVMSkwJwYJKoZIhvcNAQkBFhpHb3N0UjM0MTAtMjAwMUBleGFt
|cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH |cGxlLmNvbQIQK/XGHsIRvRfH3NRiZrQuITAcBgYqhQMCAhMwEgYHKoUDAgIkAAYH
|KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5 |KoUDAgIeAQSBpzCBpDAoBCBqL6ghBpVon5/kR6qey2EVK35BYLxdjfv1PSgbGJr5
|dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC |dQQENm2Yt6B4BgcqhQMCAh8BoGMwHAYGKoUDAgITMBIGByqFAwICJAAGByqFAwIC
|HgEDQwEEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd |HgEDQwEEQE0rLzOQ5tyj3VUqzd/g7/sx93N+Tv+/eImKK8PNMZQESw5gSJYf28dd
|Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd |Em/askCKd7W96vLsNMsjn5uL3Z4SwPYECJeV4ywrrSsMMDgGCSqGSIb3DQEHATAd
|BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw== |BgYqhQMCAhUwEwQIvBCLHwv/NCkGByqFAwICHwGADKqOch3uT7Mu4w+hNw==
|<GostR3410-2001-keytrans.bin |<GostR3410-2001-keytrans.bin
10 Appendix ASN.1 Modules 10. Appendix ASN.1 Modules
Additional ASN.1 modules, referenced here, can be found in [CPALGS]. Additional ASN.1 modules, referenced here, can be found in [CPALGS].
10.1 GostR3410-EncryptionSyntax 10.1. GostR3410-EncryptionSyntax
GostR3410-EncryptionSyntax GostR3410-EncryptionSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 } other(1) modules(1) gostR3410-EncryptionSyntax(5) 2 }
DEFINITIONS ::= DEFINITIONS ::=
BEGIN BEGIN
-- EXPORTS All -- -- EXPORTS All --
-- The types and values defined in this module are exported for -- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian -- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use -- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian -- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for -- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and -- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian -- modifications needed to maintain or improve the Russian
-- Cryptography service. -- Cryptography service.
IMPORTS IMPORTS
id-CryptoPro-algorithms, id-CryptoPro-algorithms,
skipping to change at page 20, line 43 skipping to change at page 20, line 45
} }
GostR3410-TransportParameters ::= GostR3410-TransportParameters ::=
SEQUENCE { SEQUENCE {
encryptionParamSet Gost28147-89-ParamSet, encryptionParamSet Gost28147-89-ParamSet,
ephemeralPublicKey [0] ephemeralPublicKey [0]
IMPLICIT SubjectPublicKeyInfo OPTIONAL, IMPLICIT SubjectPublicKeyInfo OPTIONAL,
ukm OCTET STRING ( SIZE(8) ) ukm OCTET STRING ( SIZE(8) )
} }
END -- GostR3410-EncryptionSyntax END -- GostR3410-EncryptionSyntax
10.2 GostR3410-94-SignatureSyntax 10.2. GostR3410-94-SignatureSyntax
GostR3410-94-SignatureSyntax GostR3410-94-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 } other(1) modules(1) gostR3410-94-SignatureSyntax(3) 1 }
DEFINITIONS ::= DEFINITIONS ::=
BEGIN BEGIN
-- EXPORTS All -- -- EXPORTS All --
-- The types and values defined in this module are exported for -- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian -- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use -- Cryptography "GOST" & "GOST R" Specifications, and for the use
-- of other applications which will use them to access Russian -- of other applications which will use them to access Russian
-- Cryptography services. Other applications may use them for -- Cryptography services. Other applications may use them for
-- their own purposes, but this will not constrain extensions and -- their own purposes, but this will not constrain extensions and
-- modifications needed to maintain or improve the Russian -- modifications needed to maintain or improve the Russian
-- Cryptography service. -- Cryptography service.
