Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5754                                          IECA
Updates: 3370                                               January 2010
Category: Standards Track
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                         S. Turner
Request for Comments: 5754                                          IECA
Updates: 3370                                               January 2010
Category: Standards Track
ISSN: 2070-1721
        

Using SHA2 Algorithms with Cryptographic Message Syntax

使用具有加密消息语法的SHA2算法

Abstract

摘要

This document describes the conventions for using the Secure Hash Algorithm (SHA) message digest algorithms (SHA-224, SHA-256, SHA-384, SHA-512) with the Cryptographic Message Syntax (CMS). It also describes the conventions for using these algorithms with the CMS and the Digital Signature Algorithm (DSA), Rivest Shamir Adleman (RSA), and Elliptic Curve DSA (ECDSA) signature algorithms. Further, it provides SMIMECapabilities attribute values for each algorithm.

本文档描述了使用加密消息语法(CMS)的安全哈希算法(SHA)消息摘要算法(SHA-224、SHA-256、SHA-384、SHA-512)的约定。它还描述了将这些算法与CMS和数字签名算法(DSA)、Rivest-Shamir-Adleman(RSA)和椭圆曲线DSA(ECDSA)签名算法一起使用的约定。此外,它还为每个算法提供SMIMECapabilities属性值。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5754.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5754.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.

本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。

Table of Contents

目录

   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................3
   2. Message Digest Algorithms .......................................3
      2.1. SHA-224 ....................................................4
      2.2. SHA-256 ....................................................5
      2.3. SHA-384 ....................................................5
      2.4. SHA-512 ....................................................5
   3. Signature Algorithms ............................................6
      3.1. DSA ........................................................6
      3.2. RSA ........................................................7
      3.3. ECDSA ......................................................8
   4. Security Considerations .........................................9
   5. References ......................................................9
      5.1. Normative References .......................................9
      5.2. Informative References ....................................10
        
   1. Introduction ....................................................2
      1.1. Conventions Used in This Document ..........................3
   2. Message Digest Algorithms .......................................3
      2.1. SHA-224 ....................................................4
      2.2. SHA-256 ....................................................5
      2.3. SHA-384 ....................................................5
      2.4. SHA-512 ....................................................5
   3. Signature Algorithms ............................................6
      3.1. DSA ........................................................6
      3.2. RSA ........................................................7
      3.3. ECDSA ......................................................8
   4. Security Considerations .........................................9
   5. References ......................................................9
      5.1. Normative References .......................................9
      5.2. Informative References ....................................10
        
1. Introduction
1. 介绍

This document specifies the algorithm identifiers and specifies parameters for the message digest algorithms SHA-224, SHA-256, SHA-384, and SHA-512 for use with the Cryptographic Message Syntax (CMS) [RFC5652]. The message digest algorithms are defined in [SHS] and reference code is provided in [RFC4634].

本文件规定了算法标识符,并规定了用于加密消息语法(CMS)[RFC5652]的消息摘要算法SHA-224、SHA-256、SHA-384和SHA-512的参数。[SHS]中定义了消息摘要算法,[RFC4634]中提供了参考代码。

This document also specifies the algorithm identifiers and parameters for use of SHA-224, SHA-256, SHA-384, and SHA-512 with DSA [DSS], RSA (RSASSA-PKCS1-v1_5) [RFC3447], and ECDSA [DSS].

本文件还规定了与DSA[DSS]、RSA(RSASSA-PKCS1-v1_5)[RFC3447]和ECDSA[DSS]一起使用SHA-224、SHA-256、SHA-384和SHA-512的算法标识符和参数。

This document does not define new identifiers; they are taken from [RFC3874], [RFC4055], and [RFC5758]. Additionally, the parameters follow the conventions specified therein. Therefore, there is no Abstract Syntax Notation One (ASN.1) module included in this document.

