Network Working Group                                          S. Turner
Request for Comments: 5480                                          IECA
Updates: 3279                                                   D. Brown
Category: Standards Track                                       Certicom
                                                                  K. Yiu
                                                               Microsoft
                                                              R. Housley
                                                          Vigil Security
                                                                 T. Polk
                                                                    NIST
                                                              March 2009
        
Network Working Group                                          S. Turner
Request for Comments: 5480                                          IECA
Updates: 3279                                                   D. Brown
Category: Standards Track                                       Certicom
                                                                  K. Yiu
                                                               Microsoft
                                                              R. Housley
                                                          Vigil Security
                                                                 T. Polk
                                                                    NIST
                                                              March 2009
        

Elliptic Curve Cryptography Subject Public Key Information

基于公钥信息的椭圆曲线密码体制

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2009 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document.

本文件受BCP 78和IETF信托在本文件出版之日生效的与IETF文件有关的法律规定的约束(http://trustee.ietf.org/license-info). 请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。

Abstract

摘要

This document specifies the syntax and semantics for the Subject Public Key Information field in certificates that support Elliptic Curve Cryptography. This document updates Sections 2.3.5 and 5, and the ASN.1 module of "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279.

本文档指定了支持椭圆曲线加密的证书中主题公钥信息字段的语法和语义。本文件更新了RFC 3279第2.3.5节和第5节以及ASN.1模块“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件的算法和标识符”。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. Subject Public Key Information Fields ...........................3
      2.1. Elliptic Curve Cryptography Public Key Algorithm
           Identifiers ................................................3
      2.2. Subject Public Key .........................................7
   3. Key Usage Bits ..................................................7
   4. Security Considerations .........................................8
   5. ASN.1 Considerations ...........................................10
   6. IANA Considerations ............................................11
   7. Acknowledgments ................................................11
   8. References .....................................................11
      8.1. Normative References ......................................11
      8.2. Informative References ....................................12
   Appendix A. ASN.1 Module ..........................................13
        
   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. Subject Public Key Information Fields ...........................3
      2.1. Elliptic Curve Cryptography Public Key Algorithm
           Identifiers ................................................3
      2.2. Subject Public Key .........................................7
   3. Key Usage Bits ..................................................7
   4. Security Considerations .........................................8
   5. ASN.1 Considerations ...........................................10
   6. IANA Considerations ............................................11
   7. Acknowledgments ................................................11
   8. References .....................................................11
      8.1. Normative References ......................................11
      8.2. Informative References ....................................12
   Appendix A. ASN.1 Module ..........................................13
        
1. Introduction
1. 介绍

This document specifies the format of the subjectPublicKeyInfo field in X.509 certificates [PKI] that use Elliptic Curve Cryptography (ECC). It updates RFC 3279 [PKI-ALG]. This document specifies the encoding formats for public keys used with the following ECC algorithms:

本文档指定使用椭圆曲线加密(ECC)的X.509证书[PKI]中subjectPublicKeyInfo字段的格式。它更新了RFC3279[PKI-ALG]。本文件规定了与以下ECC算法一起使用的公钥的编码格式:

o Elliptic Curve Digital Signature Algorithm (ECDSA);

o 椭圆曲线数字签名算法;

o Elliptic Curve Diffie-Hellman (ECDH) family schemes; and

o 椭圆曲线Diffie-Hellman(ECDH)族格式;和

o Elliptic Curve Menezes-Qu-Vanstone (ECMQV) family schemes.

o 椭圆曲线Menezes-Qu-Vanstone(ECMQV)族格式。

Two methods for specifying the algorithms that can be used with the subjectPublicKey are defined. One method allows the key to be used with any ECC algorithm, while the other method restricts the usage of the key to specific algorithms. To promote interoperability, this document indicates which is required to implement for Certification Authorities (CAs) that implement ECC algorithms and relying parties that claim to process ECC algorithms.

定义了两种指定可与subjectPublicKey一起使用的算法的方法。一种方法允许密钥与任何ECC算法一起使用,而另一种方法将密钥的使用限制为特定算法。为了促进互操作性,本文档说明了实施ECC算法的认证机构(CA)和声称处理ECC算法的依赖方需要实施哪些互操作性。

The ASN.1 [X.680] module in this document includes ASN.1 for ECC algorithms. It also includes ASN.1 for non-ECC algorithms defined in [PKI-ALG] and [PKI-ADALG], even though the associated text is unaffected. By updating all of the ASN.1 from [PKI-ALG] in this document, implementers only need to use the module found in this document.

本文档中的ASN.1[X.680]模块包括用于ECC算法的ASN.1。它还包括[PKI-ALG]和[PKI-ADALG]中定义的非ECC算法的ASN.1,即使相关文本不受影响。通过更新本文档中[PKI-ALG]中的所有ASN.1,实现者只需使用本文档中的模块。

1.1. Terminology
1.1. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [MUSTSHOULD].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[必须”中的说明进行解释。

2. Subject Public Key Information Fields
2. 主题公钥信息字段

In the X.509 certificate, the subjectPublicKeyInfo field has the SubjectPublicKeyInfo type, which has the following ASN.1 syntax:

在X.509证书中,subjectPublicKeyInfo字段具有subjectPublicKeyInfo类型,该类型具有以下ASN.1语法:

     SubjectPublicKeyInfo  ::=  SEQUENCE  {
       algorithm         AlgorithmIdentifier,
       subjectPublicKey  BIT STRING
     }
        
     SubjectPublicKeyInfo  ::=  SEQUENCE  {
       algorithm         AlgorithmIdentifier,
       subjectPublicKey  BIT STRING
     }
        

The fields in SubjectPublicKeyInfo have the following meanings:

SubjectPublicKeyInfo中的字段具有以下含义:

o algorithm is the algorithm identifier and parameters for the ECC public key.

