Network Working Group                                           M. Blaze
Request for Comments: 2792                                  J. Ioannidis
Category: Informational                             AT&T Labs - Research
                                                            A. Keromytis
                                                      U. of Pennsylvania
                                                              March 2000
        
Network Working Group                                           M. Blaze
Request for Comments: 2792                                  J. Ioannidis
Category: Informational                             AT&T Labs - Research
                                                            A. Keromytis
                                                      U. of Pennsylvania
                                                              March 2000
        

DSA and RSA Key and Signature Encoding for the KeyNote Trust Management System

KeyNote信任管理系统的DSA和RSA密钥和签名编码

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2000). All Rights Reserved.

版权所有(C)互联网协会(2000年)。版权所有。

Abstract

摘要

This memo describes RSA and DSA key and signature encoding, and binary key encoding for version 2 of the KeyNote trust-management system.

本备忘录介绍了KeyNote信任管理系统版本2的RSA和DSA密钥和签名编码以及二进制密钥编码。

1. Introduction
1. 介绍

KeyNote is a simple and flexible trust-management system designed to work well for a variety of large- and small-scale Internet-based applications. It provides a single, unified language for both local policies and credentials. KeyNote policies and credentials, called `assertions', contain predicates that describe the trusted actions permitted by the holders of specific public keys. KeyNote assertions are essentially small, highly-structured programs. A signed assertion, which can be sent over an untrusted network, is also called a `credential assertion'. Credential assertions, which also serve the role of certificates, have the same syntax as policy assertions but are also signed by the principal delegating the trust. For more details on KeyNote, see [BFIK99]. This document assumes reader familiarity with the KeyNote system.

KeyNote是一个简单灵活的信任管理系统,设计用于各种大型和小型基于Internet的应用程序。它为本地策略和凭据提供了一种统一的语言。KeyNote策略和凭据(称为“断言”)包含描述特定公钥持有者允许的可信操作的谓词。基调断言本质上是小型的、高度结构化的程序。可以通过不受信任的网络发送的签名断言也称为“凭证断言”。凭证断言也充当证书的角色,其语法与策略断言相同,但也由委托信任的主体签名。有关KeyNote的更多详细信息,请参见[BFIK99]。本文档假定读者熟悉注释记号系统。

Cryptographic keys may be used in KeyNote to identify principals. To facilitate interoperation between different implementations and to allow for maximal flexibility, keys must be converted to a normalized canonical form (depended on the public key algorithm used) for the purposes of any internal comparisons between keys. For example, an

可以在KeyNote中使用加密密钥来标识主体。为了促进不同实现之间的互操作并允许最大的灵活性,必须将密钥转换为规范化规范形式(取决于所使用的公钥算法),以便在密钥之间进行任何内部比较。例如,一个

RSA [RSA78] key may be encoded in base64 ASCII in one credential, and in hexadecimal ASCII in another. A KeyNote implementation must internally convert the two encodings to a normalized form that allows for comparison between them. Furthermore, the internal structure of an encoded key must be known for an implementation to correctly decode it.

RSA[RSA78]密钥可以在一个凭证中以base64 ASCII编码,在另一个凭证中以十六进制ASCII编码。注释记号实现必须在内部将这两种编码转换为规范化形式,以便在它们之间进行比较。此外,编码密钥的内部结构必须是已知的,以便实现对其进行正确解码。

In some applications, other types of values, such as a passphrase or a random nonce, may be used as principal identifiers. When these identifiers contain characters that may not appear in a string (as defined in [BFIK99]), a simple ASCII encoding is necessary to allow their use inside KeyNote assertions. Note that if the identifier only contains characters that can appear in a string, it may be used as-is. Naturally, such identifiers may not be used to sign an assertion, and thus no related signature encoding is defined.

在一些应用中,其他类型的值,例如密码短语或随机nonce,可以用作主要标识符。当这些标识符包含可能不会出现在字符串中的字符(如[BFIK99]中所定义)时,需要使用简单的ASCII编码,以便在注释记号断言中使用这些字符。请注意,如果标识符仅包含可以出现在字符串中的字符,则可以按原样使用。当然,这些标识符不能用于对断言进行签名,因此没有定义相关的签名编码。

This document specifies RSA and DSA [DSA94] key and signature encodings, and binary key encodings for use in KeyNote.

