1、 Collection of SANS standards in electronic format (PDF) 1. Copyright This standard is available to staff members of companies that have subscribed to the complete collection of SANS standards in accordance with a formal copyright agreement. This document may reside on a CENTRAL FILE SERVER or INTRA
2、NET SYSTEM only. Unless specific permission has been granted, this document MAY NOT be sent or given to staff members from other companies or organizations. Doing so would constitute a VIOLATION of SABS copyright rules. 2. Indemnity The South African Bureau of Standards accepts no liability for any
3、damage whatsoever than may result from the use of this material or the information contain therein, irrespective of the cause and quantum thereof. ISBN 978-0-626-23142-2 SANS 11770-3:2009 Edition 2 ISO/IEC 11770-3:2008 Edition 2 SOUTH AFRICAN NATIONAL STANDARD Information technology Security techniq
4、ues Key management Part 3: Mechanisms using asymmetric techniques This national standard is the identical implementation of ISO/IEC 11770-3:2008 and is adopted with the permission of the International Organization for Standardization and the International Electrotechnical Commission. Published by SA
5、BS Standards Division 1 Dr Lategan Road Groenkloof envelopeback Private Bag X191 Pretoria 0001 Tel: +27 12 428 7911 Fax: +27 12 344 1568 www.sabs.co.za SABS SANS 11770-3:2009 Edition 2 ISO/IEC 11770-3:2008 Edition 2 Table of changes Change No. Date Scope National foreword This South African standard
6、 was approved by National Committee SABS TC 71F, Information technology Information security, in accordance with procedures of the SABS Standards Division, in compliance with annex 3 of the WTO/TBT agreement. This SANS document was published in December 2009. This SANS document supersedes SANS 11770
7、-3:2004 (edition 1). Reference numberISO/IEC 11770-3:2008(E)ISO/IEC 2008INTERNATIONAL STANDARD ISO/IEC11770-3Second edition2008-07-15Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques Technologies de linformation Techniques de scurit Gestion de c
8、ls Partie 3: Mcanismes utilisant des techniques asymtriques SANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-3:2008(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licens
9、ing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO
10、Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been
11、 taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part
12、of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56
13、CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reservedSANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-
14、3:2008(E) ISO/IEC 2008 All rights reserved iiiContents Page Foreword iv Introduction v 1 Scope . 1 2 Normative references . 2 3 Terms and definitions. 2 4 Symbols and abbreviations . 6 5 Requirements 8 6 Key derivation functions 8 7 Cofactor multiplication. 9 8 Key commitment. 10 9 Key confirmation.
15、 10 10 Secret key agreement. 12 10.1 Key agreement mechanism 1 12 10.2 Key agreement mechanism 2 13 10.3 Key agreement mechanism 3 14 10.4 Key agreement mechanism 4 16 10.5 Key agreement mechanism 5 17 10.6 Key agreement mechanism 6 18 10.7 Key agreement mechanism 7 20 10.8 Key agreement mechanism 8
16、 22 10.9 Key agreement mechanism 9 23 10.10 Key agreement mechanism 10 24 10.11 Key agreement mechanism 11 25 11 Secret key transport . 27 11.1 Key transport mechanism 1. 27 11.2 Key transport mechanism 2. 28 11.3 Key transport mechanism 3. 30 11.4 Key transport mechanism 4. 31 11.5 Key transport me
17、chanism 5. 33 11.6 Key transport mechanism 6. 35 12 Public key transport . 37 12.1 Public key distribution without a trusted third party 37 12.2 Public key distribution using a trusted third party . 39 Annex A (informative) Properties of key establishment mechanisms 41 Annex B (informative) Examples
18、 of key derivation functions . 43 Annex C (informative) Examples of key establishment mechanisms. 51 Annex D (informative) Examples of elliptic curve based key establishment mechanisms 57 Annex E (informative) Key transport 69 Annex F (normative) ASN.1 module . 74 Bibliography . 82 SANS 11770-3:2009
19、This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-3:2008(E) iv ISO/IEC 2008 All rights reservedForeword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the spec
20、ialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical c
21、ommittees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Internat
22、ional Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting.