o algorithm是ECC公钥的算法标识符和参数。

o subjectPublicKey is the ECC public key. See Section 2.2.

o subjectPublicKey是ECC公钥。见第2.2节。

The AlgorithmIdentifier type, which is included for convenience [PKI], is defined as follows:

为方便[PKI]而包括的算法标识符类型定义如下:

      AlgorithmIdentifier  ::=  SEQUENCE  {
        algorithm   OBJECT IDENTIFIER,
        parameters  ANY DEFINED BY algorithm OPTIONAL
      }
        
      AlgorithmIdentifier  ::=  SEQUENCE  {
        algorithm   OBJECT IDENTIFIER,
        parameters  ANY DEFINED BY algorithm OPTIONAL
      }
        

The fields in AlgorithmIdentifier have the following meanings:

AlgorithmIdentifier中的字段具有以下含义:

o algorithm identifies the cryptographic algorithm with an object identifier. See Section 2.1.

o 算法使用对象标识符标识加密算法。见第2.1节。

o parameters, which are optional, are the associated parameters for the algorithm identifier in the algorithm field. See Section 2.1.1.

o 可选参数是算法字段中算法标识符的关联参数。见第2.1.1节。

2.1. Elliptic Curve Cryptography Public Key Algorithm Identifiers
2.1. 椭圆曲线密码体制公钥算法

The algorithm field in the SubjectPublicKeyInfo structure [PKI] indicates the algorithm and any associated parameters for the ECC public key (see Section 2.2). Three algorithm identifiers are defined in this document:

SubjectPublicKeyInfo结构[PKI]中的算法字段表示ECC公钥的算法和任何相关参数(参见第2.2节)。本文件中定义了三个算法标识符:

o id-ecPublicKey indicates that the algorithms that can be used with the subject public key are unrestricted. The key is only restricted by the values indicated in the key usage certificate extension (see Section 3). id-ecPublicKey MUST be supported. See Section 2.1.1. This value is also included in certificates when a public key is used with ECDSA.

o id ecPublicKey表示可与主题公钥一起使用的算法不受限制。密钥仅受密钥使用证书扩展中指示的值限制(请参阅第3节)。必须支持id ecPublicKey。见第2.1.1节。当公钥与ECDSA一起使用时,此值也包含在证书中。

o id-ecDH indicates that the algorithm that can be used with the subject public key is restricted to the Elliptic Curve Diffie-Hellman algorithm. See Section 2.1.2. id-ecDH MAY be supported.

o id ecDH表明可与主题公钥一起使用的算法仅限于椭圆曲线Diffie-Hellman算法。见第2.1.2节。可能支持id ecDH。

o id-ecMQV indicates that the algorithm that can be used with the subject public key is restricted to the Elliptic Curve Menezes-Qu-Vanstone key agreement algorithm. See Section 2.1.2. id-ecMQV MAY be supported.

o id ecMQV表示可与主题公钥一起使用的算法仅限于椭圆曲线Menezes-Qu-Vanstone密钥协商算法。见第2.1.2节。可能支持id ecMQV。

2.1.1. Unrestricted Algorithm Identifier and Parameters
2.1.1. 无限制算法标识符和参数

The "unrestricted" algorithm identifier is:

“无限制”算法标识符为:

     id-ecPublicKey OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
        
     id-ecPublicKey OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
        

The public key (ECPoint) syntax is described in Section 2.2.

第2.2节介绍了公钥(ECPoint)语法。

The parameter for id-ecPublicKey is as follows and MUST always be present:

id ecPublicKey的参数如下所示,并且必须始终存在:

     ECParameters ::= CHOICE {
       namedCurve         OBJECT IDENTIFIER
       -- implicitCurve   NULL
       -- specifiedCurve  SpecifiedECDomain
     }
       -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
       -- Details for SpecifiedECDomain can be found in [X9.62].
       -- Any future additions to this CHOICE should be coordinated
       -- with ANSI X9.
        
     ECParameters ::= CHOICE {
       namedCurve         OBJECT IDENTIFIER
       -- implicitCurve   NULL
       -- specifiedCurve  SpecifiedECDomain
     }
       -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
       -- Details for SpecifiedECDomain can be found in [X9.62].
       -- Any future additions to this CHOICE should be coordinated
       -- with ANSI X9.
        

The fields in ECParameters have the following meanings:

ECParameters中的字段具有以下含义:

o namedCurve identifies all the required values for a particular set of elliptic curve domain parameters to be represented by an object identifier. This choice MUST be supported. See Section 2.1.1.1.

o namedCurve标识由对象标识符表示的一组特定椭圆曲线域参数所需的所有值。必须支持这一选择。见第2.1.1.1节。

o implicitCurve allows the elliptic curve domain parameters to be inherited. This choice MUST NOT be used.

o 隐式曲线允许继承椭圆曲线域参数。不得使用此选项。

o specifiedCurve, which is of type SpecifiedECDomain type (defined in [X9.62]), allows all of the elliptic curve domain parameters to be explicitly specified. This choice MUST NOT be used. See Section 5, "ASN.1 Considerations".

o specifiedCurve属于SpecifiedeComain类型(在[X9.62]中定义),允许显式指定所有椭圆曲线域参数。不得使用此选项。见第5节“ASN.1注意事项”。

The addition of any new choices in ECParameters needs to be coordinated with ANSI X9.

ECParameters中任何新选项的添加都需要与ANSI X9协调。

The AlgorithmIdentifier within SubjectPublicKeyInfo is the only place within a certificate where the elliptic curve domain parameters may be located. If the elliptic curve domain parameters are not present, then clients MUST reject the certificate.