本文件未定义新的标识符;它们取自[RFC3874]、[RFC4055]和[RFC5758]。此外,参数遵循其中规定的约定。因此,本文档中不包含抽象语法符号1(ASN.1)模块。

Note that [RFC4231] specifies the conventions for the message authentication code (MAC) algorithms: Hashed MAC (HMAC) with SHA-224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512.

请注意,[RFC4231]指定了消息身份验证码(MAC)算法的约定:哈希MAC(HMAC)与SHA-224、HMAC与SHA-256、HMAC与SHA-384以及HMAC与SHA-512。

In the CMS, the various algorithm identifiers use the AlgorithmIdentifier syntax, which is included here for convenience:

在CMS中,各种算法标识符使用AlgorithmIdentifier语法,为方便起见,此处包括:

      AlgorithmIdentifier  ::=  SEQUENCE  {
        algorithm   OBJECT IDENTIFIER,
        parameters  ANY DEFINED BY algorithm OPTIONAL  }
        
      AlgorithmIdentifier  ::=  SEQUENCE  {
        algorithm   OBJECT IDENTIFIER,
        parameters  ANY DEFINED BY algorithm OPTIONAL  }
        

This document also specifies the SMIMECapabilities attribute values [RFC5751] for each algorithm. The values provided are for the SMIMECapability field, which is included here for convenience:

本文档还指定了每个算法的smimecapability属性值[RFC5751]。提供的值适用于SMIMECapability字段,为方便起见,此处包括该字段:

      SMIMECapability ::= SEQUENCE {
        capabilityID  OBJECT IDENTIFIER,
        parameters    ANY DEFINED BY capabilityID OPTIONAL }
        
      SMIMECapability ::= SEQUENCE {
        capabilityID  OBJECT IDENTIFIER,
        parameters    ANY DEFINED BY capabilityID OPTIONAL }
        
1.1. Conventions Used in This Document
1.1. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. Message Digest Algorithms
2. 消息摘要算法

Digest algorithm identifiers are located in the SignedData digestAlgorithms field, the SignerInfo digestAlgorithm field, the DigestedData digestAlgorithm field, and the AuthenticatedData digestAlgorithm field. The object identifiers are taken from [RFC4055].

摘要算法标识符位于SignedData digestAlgorithms字段、SignerInfo digestAlgorithm字段、DigestedData digestAlgorithm字段和AuthenticatedData digestAlgorithm字段中。对象标识符取自[RFC4055]。

Digest values are located in the DigestedData digest field and the Message Digest authenticated attribute. In addition, digest values are input to signature algorithms.

摘要值位于DigestedData摘要字段和Message Digest authenticated属性中。此外,摘要值被输入到签名算法中。

The digest algorithm identifiers use the AlgorithmIdentifier syntax elaborated upon in Section 1.

摘要算法标识符使用第1节详述的算法标识符语法。

The algorithm field and SMIMECapabilities attribute are discussed in Sections 2.1-2.4 for each message digest algorithm. Section 3 provides some signatures that use SHA2 algorithms. Consult the signature algorithm definitions for the procedures to compute the digest values (i.e., DigestInfo).

第2.1-2.4节讨论了每个消息摘要算法的算法字段和SMIMECapabilities属性。第3节提供了一些使用SHA2算法的签名。有关计算摘要值(即DigestInfo)的过程,请参考签名算法定义。

The AlgorithmIdentifier parameters field is OPTIONAL. Implementations MUST accept SHA2 AlgorithmIdentifiers with absent parameters. Implementations MUST accept SHA2 AlgorithmIdentifiers with NULL parameters. Implementations MUST generate SHA2 AlgorithmIdentifiers with absent parameters.

