2
PK Standards Compliance
10
Key Format: RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
11
Encryption: OAEP as per PKCS #1
12
Signature : PSS as per PKCS #1
17
The NIST DSA algorithm
19
Key Format: HomeBrew [see below]
20
Signature : ANSI X9.62 format [see below].
24
DSAPublicKey ::= SEQUENCE {
25
publicFlags BIT STRING(1), -- must be 0
26
g INTEGER , -- base generator, check that g^q mod p == 1
27
-- and that 1 < g < p - 1
28
p INTEGER , -- prime modulus
29
q INTEGER , -- order of sub-group (must be prime)
30
y INTEGER , -- public key, specifically, g^x mod p,
31
-- check that y^q mod p == 1
32
-- and that 1 < y < p - 1
35
DSAPrivateKey ::= SEQUENCE {
36
publicFlags BIT STRING(1), -- must be 1
37
g INTEGER , -- base generator, check that g^q mod p == 1
38
-- and that 1 < g < p - 1
39
p INTEGER , -- prime modulus
40
q INTEGER , -- order of sub-group (must be prime)
41
y INTEGER , -- public key, specifically, g^x mod p,
42
-- check that y^q mod p == 1
43
-- and that 1 < y < p - 1
44
x INTEGER -- private key
47
Signatures are stored as
49
DSASignature ::= SEQUENCE {
50
r, s INTEGER -- signature parameters
56
The ANSI X9.62 and X9.63 algorithms [partial]. Supports all NIST GF(p) curves.
58
Key Format : Homebrew [see below, only GF(p) NIST curves supported]
59
Signature : X9.62 compliant
60
Encryption : Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
61
Shared Secret: X9.63 compliant
63
ECCPublicKey ::= SEQUENCE {
64
flags BIT STRING(1), -- public/private flag (always zero),
65
keySize INTEGER, -- Curve size (in bits) divided by eight
66
-- and rounded down, e.g. 521 => 65
67
pubkey.x INTEGER, -- The X co-ordinate of the public key point
68
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
71
ECCPrivateKey ::= SEQUENCE {
72
flags BIT STRING(1), -- public/private flag (always one),
73
keySize INTEGER, -- Curve size (in bits) divided by eight
74
-- and rounded down, e.g. 521 => 65
75
pubkey.x INTEGER, -- The X co-ordinate of the public key point
76
pubkey.y INTEGER, -- The Y co-ordinate of the public key point
77
secret.k INTEGER, -- The secret key scalar
80
The encryption works by finding the X9.63 shared secret and hashing it. The hash is then simply XOR'ed against the message [which must be at most the size
81
of the hash digest]. The format of the encrypted text is as follows
83
ECCEncrypted ::= SEQUENCE {
84
hashOID OBJECT IDENTIFIER, -- The OID of the hash used
85
pubkey OCTET STRING , -- Encapsulation of a random ECCPublicKey
86
skey OCTET STRING -- The encrypted text (which the hash was XOR'ed against)
89
% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $
91
% $Date: 2005/06/18 02:26:27 $