SubjectPublicKeyInfo中的算法标识符是证书中椭圆曲线域参数的唯一位置。如果椭圆曲线域参数不存在,则客户端必须拒绝证书。

2.1.1.1. Named Curve
2.1.1.1. 命名曲线

The namedCurve field in ECParameters uses object identifiers to name well-known curves. This document publishes curve identifiers for the fifteen NIST-recommended curves [FIPS186-3]. Other documents can publish other name curve identifiers. The NIST-named curves are:

ECParameters中的namedCurve字段使用对象标识符命名已知曲线。本文件发布了15条NIST推荐曲线的曲线标识符[FIPS186-3]。其他文档可以发布其他名称曲线标识符。NIST命名曲线为:

     -- Note that in [X9.62] the curves are referred to as 'ansiX9' as
     -- opposed to 'sec'.  For example, secp192r1 is the same curve as
     -- ansix9p192r1.
        
     -- Note that in [X9.62] the curves are referred to as 'ansiX9' as
     -- opposed to 'sec'.  For example, secp192r1 is the same curve as
     -- ansix9p192r1.
        
     -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
     -- prime192v1 and the secp256r1 curve was referred to as
     -- prime256v1.
        
     -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
     -- prime192v1 and the secp256r1 curve was referred to as
     -- prime256v1.
        
     -- Note that [FIPS186-3] refers to secp192r1 as P-192, secp224r1 as
     -- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
     -- P-521.
        
     -- Note that [FIPS186-3] refers to secp192r1 as P-192, secp224r1 as
     -- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
     -- P-521.
        
     secp192r1 OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
       prime(1) 1 }
        
     secp192r1 OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
       prime(1) 1 }
        
     sect163k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 1 }
        
     sect163k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 1 }
        
     sect163r2 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 15 }
        
     sect163r2 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 15 }
        
     secp224r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 33 }
        
     secp224r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 33 }
        
     sect233k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 26 }
        
     sect233k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 26 }
        
     sect233r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 27 }
        
     sect233r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 27 }
        
     secp256r1 OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
       prime(1) 7 }
        
     secp256r1 OBJECT IDENTIFIER ::= {
       iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
       prime(1) 7 }
        
     sect283k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 16 }
        
     sect283k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 16 }
        
     sect283r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 17 }
        
     sect283r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 17 }
        
     secp384r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 34 }
        
     secp384r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 34 }
        
     sect409k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 36 }
        
     sect409k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 36 }
        
     sect409r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 37 }
        
     sect409r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 37 }
        
     secp521r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 35 }
        
     secp521r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 35 }
        
     sect571k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 38 }
        
     sect571k1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 38 }
        
     sect571r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 39 }
        
     sect571r1 OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) curve(0) 39 }
        
2.1.2. Restricted Algorithm Identifiers and Parameters
2.1.2. 受限算法标识符和参数

Two "restricted" algorithms are defined for key agreement algorithms: the Elliptic Curve Diffie-Hellman (ECDH) key agreement family schemes and the Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement family schemes. Both algorithms are identified by an object identifier and have parameters. The object identifier varies based on the algorithm, but the parameters are always ECParameters and they MUST always be present (see Section 2.1.1).

为密钥协商算法定义了两种“受限”算法:椭圆曲线Diffie-Hellman(ECDH)密钥协商族方案和椭圆曲线Menezes-Qu-Vanstone(ECMQV)密钥协商族方案。这两种算法都由对象标识符标识并具有参数。对象标识符因算法而异,但参数始终为ECParameters,且必须始终存在(见第2.1.1节)。

The ECDH algorithm uses the following object identifier:

ECDH算法使用以下对象标识符:

     id-ecDH OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) schemes(1)
       ecdh(12) }
        
     id-ecDH OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) schemes(1)
       ecdh(12) }
        

The ECMQV algorithm uses the following object identifier:

ECMQV算法使用以下对象标识符:

     id-ecMQV OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) schemes(1)
       ecmqv(13) }
        
     id-ecMQV OBJECT IDENTIFIER ::= {
       iso(1) identified-organization(3) certicom(132) schemes(1)
       ecmqv(13) }
        
2.2. Subject Public Key
2.2. 主题公钥

The subjectPublicKey from SubjectPublicKeyInfo is the ECC public key. ECC public keys have the following syntax:

SubjectPublicKeyInfo中的subjectPublicKey是ECC公钥。ECC公钥具有以下语法:

     ECPoint ::= OCTET STRING
        
     ECPoint ::= OCTET STRING
        

Implementations of Elliptic Curve Cryptography according to this document MUST support the uncompressed form and MAY support the compressed form of the ECC public key. The hybrid form of the ECC public key from [X9.62] MUST NOT be used. As specified in [SEC1]:

根据本文档的椭圆曲线加密实现必须支持未压缩形式,并且可能支持ECC公钥的压缩形式。不得使用[X9.62]中的ECC公钥的混合形式。按照[SEC1]中的规定:

o The elliptic curve public key (a value of type ECPoint that is an OCTET STRING) is mapped to a subjectPublicKey (a value of type BIT STRING) as follows: the most significant bit of the OCTET STRING value becomes the most significant bit of the BIT STRING value, and so on; the least significant bit of the OCTET STRING becomes the least significant bit of the BIT STRING. Conversion routines are found in Sections 2.3.1 and 2.3.2 of [SEC1].

o 将椭圆曲线公钥(ECPoint类型的值,即八位字符串)映射到subjectPublicKey(BIT STRING类型的值),如下所示:八位字符串值的最高有效位成为位字符串值的最高有效位,依此类推;八位字节字符串的最低有效位成为位字符串的最低有效位。转换程序见[SEC1]第2.3.1节和第2.3.2节。

o The first octet of the OCTET STRING indicates whether the key is compressed or uncompressed. The uncompressed form is indicated by 0x04 and the compressed form is indicated by either 0x02 or 0x03 (see 2.3.3 in [SEC1]). The public key MUST be rejected if any other value is included in the first octet.

o 八位字节字符串的第一个八位字节表示密钥是压缩的还是未压缩的。未压缩表单由0x04表示,压缩表单由0x02或0x03表示(见[SEC1]中的2.3.3])。如果第一个八位字节中包含任何其他值,则必须拒绝公钥。

3. Key Usage Bits
3. 密钥使用位

If the keyUsage extension is present in a Certification Authority (CA) certificate that indicates id-ecPublicKey in SubjectPublicKeyInfo, then any combination of the following values MAY be present:

如果在SubjectPublicKeyInfo中指示id ecPublicKey的证书颁发机构(CA)证书中存在keyUsage扩展,则可能存在以下值的任意组合:

     digitalSignature;
     nonRepudiation;
     keyAgreement;
     keyCertSign; and
     cRLSign.
        
     digitalSignature;
     nonRepudiation;
     keyAgreement;
     keyCertSign; and
     cRLSign.
        