AlgorithmIdentifier参数字段是可选的。实现必须接受没有参数的SHA2算法标识符。实现必须接受带有空参数的SHA2算法标识符。实现必须生成缺少参数的SHA2算法标识符。

NOTE: There are two possible encodings for the AlgorithmIdentifier parameters field associated with these object identifiers. The two alternatives arise from the loss of the OPTIONAL associated with the algorithm identifier parameters when the 1988 syntax for AlgorithmIdentifier was translated into the 1997 syntax. Later, the OPTIONAL was recovered via a defect report, but by then many people thought that algorithm parameters were mandatory. Because of this history, some implementations encode parameters as a NULL element while others omit them entirely. The correct encoding is to omit the parameters field; however, when some uses of these algorithms were defined, it was done using the NULL parameters rather than absent parameters. For example, PKCS#1 [RFC3447] requires that the padding used for RSA signatures (EMSA-PKCS1-v1_5) MUST use SHA2 AlgorithmIdentifiers with NULL parameters (to clarify, the requirement "MUST generate SHA2 AlgorithmIdentifiers with absent parameters" in the previous paragraph does not apply to this padding).

注意:与这些对象标识符关联的AlgorithmIdentifier参数字段有两种可能的编码。当1988年的AlgorithmIdentifier语法被翻译成1997年的语法时,与算法标识符参数相关的可选参数丢失,这两种选择产生了。后来,通过缺陷报告恢复了可选的,但那时许多人认为算法参数是强制性的。由于这种历史,一些实现将参数编码为空元素,而另一些实现则完全忽略它们。正确的编码是省略参数字段;然而,当这些算法的某些用途被定义时,它是使用空参数而不是缺少的参数来完成的。例如,PKCS#1[RFC3447]要求用于RSA签名的填充(EMSA-PKCS1-v1#5)必须使用带空参数的SHA2算法标识符(为了澄清,上一段中的“必须生成带空参数的SHA2算法标识符”要求不适用于此填充)。

2.1. SHA-224
2.1. SHA-224

The SHA-224 message digest algorithm is defined in [SHS]. The algorithm identifier for SHA-224 is:

SHA-224消息摘要算法在[SHS]中定义。SHA-224的算法标识符为:

     id-sha224 OBJECT IDENTIFIER ::= {
       joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistalgorithm(4) hashalgs(2) 4 }
        
     id-sha224 OBJECT IDENTIFIER ::= {
       joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistalgorithm(4) hashalgs(2) 4 }
        

The parameters are as specified in the beginning of Section 2.

参数如第2节开头所述。

The SMIMECapabilities attribute value indicates support for SHA-224 in a SEQUENCE with the capabilityID field containing the object identifier id-sha224 with absent parameters. The DER encoding for this SMIMECapability is:

SMIMECapabilities属性值表示支持序列中的SHA-224,其中capabilityID字段包含对象标识符id-sha224,但没有参数。此SMIMECapability的DER编码为:

id-sha224: 30 0b 06 09 60 86 48 01 65 03 04 02 04

id-sha224:30 0b 06 09 60 86 48 01 65 03 04

2.2. SHA-256
2.2. SHA-256

The SHA-256 message digest algorithm is defined in [SHS]. The algorithm identifier for SHA-256 is:

SHA-256消息摘要算法在[SHS]中定义。SHA-256的算法标识符为:

      id-sha256 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 1 }
        
      id-sha256 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 1 }
        

The parameters are as specified in the beginning of Section 2.

参数如第2节开头所述。

The SMIMECapabilities attribute value indicates support for SHA-256 in a SEQUENCE with the capabilityID field containing the object identifier id-sha256 with absent parameters. The DER encoding for this SMIMECapability value is:

SMIMECapabilities属性值表示支持序列中的SHA-256,其中capabilityID字段包含对象标识符id-sha256,但缺少参数。此SMIMECapability值的DER编码为:

id-sha256: 30 0b 06 09 60 86 48 01 65 03 04 02 01

id-sha256:30 0b 06 09 60 86 48 01 65 03 04 01

2.3. SHA-384
2.3. SHA-384

The SHA-384 message digest algorithm is defined in [SHS]. The algorithm identifier for SHA-384 is:

SHA-384消息摘要算法在[SHS]中定义。SHA-384的算法标识符为:

      id-sha384 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 2 }
        
      id-sha384 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 2 }
        

The parameters are as specified in the beginning of Section 2.

