ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf

上传人:orderah291 文档编号:439645 上传时间:2018-11-14 格式:PDF 页数:208 大小:1MB
下载 相关 举报
ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf_第1页
第1页 / 共208页
ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf_第2页
第2页 / 共208页
ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf_第3页
第3页 / 共208页
ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf_第4页
第4页 / 共208页
ANSI X9.44-2007 Key Establishment Using Integer Factorization Cryptography《使用整数因数分解密码系统的密钥确定》.pdf_第5页
第5页 / 共208页
亲,该文档总共208页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、i ASC X9 Inc., 2007 all rights reserved American National Standard for Financial Services ANSI X9.442007 Public-Key Cryptography for the Financial Services Industry Key Establishment Using Integer Factorization Cryptography Accredited Standards Committee X9, Incorporated Financial Industry Standards

2、 Date Approved: August 24, 2007 American National Standards Institute Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.44- 2007 ii ASC X9 Inc., 2007 all rights reservedCo

3、ntents Page Foreword. vii Introduction . viii 1 Scope . 1 2 Normative references . 2 3 Terms and definitions. 2 4 Symbols and abbreviated terms . 7 5 Overview and organization 14 5.1 General. 14 5.2 Compatibility modes. 15 5.3 Organization 15 6 Security levels. 16 7 Data conversion primitives 17 7.1

4、 Overview 17 7.2 Integer to Octet String Primitive (I2OSP) 17 7.3 Octet String to Integer Primitive (OS2IP) . 18 8 Components from other X9 sources. 19 8.1 Overview 19 8.2 Random number (bit) generators (RNGs) 19 8.3 Prime number generators 19 8.4 Primality testing methods 19 8.5 Hash functions 20 8

5、.6 Message authentication codes 20 8.7 Symmetric key-wrapping schemes. 22 8.8 Signature schemes with appendix 22 9 Additional components 23 9.1 Overview 23 9.2 Mask generation functions 23 9.2.1 Overview 23 9.2.2 MGF1 23 9.3 Key derivation functions 24 9.3.1 Overview 24 9.3.2 KDF2/KDF3 25 10 Public-

6、key components . 27 10.1 Overview 27 10.2 RSA key pairs 27 10.3 RSA key pair generators 28 10.3.1 RSAKPG1 family: RSA key pair generation with a fixed public exponent 29 10.3.2 RSAKPG2: RSA key pair generation with a random public exponent 32 10.4 RSA key pair validation 35 10.4.1 Overview 35 10.4.2

7、 RSAKPV1: RSA Key Pair Validation with a Fixed Exponent 36 10.4.3 RSAKPV2: RSA Key Pair Validation with a Random Exponent . 39 10.5 Partial public-key validation and plausibility tests . 43 10.5.1 Overview 43 Copyright American National Standards Institute Provided by IHS under license with ANSI Not

8、 for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.442007 ASC X9 Inc., 2007 all rights reserved iii10.5.2 Plausible Size Tests 44 10.5.3 Plausible size and value tests44 10.6 Encryption and decryption primitives.46 10.6.1 Overview.46 10.6.2 RSAEP 46 10.6.3 RSADP

9、47 10.7 Asymmetric encryption schemes 49 10.7.1 Overview.49 10.7.2 RSAES-OAEP.49 10.7.3 RSAES-KEM-KWS .56 10.8 Secret-value encapsulation scheme .60 10.8.1 Overview.60 10.8.2 RSASVES161 11 Key management considerations for public and private keys .63 11.1 Overview.63 11.2 Public-key distribution63 1

10、1.3 Assurance of possession of the private key associated with the public key.63 11.4 Key usage.63 11.5 Assurances of key pair and public-key validity .64 11.5.1 Owner assurances of key pair validity 64 11.5.2 User assurances of public-key validity .66 12 Key confirmation .67 12.1 Overview.67 12.2 O

11、peration68 12.3 MAC data 68 13 Key agreement schemes 69 13.1 Overview.69 13.2 KAS1 family: Key agreement based on secret-value encapsulation .70 13.2.1 Overview.70 13.2.2 Common components.70 13.2.3 kas1-basic 72 13.2.4 kas1-responder-confirmation.74 13.2.5 kas1-bilateral-confirmation.76 13.2.6 kas1

12、-bilateral-confirmation-initiator-authentication 79 14 Key transport schemes.82 14.1 Overview.82 14.2 KTS1 family: Key transport based on asymmetric encryption.82 14.2.1 Overview.82 14.2.2 Common components.82 14.2.3 kts1-basic .84 14.2.4 kts1-receiver-confirmation .86 Annex A (normative) Compatibil