If the CA certificate keyUsage extension asserts keyAgreement, then it MAY assert either encipherOnly or decipherOnly. However, this specification RECOMMENDS that if keyCertSign or cRLSign is present, then keyAgreement, encipherOnly, and decipherOnly SHOULD NOT be present.

如果CA证书keyUsage扩展断言keyAgreement,那么它可以断言encipherOnly或decipherOnly。但是,本规范建议,如果存在keyCertSign或cRLSign,则不应存在keyAgreement、EncrypherOnly和DecrypherOnly。

If the keyUsage extension is present in an End Entity (EE) certificate that indicates id-ecPublicKey in SubjectPublicKeyInfo, then any combination of the following values MAY be present:

如果在SubjectPublicKeyInfo中指示id ecPublicKey的终端实体(EE)证书中存在keyUsage扩展,则可能存在以下值的任意组合:

digitalSignature; nonRepudiation; and keyAgreement.

数字签名;不否认;和关键协议。

If the EE certificate keyUsage extension asserts keyAgreement, then it MAY assert either encipherOnly or decipherOnly.

如果EE证书keyUsage扩展断言keyAgreement,那么它可以断言EncrypherOnly或DecrypherOnly。

If the keyUsage extension is present in a certificate that indicates id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following MUST be present:

如果在SubjectPublicKeyInfo中指示id ecDH或id ecMQV的证书中存在keyUsage扩展,则必须存在以下内容:

keyAgreement;

关键协议;

one of the following MAY be present:

可能出现以下情况之一:

encipherOnly; or decipherOnly.

仅加密;或者仅仅是破译。

If the keyUsage extension is present in a certificate that indicates id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following values MUST NOT be present:

如果在SubjectPublicKeyInfo中指示id ecDH或id ecMQV的证书中存在keyUsage扩展,则不得存在以下值:

     digitalSignature;
     nonRepudiation;
     keyTransport;
     keyCertSign; and
     cRLSign.
        
     digitalSignature;
     nonRepudiation;
     keyTransport;
     keyCertSign; and
     cRLSign.
        
4. Security Considerations
4. 安全考虑

The security considerations in [PKI-ALG] apply.

[PKI-ALG]中的安全注意事项适用。

When implementing ECC in X.509 Certificates and Certificate Revocation Lists (CRLs), there are three algorithm-related choices that need to be made for the signatureAlgorithm field in a Certificate or CertificateList:

在X.509证书和证书吊销列表(CRL)中实施ECC时,需要为证书或证书列表中的signatureAlgorithm字段做出三个与算法相关的选择:

1) What is the public key size?

1) 公钥的大小是多少?

2) What is the hash algorithm [FIPS180-3]?

2) 什么是散列算法[FIPS180-3]?

3) What is the curve?

3) 曲线是什么?

Consideration must be given by the CA to the strength of the security provided by each of these choices. Security is measured in bits, where a strong symmetric cipher with a key of X bits is said to provide X bits of security. It is recommended that the bits of security provided by each choice are roughly equivalent. The following table provides comparable minimum bits of security [SP800-57] for the ECDSA key sizes and message digest algorithms. It also lists curves (see Section 2.1.1.1) for the key sizes.

CA必须考虑每个选择提供的安全性的强度。安全性是以位来衡量的,其中密钥为X位的强对称密码可以提供X位的安全性。建议每个选项提供的安全位大致相等。下表提供了ECDSA密钥大小和消息摘要算法的可比最小安全位[SP800-57]。还列出了关键尺寸的曲线(见第2.1.1.1节)。

   Minimum  | ECDSA    | Message    | Curves
   Bits of  | Key Size | Digest     |
   Security |          | Algorithms |
   ---------+----------+------------+-----------
   80       | 160-223  | SHA-1      | sect163k1
            |          | SHA-224    | secp163r2
            |          | SHA-256    | secp192r1
            |          | SHA-384    |
            |          | SHA-512    |
   ---------+----------+------------+-----------
   112      | 224-255  | SHA-224    | secp224r1
            |          | SHA-256    | sect233k1
            |          | SHA-384    | sect233r1
            |          | SHA-512    |
   ---------+----------+------------+-----------
   128      | 256-383  | SHA-256    | secp256r1
            |          | SHA-384    | sect283k1
            |          | SHA-512    | sect283r1
   ---------+----------+------------+-----------
   192      | 384-511  | SHA-384    | secp384r1
            |          | SHA-512    | sect409k1
            |          |            | sect409r1
   ---------+----------+------------+-----------
   256      | 512+     | SHA-512    | secp521r1
            |          |            | sect571k1
            |          |            | sect571r1
   ---------+----------+------------+-----------
        