参数如第2节开头所述。

The SMIMECapabilities attribute value indicates support for SHA-384 in a SEQUENCE with the capabilityID field containing the object identifier id-sha384 with absent parameters. The DER encoding for this SMIMECapability value is:

SMIMECapabilities属性值表示支持序列中的SHA-384,其中capabilityID字段包含对象标识符id-sha384,但缺少参数。此SMIMECapability值的DER编码为:

id-sha384: 30 0b 06 09 60 86 48 01 65 03 04 02 02

id-sha384:30 0b 06 09 60 86 48 01 65 03 04 02

2.4. SHA-512
2.4. SHA-512

The SHA-512 message digest algorithm is defined in [SHS]. The algorithm identifier for SHA-512 is:

SHA-512消息摘要算法在[SHS]中定义。SHA-512的算法标识符为:

      id-sha512 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 3 }
        
      id-sha512 OBJECT IDENTIFIER ::= {
        joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
        csor(3) nistalgorithm(4) hashalgs(2) 3 }
        

The parameters are as specified in the beginning of Section 2.

参数如第2节开头所述。

The SMIMECapabilities attribute value indicates support for SHA-384 in a SEQUENCE with the capabilityID field containing the object identifier id-sha384 with absent parameters. The DER encoding for this SMIMECapability value is:

SMIMECapabilities属性值表示支持序列中的SHA-384,其中capabilityID字段包含对象标识符id-sha384,但缺少参数。此SMIMECapability值的DER编码为:

id-sha512: 30 0b 06 09 60 86 48 01 65 03 04 02 03

id-sha512:30 0b 06 09 60 86 48 01 65 03 04 03

3. Signature Algorithms
3. 签名算法

This section specifies the conventions employed by CMS implementations that support DSA, RSA, and ECDSA with SHA2 algorithms.

本节指定支持DSA、RSA和ECDSA以及SHA2算法的CMS实现所采用的约定。

Signature algorithm identifiers are located in the SignerInfo signatureAlgorithm field of SignedData. Also, signature algorithm identifiers are located in the SignerInfo signatureAlgorithm field of countersignature attributes.

签名算法标识符位于SignedData的SignerInfo signatureAlgorithm字段中。此外,签名算法标识符位于会签属性的SignerInfo signatureAlgorithm字段中。

Signature values are located in the SignerInfo signature field of SignedData. Also, signature values are located in the SignerInfo signature field of countersignature attributes.

签名值位于SignedData的SignerInfo签名字段中。此外,签名值位于会签属性的SignerInfo签名字段中。

3.1. DSA
3.1. 数字减影

[RFC3370], Section 3.1, specifies the conventions for DSA with SHA-1 public key algorithm identifiers, parameters, public keys, and signature values. DSA with SHA2 algorithms uses the same conventions for these public key algorithm identifiers, parameters, public keys, and signature values. DSA MAY be used with SHA-224 and SHA-256. The object identifiers are taken from [RFC5758].

[RFC3370]第3.1节规定了使用SHA-1公钥算法标识符、参数、公钥和签名值的DSA的约定。带有SHA2算法的DSA对这些公钥算法标识符、参数、公钥和签名值使用相同的约定。DSA可与SHA-224和SHA-256一起使用。对象标识符取自[RFC5758]。

DSA has not been specified with SHA-384 and SHA-512. SHA-384 and SHA-512 are not supported because the maximum bit length of p (specified as L) is 3072 for DSA. For consistent cryptographic strength, SHA-384 would be used with DSA where L is 7680, and SHA-512 would be used with DSA where L is 15360.