13、ity Components 89 A.1 Overview.89 A.2 US-ASCII to Octet String Primitive (ASC2OSP)89 A.3 PRF-TLS89 A.4 RSA Signature Primitive (RSASP) .91 A.5 RSA Verification Primitive (RSAVP) 91 A.6 RSAES-PKCS1-v1_592 A.6.1 Overview.92 A.6.2 Encryption operation 92 A.6.3 Decryption operation 93 A.7 RSASVES-TLS95

14、Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.44- 2007 iv ASC X9 Inc., 2007 all rights reservedA.7.1 Overview 95 A.7.2 Generation operation 95 A.7.3 Recovery operation

15、 96 A.8 RSASSA-TLS. 98 A.8.1 Overview 98 A.8.2 Signature operation 98 A.8.3 Verification operation. 99 Annex B (normative) ASN.1 Syntax 101 B.1 Overview 101 B.2 Useful types and definitions 101 B.3 Components from other X9 sources. 102 B.3.1 Overview 102 B.3.2 Hash functions 102 B.3.3 Message authen

16、tication codes 104 B.3.4 Symmetric key-wrapping schemes. 105 B.3.5 Signature schemes with appendix 106 B.4 Additional components 106 B.4.1 Overview 106 B.4.2 MGF1 106 B.4.3 KDF2. 107 B.4.4 KDF3. 107 B.5 Public-key components . 107 B.5.1 Overview 107 B.5.2 Public and private keys 107 B.5.3 RSAES-OAEP

17、 109 B.5.4 RSAES-KEM-KWS. 110 B.5.5 RSASVES1. 111 B.6 Key establishment schemes 111 B.6.1 Overview 111 B.6.2 KAS1 family. 112 B.6.3 KTS1 family . 116 B.7 Compatibility components. 118 B.7.1 Overview 118 B.7.2 PRF-TLS. 118 B.7.3 RSAES-PKCS1-v1_5 . 118 B.7.4 RSASVES-TLS. 119 B.7.5 RSASSA-TLS. 119 B.8

18、ASN.1 module 119 Annex C (informative) Security Considerations 132 C.1 Overview 132 C.2 RSA Problem. 132 C.3 Integer factoring 134 C.4 RSA key pairs 135 C.4.1 Overview 135 C.4.2 Key size 135 C.4.3 Prime factors . 135 C.4.4 Public exponent 136 C.4.5 Private exponent. 137 C.4.6 Private-key representat

19、ion. 137 C.5 Public-key techniques 137 C.5.1 Encryption and decryption primitives 137 C.5.2 Asymmetric encryption schemes . 137 C.5.3 Secret-value encapsulation schemes. 138 C.5.4 Signature schemes with appendix 139 C.6 Key establishment schemes 139 C.6.1 KAS1 family. 141 Copyright American National

20、 Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.442007 ASC X9 Inc., 2007 all rights reserved vC.6.2 KTS1 family 142 C.7 Side-channel attacks.142 C.8 Hash Functions143 Annex D (informative) Assuran

21、ce of Validity for RSA Public Keys 144 D.1 Introduction144 D.2 Assurance through validation144 D.3 Motivations for checking public keys .145 D.4 Relying on other parties .146 D.5 Full public-key validation147 Annex E (informative) TLS Profile of KAS1 Family149 E.1 Overview.149 E.2 TLS handshake with

22、 server authentication 149 E.3 TLS handshake with mutual authentication .152 E.4 Summary of TLS messages153 E.5 Recommended enhancements.154 E.6 Assurance of public-key validity in TLS .155 Annex F (informative) ANS X9.73 and S/MIME CMS Profile of KTS1 Family.156 F.1 Overview.156 F.2 kts1-basic para

23、meters.156 F.3 Summary of protocol fields156 F.4 Recommended enhancements.157 Annex G (informative) Supporting Algorithms.159 G.1 Greatest common divisor .159 G.2 Least common multiple 160 G.3 Modular inverse .160 G.4 Prime factor recovery162 G.5 Enhanced Miller-Rabin Provable Compositeness / Probab

24、ilistic Primality Test163 Annex H (informative) Examples .165 H.1 Example values for rsakpg1-basic 165 H.2 Example values for rsakpg1-prime-factor.167 H.3 Example Values for RSAkpg1-crt.169 H.4 Example values for RSAEP 172 H.5 Example values for RSADP 174 H.6 Example values for RSAES-OAEP.Encrypt 17

25、6 Inputs: 176 Outputs 177 Support Values .178 H.7 Example values for RSAES-KEM-KWS.Encrypt.179 Inputs: 179 Outputs:.180 H.8 Example values for KAS1-basic.181 Step 1 - Initiator.181 Step 2 - Responder.184 Step 3 Initiator186 Support Values .186 H.9 Example values for KTS1-basic .186 Step 1 - Sender18