   Minimum  | ECDSA    | Message    | Curves
   Bits of  | Key Size | Digest     |
   Security |          | Algorithms |
   ---------+----------+------------+-----------
   80       | 160-223  | SHA-1      | sect163k1
            |          | SHA-224    | secp163r2
            |          | SHA-256    | secp192r1
            |          | SHA-384    |
            |          | SHA-512    |
   ---------+----------+------------+-----------
   112      | 224-255  | SHA-224    | secp224r1
            |          | SHA-256    | sect233k1
            |          | SHA-384    | sect233r1
            |          | SHA-512    |
   ---------+----------+------------+-----------
   128      | 256-383  | SHA-256    | secp256r1
            |          | SHA-384    | sect283k1
            |          | SHA-512    | sect283r1
   ---------+----------+------------+-----------
   192      | 384-511  | SHA-384    | secp384r1
            |          | SHA-512    | sect409k1
            |          |            | sect409r1
   ---------+----------+------------+-----------
   256      | 512+     | SHA-512    | secp521r1
            |          |            | sect571k1
            |          |            | sect571r1
   ---------+----------+------------+-----------
        

To promote interoperability, the following choices are RECOMMENDED:

为促进互操作性,建议选择以下选项:

   Minimum  | ECDSA    | Message    | Curves
   Bits of  | Key Size | Digest     |
   Security |          | Algorithms |
   ---------+----------+------------+-----------
   80       | 192      | SHA-256    | secp192r1
   ---------+----------+------------+-----------
   112      | 224      | SHA-256    | secp224r1
   ---------+----------+------------+-----------
   128      | 256      | SHA-256    | secp256r1
   ---------+----------+------------+-----------
   192      | 384      | SHA-384    | secp384r1
   ---------+----------+------------+-----------
   256      | 512      | SHA-512    | secp521r1
   ---------+----------+------------+-----------
        
   Minimum  | ECDSA    | Message    | Curves
   Bits of  | Key Size | Digest     |
   Security |          | Algorithms |
   ---------+----------+------------+-----------
   80       | 192      | SHA-256    | secp192r1
   ---------+----------+------------+-----------
   112      | 224      | SHA-256    | secp224r1
   ---------+----------+------------+-----------
   128      | 256      | SHA-256    | secp256r1
   ---------+----------+------------+-----------
   192      | 384      | SHA-384    | secp384r1
   ---------+----------+------------+-----------
   256      | 512      | SHA-512    | secp521r1
   ---------+----------+------------+-----------
        

Using a larger hash value and then truncating it consumes more processing power than is necessary. This is more important on constrained devices. Since the signer does not know the environment that the recipient will use to validate the signature, it is better to use a hash function that provides the desired hash value output size, and no more.

使用更大的散列值,然后将其截断,所消耗的处理能力超出了必要的范围。这在受约束的设备上更为重要。由于签名者不知道接收者将用于验证签名的环境,因此最好使用提供所需哈希值输出大小的哈希函数,仅此而已。

There are security risks with using keys not associated with well-known and widely reviewed curves. For example, the curve may not satisfy the Menezes-Okamoto-Vanstone (MOV) condition [X9.62] or the curve may be vulnerable to the Anomalous attack [X9.62]. Additionally, either a) all of the arithmetic properties of a candidate ECC public key must be validated to ensure that it has the unique correct representation in the correct (additive) subgroup (and therefore is also in the correct EC group) specified by the associated ECC domain parameters, or b) some of the arithmetic properties of a candidate ECC public key must be validated to ensure that it is in the correct group (but not necessarily the correct subgroup) specified by the associated ECC domain parameters [SP800-56A].

使用与众所周知和广泛审查的曲线无关的密钥存在安全风险。例如,曲线可能不满足Menezes Okamoto Vanstone(MOV)条件[X9.62],或者曲线可能容易受到异常攻击[X9.62]。此外,a)必须验证候选ECC公钥的所有算术属性,以确保其在相关ECC域参数指定的正确(相加)子组(因此也在正确的EC组)中具有唯一的正确表示,或b)必须验证候选ECC公钥的某些算术属性,以确保其位于相关ECC域参数[SP800-56A]指定的正确组(但不一定是正确的子组)中。

As noted in [PKI-ALG], the use of MD2 and MD5 for new applications is discouraged. It is still reasonable to use MD2 and MD5 to verify existing signatures.

如[PKI-ALG]所述,不鼓励在新应用程序中使用MD2和MD5。使用MD2和MD5来验证现有签名仍然是合理的。

5. ASN.1 Considerations
5. ASN.1注意事项

[X9.62] defines additional options for ECParameters and ECDSA-Sig-Value [PKI-ALG]. If an implementation needs to use these options, then use the [X9.62] ASN.1 module. This RFC contains a conformant subset of the ASN.1 module defined in [X9.62].

[X9.62] defines additional options for ECParameters and ECDSA-Sig-Value [PKI-ALG]. If an implementation needs to use these options, then use the [X9.62] ASN.1 module. This RFC contains a conformant subset of the ASN.1 module defined in [X9.62].translate error, please retry

If an implementation generates a PER [X.691] encoding using the ASN.1 module found in this specification, it might not achieve the same encoded output as one that uses the [X9.62] module. PER is not required by either the PKIX or S/MIME environments. If an implementation environment requires PER, then implementation concerns are less likely with the use of the [X9.62] module.

如果一个实现使用本规范中的ASN.1模块生成PER[X.691]编码,那么它可能无法获得与使用[X9.62]模块相同的编码输出。PKIX或S/MIME环境都不需要PER。如果实现环境需要PER,那么使用[X9.62]模块就不太可能出现实现问题。

6. IANA Considerations
6. IANA考虑

This document makes extensive use of object identifiers to register public key types, elliptic curves, and algorithms. Most are registered in the ANSI X9.62 arc, with the exception of the hash algorithms (which are in the NIST arc) and many of the curves (which are in the Certicom Inc. arc; these curves have been adopted by ANSI and NIST). Additionally, an object identifier is used to identify the ASN.1 module found in Appendix A. It is defined in an arc delegated by IANA to the PKIX Working Group. No further action by IANA is necessary for this document or any anticipated updates.