尚未使用SHA-384和SHA-512指定DSA。不支持SHA-384和SHA-512,因为对于DSA,p(指定为L)的最大位长度为3072。为了获得一致的加密强度,SHA-384将用于L为7680的DSA,SHA-512将用于L为15360的DSA。

The algorithm identifier for DSA with SHA-224 signature values is:

具有SHA-224签名值的DSA的算法标识符为:

      id-dsa-with-sha224 OBJECT IDENTIFIER ::=  {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
        
      id-dsa-with-sha224 OBJECT IDENTIFIER ::=  {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }
        

The algorithm identifier for DSA with SHA-256 signature values is:

具有SHA-256签名值的DSA的算法标识符为:

      id-dsa-with-sha256 OBJECT IDENTIFIER ::=  {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
        
      id-dsa-with-sha256 OBJECT IDENTIFIER ::=  {
        joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
        csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
        

When either of these algorithm identifiers is used, the AlgorithmIdentifier parameters field MUST be absent.

当使用这些算法标识符中的任何一个时,必须缺少AlgorithmIdentifier parameters字段。

The SMIMECapabilities attribute value indicates support for one of the DSA signature algorithms in a SEQUENCE with the capabilityID field containing the object identifier id-dsa-with-sha* (where * is 224 or 256) with absent parameters. The DER encodings for these SMIMECapability values are:

SMIMECapabilities属性值表示支持序列中的一个DSA签名算法,其中capabilityID字段包含对象标识符id DSA,其中sha*(其中*为224或256)没有参数。这些SMIMECapability值的DER编码为:

id-dsa-with-sha224: 30 0b 06 09 60 86 48 01 65 03 04 03 01

id-dsa-with-sha224:30 0b 06 09 60 86 48 01 65 03 04 01

id-dsa-with-sha256: 30 0b 06 09 60 86 48 01 65 03 04 03 02

id-dsa-with-sha256:30 0b 06 09 60 86 48 01 65 03 04 02

3.2. RSA
3.2. RSA

[RFC3370], Section 3.2, specifies the conventions for RSA with SHA-1 (RSASSA-PKCS1-v1_5) public key algorithm identifiers, parameters, public keys, and signature values. RSA with SHA2 algorithms uses the same conventions for these public key algorithm identifiers, parameters, public keys, and signature values. RSA (RSASSA-PKCS1-v1_5) [RFC3447] MAY be used with SHA-224, SHA-256, SHA-384, or SHA-512. The object identifiers are taken from [RFC4055].

[RFC3370]第3.2节规定了RSA与SHA-1(RSASSA-PKCS1-v1_5)公钥算法标识符、参数、公钥和签名值的约定。RSA with SHA2算法对这些公钥算法标识符、参数、公钥和签名值使用相同的约定。RSA(RSASSA-PKCS1-v1_5)[RFC3447]可与SHA-224、SHA-256、SHA-384或SHA-512一起使用。对象标识符取自[RFC4055]。

The object identifier for RSA with SHA-224 signature values is:

具有SHA-224签名值的RSA的对象标识符为:

      sha224WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 14 }
        
      sha224WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 14 }
        

The object identifier for RSA with SHA-256 signature values is:

具有SHA-256签名值的RSA的对象标识符为:

      sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 11 }
        
      sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 11 }
        

The object identifier for RSA with SHA-384 signature values is:

具有SHA-384签名值的RSA的对象标识符为:

      sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 12 }
        
      sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 12 }
        

The object identifier for RSA with SHA-512 signature values is:

具有SHA-512签名值的RSA的对象标识符为:

      sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 13 }
        
      sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { iso(1)
        member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 13 }
        

When any of these four object identifiers appears within an AlgorithmIdentifier, the parameters MUST be NULL. Implementations MUST accept the parameters being absent as well as present.