本文档指定了在KeyNote中使用的RSA和DSA[DSA94]密钥和签名编码以及二进制密钥编码。

2. Key Normalized Forms
2. 键规范化形式
2.1 DSA Key Normalized Form
2.1 DSA密钥规范化表单

DSA keys in KeyNote are identified by four values:

注释记号中的DSA键由四个值标识:

- the public value, y - the p parameter - the q parameter - the g parameter

- 公共值,y-p参数-q参数-g参数

Where the y, p, q, and g are the DSA parameters corresponding to the notation of [Sch96]. These four values together make up the DSA key normalized form used in KeyNote. All DSA key comparisons in KeyNote occur between normalized forms.

其中,y、p、q和g是对应于[Sch96]符号的DSA参数。这四个值共同构成注释记号中使用的DSA键规范化形式。注释记号中的所有DSA键比较都发生在规范化窗体之间。

2.2 RSA Key Normalized Form
2.2 RSA密钥规范化形式

RSA keys in KeyNote are identified by two values:

KeyNote中的RSA密钥由两个值标识:

- the public exponent - the modulus

- 公众指数-模数

These two values together make up the RSA key normalized form used in KeyNote. All RSA key comparisons in KeyNote occur between normalized forms.

这两个值一起构成了KeyNote中使用的RSA密钥规范化形式。KeyNote中的所有RSA密钥比较都发生在规范化表单之间。

2.3 Binary Identifier Normalized Form
2.3 二进制标识符规范化形式

The normalized form of a Binary Identifier is the binary identifier's data. Thus, Binary Identifier comparisons are essentially binary-string comparisons of the Identifier values.

二进制标识符的规范化形式是二进制标识符的数据。因此,二进制标识符比较本质上是标识符值的二进制字符串比较。

3. Key Encoding
3. 密钥编码
3.1 DSA Key Encoding
3.1 DSA密钥编码

DSA keys in KeyNote are encoded as an ASN1 SEQUENCE of four ASN1 INTEGER objects. The four INTEGER objects are the public value and the p, q, and g parameters of the DSA key, in that order.

KeyNote中的DSA键编码为四个ASN1整数对象的ASN1序列。四个整数对象是公共值以及DSA密钥的p、q和g参数,按该顺序排列。

For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-encoded (e.g., as a string of hex digits or base64 characters).

为了在注释记号凭证中使用,ASN1序列随后被ASCII编码(例如,作为十六进制数字或base64字符的字符串)。

DSA keys encoded in this way in KeyNote must be identified by the "dsa-XXX:" algorithm name, where XXX is an ASCII encoding ("hex" or "base64"). Other ASCII encoding schemes may be defined in the future.

在KeyNote中以这种方式编码的DSA密钥必须由“DSA XXX:”算法名称标识,其中XXX是ASCII编码(“十六进制”或“base64”)。将来可能会定义其他ASCII编码方案。

3.2 RSA Key Encoding
3.2 RSA密钥编码

RSA keys in KeyNote are encoded as an ASN1 SEQUENCE of two ASN1 INTEGER objects. The two INTEGER objects are the public exponent and the modulus of the DSA key, in that order.

KeyNote中的RSA密钥编码为两个ASN1整数对象的ASN1序列。这两个整数对象是DSA密钥的公共指数和模,按该顺序排列。

For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-encoded (e.g., as a string of hex digits or base64 characters).

为了在注释记号凭证中使用,ASN1序列随后被ASCII编码(例如,作为十六进制数字或base64字符的字符串)。

RSA keys encoded in this way in KeyNote must be identified by the "rsa-XXX:" algorithm name, where XXX is an ASCII encoding ("hex" or "base64"). Other ASCII encoding schemes may be defined in the future.

在KeyNote中以这种方式编码的RSA密钥必须由“RSA XXX:”算法名称标识,其中XXX是ASCII编码(“十六进制”或“base64”)。将来可能会定义其他ASCII编码方案。

3.3 Binary Identifier Encoding
3.3 二进制标识符编码

Binary Identifiers in KeyNote are assumed to have no internal encoding, and are treated as a sequence of binary digits. The Binary Identifiers are ASCII-encoded, similarly to RSA or DSA keys.

假定KeyNote中的二进制标识符没有内部编码,并将其视为二进制数字序列。二进制标识符是ASCII编码的,类似于RSA或DSA密钥。

Binary Identifiers encoded in this way in KeyNote must be identified by the "binary-XXX:" algorithm name, where XXX is an ASCII encoding ("hex" or "base64"). Other ASCII encoding schemes may be defined in the future.