本文档广泛使用对象标识符来注册公钥类型、椭圆曲线和算法。除散列算法(在NIST arc中)和许多曲线(在Certicom Inc.arc中;这些曲线已被ANSI和NIST采用)外,大多数在ANSI X9.62 arc中注册。此外,对象标识符用于标识附录A中的ASN.1模块。它在IANA委托给PKIX工作组的arc中定义。IANA无需对本文件或任何预期更新采取进一步行动。

7. Acknowledgments
7. 致谢

The authors wish to thank Stephen Farrell, Alfred Hoenes, Johannes Merkle, Jim Schaad, and Carl Wallace for their valued input.

作者希望感谢斯蒂芬·法雷尔、阿尔弗雷德·霍恩斯、约翰·梅克尔、吉姆·沙德和卡尔·华莱士的宝贵意见。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[FIPS180-3] National Institute of Standards and Technology (NIST), FIPS Publication 180-3: Secure Hash Standard, October 2008.

[FIPS180-3]国家标准与技术研究所(NIST),FIPS出版物180-3:安全哈希标准,2008年10月。

[FIPS186-3] National Institute of Standards and Technology (NIST), FIPS Publication 186-3: Digital Signature Standard, (draft) November 2008.

[FIPS186-3]国家标准与技术研究所(NIST),FIPS出版物186-3:数字签名标准,(草案)2008年11月。

[MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[MUSTSHOULD]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[PKI] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008.

[PKI]Cooper,D.,Santesson,S.,Farrell,S.,Boeyen,S.,Housley,R.,和W.Polk,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 52802008年5月。

[PKI-ALG] Bassham, L., Polk, W., and R. Housley, "Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3279, April 2002.

[PKI-ALG]Bassham,L.,Polk,W.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件的算法和标识符”,RFC 3279,2002年4月。

[RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.

[RSAOAEP]Schaad,J.,Kaliski,B.,和R.Housley,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。

[SEC1] Standards for Efficient Cryptography Group (SECG), "SEC 1: Elliptic Curve Cryptography", Version 1.0, September 2000.

[SEC1]高效密码组(SECG)标准,“第1节:椭圆曲线密码术”,版本1.0,2000年9月。

[X9.62] American National Standards Institute (ANSI), ANS X9.62-2005: The Elliptic Curve Digital Signature Algorithm (ECDSA), 2005.

[X9.62]美国国家标准协会(ANSI),ANS X9.62-2005:椭圆曲线数字签名算法(ECDSA),2005年。

[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-1:2002. Information Technology - Abstract Syntax Notation One.

[X.680]ITU-T建议X.680(2002)| ISO/IEC 8824-1:2002。信息技术.抽象语法符号1。

8.2. Informative References
8.2. 资料性引用

[PKI-ADALG] Dang, Q., Santesson, S., Moriarty, K., Brown, D., and T. Polk, "Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA", Work in Progress, October 2008.

[PKI-ADALG]Dang,Q.,Santesson,S.,Moriarty,K.,Brown,D.,和T.Polk,“互联网X.509公钥基础设施:DSA和ECDSA的其他算法和标识符”,正在进行的工作,2008年10月。

[SP800-56A] National Institute of Standards and Technology (NIST), Special Publication 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), March 2007.

[SP800-56A]美国国家标准与技术研究所(NIST),特别出版物800-56A:使用离散对数加密的成对密钥建立方案的建议(修订版),2007年3月。

[SP800-57] National Institute of Standards and Technology (NIST), Special Publication 800-57: Recommendation for Key Management - Part 1 (Revised), March 2007.

[SP800-57]国家标准与技术研究所(NIST),特别出版物800-57:关键管理建议-第1部分(修订版),2007年3月。

[X.691] ITU-T Recommendation X.691 (2002) | ISO/IEC 8825-2:2002. Information Technology - ASN.1 Encoding Rules: Specification of Packed Encoding Rules.

[X.691]ITU-T建议X.691(2002)| ISO/IEC 8825-2:2002。信息技术.ASN.1编码规则:压缩编码规则规范。

Appendix A. ASN.1 Module
附录A.ASN.1模块
   PKIX1Algorithms2008 { iso(1) identified-organization(3) dod(6)
     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 45 }
        
   PKIX1Algorithms2008 { iso(1) identified-organization(3) dod(6)
     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 45 }
        
   DEFINITIONS EXPLICIT TAGS ::=
        
   DEFINITIONS EXPLICIT TAGS ::=
        

BEGIN

开始

-- EXPORTS ALL;

--全部出口;

IMPORTS

进口

-- From RFC 4055 [RSAOAEP]

--来自RFC 4055[RSOAEP]

   id-sha224, id-sha256, id-sha384, id-sha512
     FROM PKIX1-PSS-OAEP-Algorithms
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkix1-rsa-pkalgs(33) }
        
   id-sha224, id-sha256, id-sha384, id-sha512
     FROM PKIX1-PSS-OAEP-Algorithms
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkix1-rsa-pkalgs(33) }
        

;

;

-- -- Message Digest Algorithms --

----消息摘要算法--

   -- MD-2
   -- Parameters are NULL
        
   -- MD-2
   -- Parameters are NULL
        
   id-md2  OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
        
   id-md2  OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
        
   -- MD-5
   -- Parameters are NULL
        
   -- MD-5
   -- Parameters are NULL
        
   id-md5  OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)digestAlgorithm(2) 5 }
        
   id-md5  OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)digestAlgorithm(2) 5 }
        
   -- SHA-1
   -- Parameters are preferred absent
        
   -- SHA-1
   -- Parameters are preferred absent
        
   id-sha1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) oiw(14) secsig(3)
     algorithm(2) 26 }
        
   id-sha1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) oiw(14) secsig(3)
     algorithm(2) 26 }
        