26、6 Step 2 Responder 188 Support Values .189 Bibliography191 Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.44- 2007 vi ASC X9 Inc., 2007 all rights reservedFigures Figur

27、e 1: RSAES-OAEP encryption operation. 53 Figure 2: RSAES-OAEP decryption operation. 56 Figure 3: RSAES-KEM-KWS encryption operation . 58 Figure 4: RSAES-KEM-KWS decryption operation . 60 Figure 5: kas1-basic scheme. 74 Figure 6: kas1-responder-confirmation scheme 76 Figure 7: kas1-bilateral-confirma

28、tion scheme 78 Figure 8: kas1-bilateral-confirmation-initiator-authentication scheme . 81 Figure 9: kts1-basic scheme 85 Figure 10: kts1-receiver-confirmation scheme. 88 Figure E.1: TLS handshake with server authentication, as a profile of kas1-bilateral-confirmation 152 Figure E.2: TLS handshake wi

29、th mutual authentication, as a profile of kas1-bilateral-confirmation-initiator-authentication . 153 Tables Table 1: Recommended algorithms and minimum key sizes. . 17 Table C.1: Corresponding RSA and symmetric key sizes based on GNFS running time. 134 Table C.2: Security assurances provided by the

30、key establishment schemes 140 Table E.1: TLS with server authentication as a profile of KAS1 150 Table E.2: Additional elements in TLS with mutual authentication, as a profile of KAS1 152 Table E.3: Proposed enhancements to TLS profile. 155 Table F.1: ANS X9.73 and S/MIME CMS KeyTransRecipientInfo a

31、s a profile of kts1-basic 157 Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.442007 ASC X9 Inc., 2007 all rights reserved viiForeword Approval of an American National S

32、tandard requires verification by ANSI that the requirements for due process, consensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly a

33、nd materially affected interests. Substantial agreement means much more than a simple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is comple

34、tely voluntary; their existence does not in any respect preclude anyone, whether he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop sta

35、ndards and will in no circumstances give an interpretation of any American National Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretation should

36、 be addressed to the secretariat or sponsor whose name appears on the title page of this standard. CAUTION NOTICE: This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffirm, revise, or

37、 withdraw this standard no later than five years from the date of approval. Published by Accredited Standards Committee X9, Incorporated Financial Industry Standards P.O. Box 4035 Annapolis, MD 21403 USA X9 Online http:/www.x9.org Copyright 2007 ASC X9, Inc. All rights reserved. No part of this publ

38、ication may be reproduced in any form, in an electronic retrieval system or otherwise, without prior written permission of the publisher. Published in the United States of America. Copyright American National Standards Institute Provided by IHS under license with ANSI Not for ResaleNo reproduction o

39、r networking permitted without license from IHS-,-,-ANSI X9.44- 2007 viii ASC X9 Inc., 2007 all rights reservedIntroduction This Standard specifies key establishment schemes using public-key cryptography based on the integer factorization problem. Two types of key establishment schemes are specified

40、. In the first type, key transport, one party selects keying material and conveys it to the other party with cryptographic protection. In the second, key agreement, both parties actively share in the establishment of the keying material. The keying material may consist of one or more individual keys

41、 used to provide other cryptographic services that are outside the scope of this Standard, e.g. data confidentiality, data integrity, or symmetric-key-based key establishment. NOTE The users attention is called to the possibility that compliance with this standard may require use of an invention cov

42、ered by patent rights. By publication of this Standard, no position is taken with respect to the validity of this claim or of any patent rights in connection therewith. The patent holder has, however, filed a statement of willingness to grant a license under these rights on reasonable and nondiscrim

43、inatory terms and conditions to applicants desiring to obtain such a license. Details may be obtained from the standards developer. Suggestions for the improvement or revision of this Standard are welcome. They should be sent to the X9 Committee Secretariat, Accredited Standards Committee X9, Inc.,

44、Financial Industry Standards, P.O. Box 4035, Annapolis, MD 21403 USA. This Standard was processed and approved for submittal to ANSI by the Accredited Standards Committee on Financial Services, X9. Committee approval of the Standard does not necessarily imply that all the committee members voted for

45、 its approval. The X9 committee had the following members: James Shaffer, X9 Chairman Vincent DeSantis, X9 Vice-Chairman Cynthia Fuller, Executive Director Susan Yashinskie, Managing Director Organization Represented Representative ACI Worldwide James Shaffer American Bamkers Association C. Diane Po

46、ole American Financial Services Association Mark Zalewski American Express Company John Allen Bank of America Daniel Welch Certicom Corporation Daniel Brown Citigroup, Inc. Mike Halpern Clarke American Checks Inc. John W. McCleary CUSIP Service Bureau James Taylor Deluxe Corporation John FitzPatrick