在KeyNote中以这种方式编码的二进制标识符必须由“Binary XXX:”算法名称标识,其中XXX是ASCII编码(“十六进制”或“base64”)。将来可能会定义其他ASCII编码方案。

4. Signature Computation and Encoding
4. 签名计算与编码
4.1 DSA Signature Computation and Encoding
4.1 DSA签名计算与编码

DSA signatures in KeyNote are computed over the assertion body (starting from the beginning of the first keyword, up to and including the newline character immediately before the "Signature:" keyword) and the signature algorithm name (including the trailing colon character, e.g., "sig-dsa-sha1-base64:")

KeyNote中的DSA签名是在断言正文(从第一个关键字的开头开始,直到并包括紧靠“Signature:”关键字之前的换行符)和签名算法名称(包括尾随冒号字符,例如“sig-DSA-sha1-base64:”)上计算的

DSA signatures are then encoded as an ASN1 SEQUENCE of two ASN1 INTEGER objects. The two INTEGER objects are the r and s values of a DSA signature [Sch96], in that order.

然后将DSA签名编码为两个ASN1整数对象的ASN1序列。这两个整数对象是DSA签名[Sch96]的r和s值,按该顺序排列。

For use in KeyNote credentials, the ASN1 SEQUENCE is then ASCII-encoded (as a string of hex digits or base64 characters).

为了在注释记号凭证中使用,ASN1序列随后被ASCII编码(作为十六进制数字或base64字符的字符串)。

DSA signatures encoded in this way in KeyNote must be identified by the "sig-dsa-XXX-YYY:" algorithm name, where XXX is a hash function name ("sha1", for the SHA1 [SHA1-95] hash function is currently the only hash function that may be used with DSA) and YYY is an ASCII encoding ("hex" or "base64").

在KeyNote中以这种方式编码的DSA签名必须由“sig DSA XXX YYY:”算法名称标识,其中XXX是哈希函数名称(“sha1”,因为sha1[sha1-95]哈希函数是当前唯一可用于DSA的哈希函数),YYY是ASCII编码(“十六进制”或“base64”)。

4.2 RSA Signature Computation and Encoding
4.2 RSA签名计算与编码

RSA signatures in KeyNote are computed over the assertion body (starting from the beginning of the first keyword, up to and including the newline character immediately before the "Signature:" keyword) and the signature algorithm name (including the trailing colon character, e.g., "sig-rsa-sha1-base64:")

KeyNote中的RSA签名是通过断言体(从第一个关键字的开头开始,直到并包括紧靠“Signature:”关键字之前的换行符)和签名算法名称(包括尾随冒号字符,例如“sig-RSA-sha1-base64:”)计算的

RSA signatures are then encoded as an ASN1 OCTET STRING object, containing the signature value.

然后将RSA签名编码为ASN1八位字符串对象,其中包含签名值。

For use in KeyNote credentials, the ASN1 OCTET STRING is then ASCII-encoded (as a string of hex digits or base64 characters).

为了在注释记号凭据中使用,ASN1八位字节字符串随后被ASCII编码(作为十六进制数字或base64字符的字符串)。

RSA signatures encoded in this way in KeyNote must be identified by the "sig-rsa-XXX-YYY:" algorithm name, where XXX is a hash function name ("md5" or "sha1", for the MD5 [Riv92] and SHA1 [SHA1-95] hash algorithms respectively, may be used with RSA) and YYY is an ASCII encoding ("hex" or "base64").

在KeyNote中以这种方式编码的RSA签名必须由“sig RSA XXX YYY:”算法名称标识,其中XXX是散列函数名称(“md5”或“sha1”,对于md5[Riv92]和sha1[sha1-95]散列算法,可分别与RSA一起使用),YYY是ASCII编码(“十六进制”或“base64”)。

4.3 Binary Signature Computation and Encoding
4.3 二进制签名计算与编码

Binary Identifiers are unstructured sequences of binary digits, and are not associated with any cryptographic algorithm. Thus, they may not be used to validate an assertion.

二进制标识符是二进制数字的非结构化序列,与任何加密算法都没有关联。因此,它们可能不用于验证断言。

5. Security Considerations
5. 安全考虑

This document discusses the format of RSA and DSA keys and signatures and of Binary principal identifiers as used in KeyNote. The security of KeyNote credentials utilizing such keys and credentials is directly dependent on the strength of the related public key algorithms. On the security of KeyNote itself, see [BFIK99].