IMPORTS IMPORTS
gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER, gostR3410-94-PKISyntax, ALGORITHM-IDENTIFIER,
cryptographic-Gost-Useful-Definitions cryptographic-Gost-Useful-Definitions
skipping to change at page 21, line 35 skipping to change at page 21, line 37
GostR3410-94-Signature ::= GostR3410-94-Signature ::=
OCTET STRING (SIZE (64)) OCTET STRING (SIZE (64))
-- GOST R 34.10-94 signature algorithm & parameters -- GOST R 34.10-94 signature algorithm & parameters
GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= { GostR3410-94-CMSSignatureAlgorithms ALGORITHM-IDENTIFIER ::= {
{ GostR3410-94-PublicKeyParameters IDENTIFIED BY { GostR3410-94-PublicKeyParameters IDENTIFIED BY
id-GostR3410-94 } id-GostR3410-94 }
} }
END -- GostR3410-94-SignatureSyntax END -- GostR3410-94-SignatureSyntax
10.3 GostR3410-2001-SignatureSyntax 10.3. GostR3410-2001-SignatureSyntax
GostR3410-2001-SignatureSyntax GostR3410-2001-SignatureSyntax
{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) { iso(1) member-body(2) ru(643) rans(2) cryptopro(2)
other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 } other(1) modules(1) gostR3410-2001-SignatureSyntax(10) 1 }
DEFINITIONS ::= DEFINITIONS ::=
BEGIN BEGIN
-- EXPORTS All -- -- EXPORTS All --
-- The types and values defined in this module are exported for -- The types and values defined in this module are exported for
-- use in the other ASN.1 modules contained within the Russian -- use in the other ASN.1 modules contained within the Russian
-- Cryptography "GOST" & "GOST R" Specifications, and for the use -- Cryptography "GOST" & "GOST R" Specifications, and for the use
skipping to change at page 22, line 25 skipping to change at page 22, line 28
GostR3410-2001-Signature ::= GostR3410-2001-Signature ::=
OCTET STRING (SIZE (64)) OCTET STRING (SIZE (64))
-- GOST R 34.10-2001 signature algorithms and parameters -- GOST R 34.10-2001 signature algorithms and parameters
GostR3410-2001-CMSSignatureAlgorithms GostR3410-2001-CMSSignatureAlgorithms
ALGORITHM-IDENTIFIER ::= { ALGORITHM-IDENTIFIER ::= {
{ GostR3410-2001-PublicKeyParameters IDENTIFIED BY { GostR3410-2001-PublicKeyParameters IDENTIFIED BY
id-GostR3410-2001 } id-GostR3410-2001 }
} }
END -- GostR3410-2001-SignatureSyntax END -- GostR3410-2001-SignatureSyntax
11 References 11. Acknowledgments
Normative references: This document was created in accordance with "Russian Cryptographic
Software Compatibility Agreement", signed by FGUE STC "Atlas",
CRYPTO-PRO, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual
compatibility of the products and solutions.
[CPALGS] V. Popov, I. Kurepkin, S. Leontiev, "Additional crypto- The authors wish to thank:
graphic algorithms for use with GOST 28147-89, GOST R
34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 algo- Microsoft Corporation Russia for providing information about
rithms.", September 2005, draft-popov-cryptopro- company products and solutions, and also for technical consulting
cpalgs-04.txt in PKI.
RSA Security Russia and Demos Co Ltd for active collaboration and
critical help in creation of this document.
Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for encouraging the
authors to create this document.
12. References
12.1. Normative references:
[CPALGS] V. Popov, I. Kurepkin, S. Leontiev, "Additional Crypto-
graphic Algorithms for Use with GOST 28147-89, GOST R
34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 Algo-
rithms.", RFC 4357, January 2006.
[CPPK] S. Leontiev, D. Shefanovskij, "Algorithms and Identi- [CPPK] S. Leontiev, D. Shefanovskij, "Algorithms and Identi-
fiers for the Internet X.509 Public Key Infrastructure fiers for the Internet X.509 Public Key Infrastructure
Certificates and Certificate Revocation List (CRL), Certificates and Certificate Revocation List (CRL),
corresponding to the algorithms GOST R 34.10-94, GOST R corresponding to the algorithms GOST R 34.10-94, GOST R
34.10-2001, GOST R 34.11-94", September 2005, draft- 34.10-2001, GOST R 34.11-94", January 2006, draft-ietf-
ietf-pkix-gost-cppk-03.txt pkix-gost-cppk-05.txt
[GOST28147] "Cryptographic Protection for Data Processing System", [GOST28147] "Cryptographic Protection for Data Processing System",
GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov- GOST 28147-89, Gosudarstvennyi Standard of USSR, Gov-
ernment Committee of the USSR for Standards, 1989. (In ernment Committee of the USSR for Standards, 1989. (In
Russian); Russian)
[GOSTR341094] "Information technology. Cryptographic Data Security. [GOSTR341094] "Information technology. Cryptographic Data Security.