当这四个对象标识符中的任何一个出现在AlgorithmIdentifier中时,参数必须为NULL。实现必须接受既不存在又存在的参数。

The SMIMECapabilities attribute value indicates support for one of the DSA signature algorithms in a SEQUENCE with the capabilityID field containing the object identifier sha*WithRSAEncryption (where * is 224, 256, 384, or 512) with NULL parameters. The DER encodings for these SMIMECapability values are:

SMIMECapabilities属性值表示支持序列中的一种DSA签名算法,该序列的capabilityID字段包含对象标识符sha*,其中*为224、256、384或512,参数为空。这些SMIMECapability值的DER编码为:

sha224WithRSAEncryption: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0e 05 00

SHA224带RSA加密:30 0d 06 09 2a 86 48 86 f7 0d 01 01 0e 05 00

sha256WithRSAEncryption: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00

SHA256带RSA加密:30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00

sha384WithRSAEncryption: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 Oc 05 00

SHA384带RSA加密:30 0d 06 09 2a 86 48 86 f7 0d 01 Oc 05 00

sha512WithRSAEncryption: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0d 05 00

带RSA加密的SHA512:30 0d 06 09 2a 86 48 86 f7 0d 01 01 0d 05 00

3.3. ECDSA
3.3. ECDSA

[RFC5753], Section 2.1, specifies the conventions for ECDSA with SHA-* (where * is 1, 224, 256, 384, or 512) public key algorithm identifiers, parameters, public keys, and signature values. The object identifiers, which are included below for convenience, are taken from [RFC5758].

[RFC5753]第2.1节规定了ECDSA与SHA-*(其中*为1、224、256、384或512)公钥算法标识符、参数、公钥和签名值的约定。为方便起见,下面包含的对象标识符取自[RFC5758]。

The algorithm identifier for ECDSA with SHA-224 signature values is:

具有SHA-224签名值的ECDSA的算法标识符为:

      ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
        
      ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
        

The algorithm identifier for ECDSA with SHA-256 signature values is:

具有SHA-256签名值的ECDSA的算法标识符为:

      ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840)ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
        
      ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840)ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
        

The algorithm identifier for ECDSA with SHA-384 signature values is:

具有SHA-384签名值的ECDSA的算法标识符为:

      ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
        
      ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
        

The algorithm identifier for ECDSA with SHA-512 signature values is:

具有SHA-512签名值的ECDSA的算法标识符为:

      ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
        
      ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
        

When any of these four object identifiers appears within an AlgorithmIdentifier, the parameters field MUST be absent. That is, the AlgorithmIdentifier SHALL be a SEQUENCE of one component: the OID ecdsa-with-SHA224, ecdsa-with-SHA256, ecdsa-with-SHA384, or ecdsa-with-SHA512.

当这四个对象标识符中的任何一个出现在算法标识符中时,参数字段必须不存在。也就是说,算法标识符应为一个组件的序列:OID ecdsa-with-SHA224、ecdsa-with-SHA256、ecdsa-with-SHA384或ecdsa-with-SHA512。

The SMIMECapabilities attribute value indicates support for one of the ECDSA signature algorithms in a SEQUENCE with the capabilityID field containing the object identifier ecdsa-with-SHA1* (where * is 224, 256, 384, or 512) with absent parameters. The DER encodings for these SMIMECapability values are:

SMIMECapabilities属性值表示支持一个序列中的ECDSA签名算法,其中capabilityID字段包含对象标识符ECDSA-with-SHA1*(其中*为224、256、384或512),且没有参数。这些SMIMECapability值的DER编码为:

ecdsa-with-SHA224: 30 0a 06 08 2a 86 48 ce 3d 04 03 01

ecdsa-with-SHA224:30 0a 06 08 2a 86 48 ce 3d 04 03 01

ecdsa-with-SHA256: 30 0a 06 08 2a 86 48 ce 3d 04 03 02

ecdsa-with-SHA256:30 0a 06 08 2a 86 48 ce 3d 04 03 02

ecdsa-with-SHA384: 30 0a 06 08 2a 86 48 ce 3d 04 03 03

ecdsa-with-SHA384:30 0a 06 08 2a 86 48 ce 3d 04 03

ecdsa-with-SHA512: 30 0a 06 08 2a 86 48 ce 3d 04 03 04

ecdsa-with-SHA512:30 0a 06 08 2a 86 48 ce 3d 04 04

4. Security Considerations
4. 安全考虑

The security considerations in [RFC3370], [RFC3874], [RFC4055], [RFC5753], and [RFC5758] apply. No new security considerations are introduced as a result of this specification.