47、 Diebold, Inc. Bruce Chapa Discover Financial Services Katie Howser Federal Reserve Bank Dexter Holt First Data Corporation Elizabeth Lynn Fiserv Skip Smith FSTC, Financial Services Consortium Daniel Schutzer Hewlett Packard Larry Hines Hypercom Scott SpikerCopyright American National Standards Inst

48、itute Provided by IHS under license with ANSI Not for ResaleNo reproduction or networking permitted without license from IHS-,-,-ANSI X9.442007 ASC X9 Inc., 2007 all rights reserved ixIBM Corporation Todd Arnold Ingenico John SpenceIntuit, Inc. Jana Hocker iStream Imaging Bank of Kenney Ken Biel JP Morgan Chase a set of rules which, if followed, will give a prescribed result. 3.2 Algorithm Identifier A unique identifier for a given encryption or hash algorithm, together with any required parameters. The unique identifier is an ASN.1 object identifier 3.3 Authentication The act of det

展开阅读全文
相关资源
  • ANSI Z97 1-2009 American National Standard for Safety Glazing Materials used in Buildings - Safety Performance Specifications and Methods of Test《建筑物中窗用玻璃材料安全性用.pdfANSI Z97 1-2009 American National Standard for Safety Glazing Materials used in Buildings - Safety Performance Specifications and Methods of Test《建筑物中窗用玻璃材料安全性用.pdf
  • ANSI Z97 1 ERTA-2010 Re ANSI Z97 1 - 2009 Errata《修订版 美国国家标准学会Z97 1-2009标准的勘误表》.pdfANSI Z97 1 ERTA-2010 Re ANSI Z97 1 - 2009 Errata《修订版 美国国家标准学会Z97 1-2009标准的勘误表》.pdf
  • ANSI Z21 40 2a-1997 Gas-Fired Work Activated Air-Conditioning and Heat Pump Appliances (Same as CGA 2 92a)《燃气、工作激活空气调节和热泵器具(同 CGA 2 92a)》.pdfANSI Z21 40 2a-1997 Gas-Fired Work Activated Air-Conditioning and Heat Pump Appliances (Same as CGA 2 92a)《燃气、工作激活空气调节和热泵器具(同 CGA 2 92a)》.pdf
  • ANSI Z124 9-2004 American National Standard for Plastic Urinal Fixtures《塑料小便器用美国国家标准》.pdfANSI Z124 9-2004 American National Standard for Plastic Urinal Fixtures《塑料小便器用美国国家标准》.pdf
  • ANSI Z124 4-2006 American National Standard for Plastic Water Closet Bowls and Tanks《塑料抽水马桶和水箱用美国国家标准》.pdfANSI Z124 4-2006 American National Standard for Plastic Water Closet Bowls and Tanks《塑料抽水马桶和水箱用美国国家标准》.pdf
  • ANSI Z124 3-2005 American National Standard for Plastic Lavatories《塑料洗脸盆用美国国家标准》.pdfANSI Z124 3-2005 American National Standard for Plastic Lavatories《塑料洗脸盆用美国国家标准》.pdf
  • ANSI T1 659-1996 Telecommunications - Mobility Management Application Protocol (MMAP) RCF-RACF Operations《电信 可移动管理应用协议(MMAP) RCF-RACF操作》.pdfANSI T1 659-1996 Telecommunications - Mobility Management Application Protocol (MMAP) RCF-RACF Operations《电信 可移动管理应用协议(MMAP) RCF-RACF操作》.pdf
  • ANSI T1 651-1996 Telecommunications – Mobility Management Application Protocol (MMAP)《电信 可移动性管理应用协议》.pdfANSI T1 651-1996 Telecommunications – Mobility Management Application Protocol (MMAP)《电信 可移动性管理应用协议》.pdf
  • ANSI T1 609-1999 Interworking between the ISDN User-Network Interface Protocol and the Signalling System Number 7 ISDN User Part《电信 ISDN用户间网络接口协议和7号信令系统ISDN用户部分.pdfANSI T1 609-1999 Interworking between the ISDN User-Network Interface Protocol and the Signalling System Number 7 ISDN User Part《电信 ISDN用户间网络接口协议和7号信令系统ISDN用户部分.pdf
  • ANSI T1 605-1991 Integrated Services Digital Network (ISDN) - Basic Access Interface for S and T Reference Points (Layer 1 Specification)《综合服务数字网络(ISDN) S和T基准点的.pdfANSI T1 605-1991 Integrated Services Digital Network (ISDN) - Basic Access Interface for S and T Reference Points (Layer 1 Specification)《综合服务数字网络(ISDN) S和T基准点的.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > ANSI

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1