Produce and check procedures of Electronic Digital Sig- Produce and check procedures of Electronic Digital Sig-
natures based on Asymmetric Cryptographic Algorithm.", natures based on Asymmetric Cryptographic Algorithm.",
GOST R 34.10-94, Gosudarstvennyi Standard of Russian GOST R 34.10-94, Gosudarstvennyi Standard of Russian
Federation, Government Committee of the Russia for Federation, Government Committee of the Russia for
Standards, 1994. (In Russian); Standards, 1994. (In Russian)
[GOSTR341001] "Information technology. Cryptographic data security. [GOSTR341001] "Information technology. Cryptographic data security.
Signature and verification processes of [electronic] Signature and verification processes of [electronic]
digital signature.", GOST R 34.10-2001, Gosudarstvennyi digital signature.", GOST R 34.10-2001, Gosudarstvennyi
Standard of Russian Federation, Government Committee of Standard of Russian Federation, Government Committee of
the Russia for Standards, 2001. (In Russian); the Russia for Standards, 2001. (In Russian)
[GOSTR341194] "Information technology. Cryptographic Data Security. [GOSTR341194] "Information technology. Cryptographic Data Security.
Hashing function.", GOST R 34.10-94, Gosudarstvennyi Hashing function.", GOST R 34.10-94, Gosudarstvennyi
Standard of Russian Federation, Government Committee of Standard of Russian Federation, Government Committee of
the Russia for Standards, 1994. (In Russian); the Russia for Standards, 1994. (In Russian)
[CMS] R. Housley, "Cryptographic Message Syntax", RFC 3369, [CMS] R. Housley, "Cryptographic Message Syntax", RFC 3369,
August 2002 August 2002.
[PROFILE] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet [PROFILE] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet
X.509 Public Key Infrastructure: Certificate and CRL X.509 Public Key Infrastructure: Certificate and CRL
Profile", RFC 3280, April 2002. Profile", RFC 3280, April 2002.
[RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Exten- [RFC 3851] B. Ramsdell, "Secure/Multipurpose Internet Mail Exten-
sions (S/MIME) Version 3.1 Message Specification", RFC sions (S/MIME) Version 3.1 Message Specification", RFC
3851. July 2004 3851. July 2004.
[X.208-88] CCITT. Recommendation X.208: Specification of Abstract [X.208-88] CCITT. Recommendation X.208: Specification of Abstract
Syntax Notation One (ASN.1). 1988. Syntax Notation One (ASN.1). 1988.
[X.209-88] CCITT. Recommendation X.209: Specification of Basic [X.209-88] CCITT. Recommendation X.209: Specification of Basic
Encoding Rules for Abstract Syntax Notation One Encoding Rules for Abstract Syntax Notation One
(ASN.1). 1988. (ASN.1). 1988.
Informative references: 12.2. Informative references:
[RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indi- [RFC 2119] Bradner, S., "Key Words for Use in RFCs to Indi-
cateRequirement Levels", BCP 14, RFC 2119, March 1997. cateRequirement Levels", BCP 14, RFC 2119, March 1997.
[Schneier95] B. Schneier, Applied cryptography, second edition, [Schneier95] B. Schneier, Applied cryptography, second edition,
John Wiley & Sons, Inc., 1995; John Wiley & Sons, Inc., 1995.
[RFDSL] "Russian Federal Digital Signature Law", 10 Jan 2002 [RFDSL] "Russian Federal Digital Signature Law", 10 Jan 2002 N
N1-FZ 1-FZ.
[RFLLIC] "Russian Federal Law on Licensing of Selected Activity [RFLLIC] "Russian Federal Law on Licensing of Selected Activity
Categories", 08 Aug 2001 N 128-FZ Categories", 08 Aug 2001 N 128-FZ.
[CRYPTOLIC] "Russian Federal Goverment Regulation on Licensing of [CRYPTOLIC] "Russian Federal Goverment Regulation on Licensing of
Selected Activity Categories in Cryptography Area", 23 Selected Activity Categories in Cryptography Area", 23
Sep 2002 N 691 Sep 2002 N 691.