本文档讨论了KeyNote中使用的RSA和DSA密钥和签名以及二进制主要标识符的格式。使用此类密钥和凭据的KeyNote凭据的安全性直接取决于相关公钥算法的强度。关于KeyNote本身的安全性,请参见[BFIK99]。

6. IANA Considerations
6. IANA考虑

Per [BFIK99], IANA should provide a registry of reserved algorithm identifiers. The following identifiers are reserved by this document as public key and binary identifier encodings:

根据[BFIK99],IANA应提供保留算法标识符的注册表。本文档将以下标识符保留为公钥和二进制标识符编码:

- "rsa-hex" - "rsa-base64" - "dsa-hex" - "dsa-base64" - "binary-hex" - "binary-base64"

- “rsa十六进制”-“rsa-base64”-“dsa十六进制”-“dsa-base64”-“二进制十六进制”-“二进制base64”

The following identifiers are reserved by this document as signature encodings:

本文件保留以下标识符作为签名编码:

- "sig-rsa-md5-hex" - "sig-rsa-md5-base64" - "sig-rsa-sha1-hex" - "sig-rsa-sha1-base64" - "sig-dsa-sha1-hex" - "sig-dsa-sha1-base64"

- “sig-rsa-md5-hex”-“sig-rsa-md5-base64”-“sig-rsa-sha1-hex”-“sig-rsa-sha1-base64”-“sig-dsa-sha1-hex”-“sig-dsa-sha1-base64”

Note that the double quotes are not part of the algorithm identifiers.

请注意,双引号不是算法标识符的一部分。

7. Acknowledgments
7. 致谢

This work was sponsored by the DARPA Information Assurance and Survivability (IA&S) program, under BAA 98-34.

这项工作由DARPA信息保障和生存能力(IA&S)计划(BAA 98-34)赞助。

References

工具书类

[Sch96] Bruce Schneier, Applied Cryptography 2nd Edition, John Wiley & Sons, New York, NY, 1996.

[Sch96]Bruce Schneier,应用密码学第二版,John Wiley&Sons,纽约,纽约,1996年。

[BFIK99] Blaze, M., Feigenbaum, J., Ioannidis, J. and A. Keromytis, "The KeyNote Trust-Management System Version 2", RFC 2704, September 1999.

[BFIK99]Blaze,M.,Feigenbaum,J.,Ioannidis,J.和A.Keromytis,“KeyNote信托管理系统版本2”,RFC 27042099年9月。

[DSA94] NIST, FIPS PUB 186, "Digital Signature Standard", May 1994.

[DSA94]NIST,FIPS PUB 186,“数字签名标准”,1994年5月。

[Riv92] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[Riv92]Rivest,R.,“MD5消息摘要算法”,RFC 13211992年4月。

[RSA78] R. L. Rivest, A. Shamir, L. M. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, v21n2. pp 120-126, February 1978.

[RSA78]R.L.Rivest,A.Shamir,L.M.Adleman,“获取数字签名和公钥密码系统的方法”,ACM通信,v21n2。第120-126页,1978年2月。

   [SHA1-95] NIST, FIPS PUB 180-1, "Secure Hash Standard", April 1995.
             http://csrc.nist.gov/fips/fip180-1.txt (ascii)
             http://csrc.nist.gov/fips/fip180-1.ps  (postscript)
        
   [SHA1-95] NIST, FIPS PUB 180-1, "Secure Hash Standard", April 1995.
             http://csrc.nist.gov/fips/fip180-1.txt (ascii)
             http://csrc.nist.gov/fips/fip180-1.ps  (postscript)
        

Contacts

联络

Comments about this document should be discussed on the keynote-users@nsa.research.att.com mailing list.

关于本文件的评论应在主题演讲中讨论-users@nsa.research.att.com邮件列表。

Questions about this document can also be directed to the authors as a group at the keynote@research.att.com alias, or to the individual authors at:

关于本文件的问题也可以在keynote@research.att.com别名,或发送给个人作者,地址:

Matt Blaze AT&T Labs - Research 180 Park Avenue Florham Park, New Jersey 07932-0000

Matt Blaze AT&T实验室-新泽西州弗洛勒姆公园公园大道180号研究中心07932-0000

   EMail: mab@research.att.com
        
   EMail: mab@research.att.com
        

John Ioannidis AT&T Labs - Research 180 Park Avenue Florham Park, New Jersey 07932-0000

John Ioannidis AT&T实验室-新泽西州弗洛勒姆公园公园大道180号研究中心07932-0000

   EMail: ji@research.att.com
        
   EMail: ji@research.att.com
        

Angelos D. Keromytis Distributed Systems Lab CIS Department, University of Pennsylvania 200 S. 33rd Street Philadelphia, Pennsylvania 19104-6389

安杰洛斯D.克罗米特分布系统实验室CIS系,宾夕法尼亚大学200 S.第三十三街费城,宾夕法尼亚19104-638

   EMail: angelos@cis.upenn.edu
        
   EMail: angelos@cis.upenn.edu
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2000). All Rights Reserved.

版权所有(C)互联网协会(2000年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。