[RFC3370]、[RFC3874]、[RFC4055]、[RFC5753]和[RFC5758]中的安全注意事项适用。本规范没有引入新的安全注意事项。

5. References
5. 工具书类
5.1. Normative References
5.1. 规范性引用文件

[DSS] National Institute of Standards and Technology (NIST), FIPS Publication 186-3: Digital Signature Standard, June 2009.

[DSS]国家标准与技术研究所(NIST),FIPS出版物186-3:数字签名标准,2009年6月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3370] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002.

[RFC3370]Housley,R.,“加密消息语法(CMS)算法”,RFC3370,2002年8月。

[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003.

[RFC3447]Jonsson,J.和B.Kaliski,“公钥密码标准(PKCS)#1:RSA密码规范版本2.1”,RFC 3447,2003年2月。

[RFC3874] Housley, R., "A 224-bit One-way Hash Function: SHA-224", RFC 3874, September 2004.

[RFC3874]Housley,R.,“224位单向散列函数:SHA-224”,RFC 3874,2004年9月。

[RFC4055] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005.

[RFC4055]Schaad,J.,Kaliski,B.,和R.Housley,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件中使用的RSA加密的其他算法和标识符”,RFC 4055,2005年6月。

[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, September 2009.

[RFC5652]Housley,R.,“加密消息语法(CMS)”,RFC 56522009年9月。

[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification", RFC 5751, January 2010.

[RFC5751]Ramsdell,B.和S.Turner,“安全/多用途Internet邮件扩展(S/MIME)版本3.2消息规范”,RFC 57512010年1月。

[RFC5753] Turner, S. and D. Brown, "Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)", RFC 5753, January 2010.

[RFC5753]Turner,S.和D.Brown,“加密消息语法(CMS)中椭圆曲线加密(ECC)算法的使用”,RFC 5753,2010年1月。

[RFC5758] Dang, Q., Santesson, S., Moriarty, K., Brown, D., and T. Polk, "Internet X.509 Public Key Infrastructure: Additional Algorithms and Identifiers for DSA and ECDSA", RFC 5758, January 2010.

[RFC5758]Dang,Q.,Santesson,S.,Moriarty,K.,Brown,D.,和T.Polk,“互联网X.509公钥基础设施:DSA和ECDSA的附加算法和标识符”,RFC 5758,2010年1月。

[SHS] National Institute of Standards and Technology (NIST), FIPS Publication 180-3: Secure Hash Standard, October 2008.

[SHS]国家标准与技术研究所(NIST),FIPS出版物180-3:安全哈希标准,2008年10月。

5.2. Informative References
5.2. 资料性引用

[RFC4231] Nystrom, M., "Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", RFC 4231, December 2005.

[RFC4231]Nystrom,M.“HMAC-SHA-224、HMAC-SHA-256、HMAC-SHA-384和HMAC-SHA-512的标识符和测试向量”,RFC 42312005年12月。

[RFC4634] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and HMAC-SHA)", RFC 4634, July 2006.

[RFC4634]Eastlake 3rd,D.和T.Hansen,“美国安全哈希算法(SHA和HMAC-SHA)”,RFC 46342006年7月。

Author's Address

作者地址

Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA

Sean Turner IECA,Inc.美国弗吉尼亚州费尔法克斯市努特利街3057号106室,邮编22031

   EMail: turners@ieca.com
        
   EMail: turners@ieca.com