   -- SHA-224
   -- Parameters are preferred absent
        
   -- SHA-224
   -- Parameters are preferred absent
        
   -- id-sha224 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 4 }
   -- SHA-256
   -- Parameters are preferred absent
        
   -- id-sha224 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 4 }
   -- SHA-256
   -- Parameters are preferred absent
        
   -- id-sha256 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 1 }
        
   -- id-sha256 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 1 }
        
   -- SHA-384
   -- Parameters are preferred absent
        
   -- SHA-384
   -- Parameters are preferred absent
        
   -- id-sha384 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 2 }
        
   -- id-sha384 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 2 }
        
   -- SHA-512
   -- Parameters are preferred absent
        
   -- SHA-512
   -- Parameters are preferred absent
        
   -- id-sha512 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 3 }
        
   -- id-sha512 OBJECT IDENTIFIER ::= {
   --   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
   --   csor(3) nistalgorithm(4) hashalgs(2) 3 }
        

-- -- Public Key (PK) Algorithms --

----公钥(PK)算法--

-- RSA PK Algorithm and Key

--RSA-PK算法及密钥

   rsaEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
        
   rsaEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
        
   RSAPublicKey ::= SEQUENCE {
     modulus         INTEGER, -- n
     publicExponent  INTEGER  -- e
   }
        
   RSAPublicKey ::= SEQUENCE {
     modulus         INTEGER, -- n
     publicExponent  INTEGER  -- e
   }
        

-- DSA PK Algorithm, Key, and Parameters

--DSA PK算法、密钥和参数

   id-dsa OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
        
   id-dsa OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
        
   DSAPublicKey ::= INTEGER --  public key, y
        
   DSAPublicKey ::= INTEGER --  public key, y
        
   DSS-Parms ::= SEQUENCE {
     p  INTEGER,
     q  INTEGER,
     g  INTEGER
   }
        
   DSS-Parms ::= SEQUENCE {
     p  INTEGER,
     q  INTEGER,
     g  INTEGER
   }
        

-- Diffie-Hellman PK Algorithm, Key, and Parameters

--Diffie-Hellman PK算法、密钥和参数

   dhpublicnumber OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
        
   dhpublicnumber OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1 }
        
   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
        
   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p
        
   DomainParameters ::= SEQUENCE {
     p                INTEGER,           -- odd prime, p=jq +1
     g                INTEGER,           -- generator, g
     q                INTEGER,           -- factor of p-1
     j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
     validationParms  ValidationParms OPTIONAL
   }
        
   DomainParameters ::= SEQUENCE {
     p                INTEGER,           -- odd prime, p=jq +1
     g                INTEGER,           -- generator, g
     q                INTEGER,           -- factor of p-1
     j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
     validationParms  ValidationParms OPTIONAL
   }
        
   ValidationParms ::= SEQUENCE {
     seed         BIT STRING,
     pgenCounter  INTEGER
   }
        
   ValidationParms ::= SEQUENCE {
     seed         BIT STRING,
     pgenCounter  INTEGER
   }
        

-- KEA PK Algorithm and Parameters

--KEA-PK算法及参数

   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
     joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
     dod(2) infosec(1) algorithms(1) 22 }
        
   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
     joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
     dod(2) infosec(1) algorithms(1) 22 }
        
   KEA-Parms-Id ::= OCTET STRING
        
   KEA-Parms-Id ::= OCTET STRING
        
   -- Sec 2.1.1 Unrestricted Algorithm ID, Key, and Parameters
   -- (ECDSA keys use id-ecPublicKey)
        
   -- Sec 2.1.1 Unrestricted Algorithm ID, Key, and Parameters
   -- (ECDSA keys use id-ecPublicKey)
        
   id-ecPublicKey OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
        
   id-ecPublicKey OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
        
   ECPoint ::= OCTET STRING
        
   ECPoint ::= OCTET STRING
        

-- Parameters for both Restricted and Unrestricted

--受限和非受限的参数

   ECParameters ::= CHOICE {
     namedCurve         OBJECT IDENTIFIER
     -- implicitCurve   NULL
        
   ECParameters ::= CHOICE {
     namedCurve         OBJECT IDENTIFIER
     -- implicitCurve   NULL
        
     -- specifiedCurve  SpecifiedECDomain
   }
     -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
     -- Details for SpecifiedECDomain can be found in [X9.62].
     -- Any future additions to this CHOICE should be coordinated
     -- with ANSI X9.
        
     -- specifiedCurve  SpecifiedECDomain
   }
     -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
     -- Details for SpecifiedECDomain can be found in [X9.62].
     -- Any future additions to this CHOICE should be coordinated
     -- with ANSI X9.
        

-- Sec 2.1.2 Restricted Algorithm IDs, Key, and Parameters: ECDH

--第2.1.2节受限算法ID、密钥和参数:ECDH

   id-ecDH OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1)
     ecdh(12) }
        
   id-ecDH OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1)
     ecdh(12) }
        
   -- ECPoint ::= OCTET STRING
        
   -- ECPoint ::= OCTET STRING
        

-- Parameters are ECParameters.

--参数是ECParameters。

-- Sec 2.1.2 Restricted Algorithm IDs, Key, and Parameters: ECMQV

--第2.1.2节受限算法ID、密钥和参数:ECMQV

   id-ecMQV OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1)
     ecmqv(13) }
        
   id-ecMQV OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1)
     ecmqv(13) }
        
   -- ECPoint ::= OCTET STRING
        
   -- ECPoint ::= OCTET STRING
        

-- Parameters are ECParameters.