23、 Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. ISO/IEC 11770-3 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This second edition cancels and replaces th
24、e first edition (ISO/IEC 11770-3:1999), and ISO/IEC 15946-3:2002, which have been merged and updated to present a uniform standard on key management. ISO/IEC 11770 consists of the following parts, under the general title Information technology Security techniques Key management: Part 1: Framework Pa
25、rt 2: Mechanisms using symmetric techniques Part 3: Mechanisms using asymmetric techniques Part 4: Mechanisms based on weak secrets SANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 11770-3:2008(E) ISO/IEC 2008 All righ
26、ts reserved vIntroduction This part of ISO/IEC 11770 defines schemes that can be used for key agreement and schemes that can be used for key transport. Public key cryptosystems were first proposed in the seminal paper by Diffie and Hellman in 1976. The security of many cryptosystems is based on the
27、presumed intractability of solving the discrete logarithm problem over a finite field. Other cryptosystems such as RSA are based on the difficulty of the integer factorization problem. The second form of cryptography discussed in this part of ISO/IEC 11770 is based on elliptic curves. The security o
28、f such a public key system depends on the difficulty of determining discrete logarithms in the group of points of an elliptic curve. This problem is, with current knowledge, much harder than the factorization of integers or the computation of discrete logarithms in a finite field. Indeed, since V. M
29、iller and N. Koblitz in 1985 independently suggested the use of elliptic curves for public key cryptographic systems, no substantial progress in tackling the elliptic curve discrete logarithm problem has been reported. In general, only algorithms that take exponential time are known to determine ell
30、iptic curve discrete logarithms. Thus, it is possible for elliptic curve based public key systems to use much shorter parameters than the RSA system or the classical discrete logarithm based systems that make use of the multiplicative group of some finite field. This yields significantly shorter dig
31、ital signatures and system parameters and allows for computations using smaller integers. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draw attention to the fact that it is claimed that compliance with this document may involve the use
32、of patents. ISO and IEC take no position concerning the evidence, validity and scope of these patent rights. The holders of these patent rights have assured ISO and IEC that they are willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout
33、 the world. In this respect, the statements of the holders of these patent rights are registered with ISO and IEC. Information may be obtained from: ISO/IEC JTC 1/SC 27 Standing Document 8 (SD 8). SD 8 is publicly available at http:/www.jtc1sc27.din.de/sce/sd8. Attention is drawn to the possibility
34、that some of the elements of this document may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible for identifying any or all such patent rights. SANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemai
35、ling clients of the SABS .SANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .INTERNATIONAL STANDARD ISO/IEC 11770-3:2008(E) ISO/IEC 2008 All rights reserved 1Information technology Security techniques Key management Part 3: Mech
36、anisms using asymmetric techniques 1 Scope This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals. 1) Establish a shared secret key for a symmetric cryptograp
37、hic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is the result of a data exchange between the two entities A and B. Neither of them can predetermine the value of the shared secret key. 2) Establish a shared secret key for a symmetric cr
38、yptographic technique between two entities A and B by key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques. 3) Make an entitys public key available to other entities by key tra
39、nsport. In a public key transport mechanism, the public key of entity A must be transferred to other entities in an authenticated way, but not requiring secrecy. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3. This part
40、 of ISO/IEC 11770 does not cover aspects of key management such as key lifecycle management, mechanisms to generate or validate asymmetric key pairs, mechanisms to store, archive, delete, destroy, etc. keys. While this part of ISO/IEC 11770 does not explicitly cover the distribution of an entitys pr
41、ivate key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice
42、 the distribution of private keys is usually a manual process that relies on technological means like smart cards, etc. This part of ISO/IEC 11770 does not cover the implementations of the transformations used in the key management mechanisms. NOTE To achieve authenticity of key management messages,
43、 it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages. SANS 11770-3:2009This s tandard may only be used and printed by approved subscription and freemailing clients of the SABS .ISO/IEC 1177
44、0-3:2008(E) 2 ISO/IEC 2008 All rights reserved2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any a
45、mendments) applies. ISO/IEC 10118 (all parts), Information technology Security techniques Hash-functions ISO/IEC 14888 (all parts), Information technology Security techniques Digital signatures with appendix 3 Terms and definitions For the purposes of this document, the following terms and definitio
46、ns apply. 3.1 asymmetric cryptographic technique cryptographic technique that uses two related transformations, a public transformation (defined by the public key) and a private transformation (defined by the private key), and has the property that given the public transformation, it is computationa
47、lly infeasible to derive the private transformation NOTE A system based on asymmetric cryptographic techniques can either be an encipherment system, a signature system, a combined encipherment and signature system, or a key agreement system. With asymmetric cryptographic techniques there are four el
48、ementary transformations: sign and verify for signature systems, encipher and decipher for encipherment systems. The signature and the decipherment transformation are kept private by the owning entity, whereas the corresponding verification and encipherment transformations are published. There exist
49、 asymmetric cryptosystems (e.g. RSA) where the four elementary functions can be achieved by only two transformations: one private transformation suffices for both signing and decrypting messages, and one public transformation suffices for both verifying and encrypting messages. However, since this does not conform to the principle of key separation, throughout this part of ISO/IEC 11770, the four elementary transformations and the corresponding keys are kept separate. 3.2 asymmetric encipherment s