Acknowledgments
This document was created in accordance with "Russian Cryptographic
Software Compatibility Agreement", signed by FGUE STC "Atlas",
CRYPTO-PRO, Factor-TS, MD PREI, Infotecs GmbH, SPRCIS (SPbRCZI),
Cryptocom, R-Alpha. The aim of this agreement is to achieve mutual
compatibility of the products and solutions.
The authors wish to thank:
Microsoft Corporation Russia for provided information about
company products and solutions, and also for technical consulting
in PKI.
RSA Security Russia and Demos Co Ltd for active collaboration and
critical help in creation of this document.
Russ Hously (Vigil Security, LLC, housley@vigilsec.com) and
Vasilij Sakharov (DEMOS Co Ltd, svp@dol.ru) for initiative,
creating this document.
Author's Addresses Contact Information
Serguei Leontiev Serguei Leontiev
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: lse@cryptopro.ru EMail: lse@cryptopro.ru
Vladimir Popov Gregory Chudov
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: vpopov@cryptopro.ru
Gregory Chudov EMail: chudov@cryptopro.ru
Vladimir Popov
CRYPTO-PRO CRYPTO-PRO
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: chudov@cryptopro.ru
EMail: vpopov@cryptopro.ru
Alexandr Afanasiev Alexandr Afanasiev
Factor-TS Factor-TS
office 711, 14, Presnenskij val, office 711, 14, Presnenskij val,
Moscow, 123557, Russian Federation Moscow, 123557, Russian Federation
EMail: afa1@factor-ts.ru EMail: afa1@factor-ts.ru
Nikolaj Nikishin Nikolaj Nikishin
Infotecs GmbH Infotecs GmbH
p/b 35, 80-5, Leningradskij prospekt, p/b 35, 80-5, Leningradskij prospekt,
Moscow, 125315, Russian Federation Moscow, 125315, Russian Federation
EMail: nikishin@infotecs.ru EMail: nikishin@infotecs.ru
Boleslav Izotov Boleslav Izotov
FGUE STC "Atlas" FGUE STC "Atlas"
38, Obraztsova, 38, Obraztsova,
Moscow, 127018, Russian Federation Moscow, 127018, Russian Federation
EMail: izotov@nii.voskhod.ru EMail: izotov@nii.voskhod.ru
Elena Minaeva Elena Minaeva
MD PREI MD PREI
build 3, 6A, Vtoroj Troitskij per., build 3, 6A, Vtoroj Troitskij per.,
Moscow, Russian Federation Moscow, Russian Federation
EMail: evminaeva@mail.ru EMail: evminaeva@mail.ru
Igor Ovcharenko
MD PREI
Office 600, 14, B.Novodmitrovskaya,
Moscow, Russian Federation
EMail: igori@mo.msk.ru
Serguei Murugov Serguei Murugov
R-Alpha R-Alpha
4/1, Raspletina, 4/1, Raspletina,
Moscow, 123060, Russian Federation Moscow, 123060, Russian Federation
EMail: msm@top-cross.ru
EMail: msm@top-cross.ru
Igor Ustinov Igor Ustinov
Cryptocom Cryptocom
office 239, 51, Leninskij prospekt, office 239, 51, Leninskij prospekt,
Moscow, 119991, Russian Federation Moscow, 119991, Russian Federation
EMail: igus@cryptocom.ru EMail: igus@cryptocom.ru
Anatolij Erkin Anatolij Erkin
SPRCIS (SPbRCZI) SPRCIS (SPbRCZI)
1, Obrucheva, 1, Obrucheva,
St.Petersburg, 195220, Russian Federation St.Petersburg, 195220, Russian Federation
EMail: erkin@nevsky.net EMail: erkin@nevsky.net
Disclaimer of Validity Disclaimer of Validity
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
skipping to change at page 26, line 8 skipping to change at page 26, line 30
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights. except as set forth therein, the authors retain all their rights.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the ISOC's procedures with respect to rights in ISOC Documents can
be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 79 change blocks. 
125 lines changed or deleted 171 lines changed or added

This html diff was produced by rfcdiff 1.28, available from http://www.levkowetz.com/ietf/tools/rfcdiff/