--参数是ECParameters。

-- -- Signature Algorithms --

----签名算法--

   -- RSA with MD-2
   -- Parameters are NULL
        
   -- RSA with MD-2
   -- Parameters are NULL
        
   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 2 }
        
   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 2 }
        
   -- RSA with MD-5
   -- Parameters are NULL
        
   -- RSA with MD-5
   -- Parameters are NULL
        
   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
        
   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
        
   -- RSA with SHA-1
   -- Parameters are NULL
        
   -- RSA with SHA-1
   -- Parameters are NULL
        
   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }
        
   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }
        
   -- DSA with SHA-1
   -- Parameters are ABSENT
        
   -- DSA with SHA-1
   -- Parameters are ABSENT
        
   id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
     iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
        
   id-dsa-with-sha1 OBJECT IDENTIFIER ::=  {
     iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
        
   -- DSA with SHA-224
   -- Parameters are ABSENT
        
   -- DSA with SHA-224
   -- Parameters are ABSENT
        
   id-dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
        
   id-dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
        
   -- DSA with SHA-256
   -- Parameters are ABSENT
        
   -- DSA with SHA-256
   -- Parameters are ABSENT
        
   id-dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
        
   id-dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
     joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
     csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
        
   -- ECDSA with SHA-1
   -- Parameters are ABSENT
        
   -- ECDSA with SHA-1
   -- Parameters are ABSENT
        
   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
        
   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
        
   -- ECDSA with SHA-224
   -- Parameters are ABSENT
        
   -- ECDSA with SHA-224
   -- Parameters are ABSENT
        
   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 1 }
        
   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 1 }
        
   -- ECDSA with SHA-256
   -- Parameters are ABSENT
        
   -- ECDSA with SHA-256
   -- Parameters are ABSENT
        
   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 2 }
        
   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 2 }
        
   -- ECDSA with SHA-384
   -- Parameters are ABSENT
        
   -- ECDSA with SHA-384
   -- Parameters are ABSENT
        
   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 3 }
        
   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 3 }
        
   -- ECDSA with SHA-512
   -- Parameters are ABSENT
        
   -- ECDSA with SHA-512
   -- Parameters are ABSENT
        
   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 4 }
        
   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
     ecdsa-with-SHA2(3) 4 }
        

-- -- Signature Values --

----特征值--

-- DSA

--数字减影

   DSA-Sig-Value ::= SEQUENCE {
     r  INTEGER,
     s  INTEGER
   }
        
   DSA-Sig-Value ::= SEQUENCE {
     r  INTEGER,
     s  INTEGER
   }
        

-- ECDSA

--ECDSA

   ECDSA-Sig-Value ::= SEQUENCE {
     r  INTEGER,
     s  INTEGER
   }
        
   ECDSA-Sig-Value ::= SEQUENCE {
     r  INTEGER,
     s  INTEGER
   }
        

-- -- Named Elliptic Curves --

--——命名椭圆曲线--

   -- Note that in [X9.62] the curves are referred to as 'ansiX9' as
   -- opposed to 'sec'.  For example secp192r1 is the same curve as
   -- ansix9p192r1.
        
   -- Note that in [X9.62] the curves are referred to as 'ansiX9' as
   -- opposed to 'sec'.  For example secp192r1 is the same curve as
   -- ansix9p192r1.
        
   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
   -- prime192v1 and the secp256r1 curve was referred to as prime256v1.
        
   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
   -- prime192v1 and the secp256r1 curve was referred to as prime256v1.
        
   -- Note that [FIPS186-3] refers to secp192r1 as P-192, secp224r1 as
   -- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
   -- P-521.
        
   -- Note that [FIPS186-3] refers to secp192r1 as P-192, secp224r1 as
   -- P-224, secp256r1 as P-256, secp384r1 as P-384, and secp521r1 as
   -- P-521.
        
   secp192r1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
     prime(1) 1 }
        
   secp192r1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
     prime(1) 1 }
        
   sect163k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 1 }
        
   sect163k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 1 }
        
   sect163r2 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 15 }
        
   sect163r2 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 15 }
        
   secp224r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 33 }
        
   secp224r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 33 }
        
   sect233k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 26 }
        
   sect233k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 26 }
        
   sect233r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 27 }
        
   sect233r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 27 }
        
   secp256r1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
     prime(1) 7 }
        
   secp256r1 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
     prime(1) 7 }
        
   sect283k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 16 }
        
   sect283k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 16 }
        
   sect283r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 17 }
        
   sect283r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 17 }
        
   secp384r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 34 }
        
   secp384r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 34 }
        
   sect409k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 36 }
        
   sect409k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 36 }
        
   sect409r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 37 }
        
   sect409r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 37 }
        
   secp521r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 35 }
        
   secp521r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 35 }
        
   sect571k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 38 }
        
   sect571k1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 38 }
        
   sect571r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 39 }
        
   sect571r1 OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) curve(0) 39 }
        

END

终止

Authors' Addresses

作者地址

Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA

Sean Turner IECA,Inc.美国弗吉尼亚州费尔法克斯市努特利街3057号106室,邮编22031

   EMail: turners@ieca.com
        
   EMail: turners@ieca.com
        

Kelvin Yiu Microsoft One Microsoft Way Redmond, WA 98052-6399 USA

开尔文姚微软一路微软雷德蒙德,华盛顿州98052-6399美国

   EMail: kelviny@microsoft.com
        
   EMail: kelviny@microsoft.com
        

Daniel R. L. Brown Certicom Corp 5520 Explorer Drive #400 Mississauga, ON L4W 5L1 CANADA

Daniel R.L.Brown Certicom Corp 5520探索者大道#400号,位于加拿大密西西比州的L4W 5L1

   EMail: dbrown@certicom.com
        
   EMail: dbrown@certicom.com
        

Russ Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA

Russ Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,邮编20170

   EMail: housley@vigilsec.com
        
   EMail: housley@vigilsec.com
        

Tim Polk NIST Building 820, Room 426 Gaithersburg, MD 20899

蒂姆·波尔克美国国家标准与技术研究院820号楼,马里兰州盖瑟斯堡426室,邮编20899

   EMail: wpolk@nist.gov
        
   EMail: wpolk@nist.gov