1Tech Note 0006
2PK Standards Compliance
3Tom St Denis
4
5RSA
6----
7
8PKCS #1 compliance.
9
10Key Format:  RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
11Encryption:  OAEP as per PKCS #1
12Signature :  PSS  as per PKCS #1
13
14DSA
15----
16
17The NIST DSA algorithm
18
19Key Format:  HomeBrew [see below]
20Signature :  ANSI X9.62 format [see below].
21
22Keys are stored as 
23
24DSAPublicKey ::= SEQUENCE {
25    publicFlags    BIT STRING(1), -- must be 0
26    g              INTEGER      , -- base generator, check that g^q mod p == 1
27                                  -- and that 1 < g < p - 1
28    p              INTEGER      , -- prime modulus 
29    q              INTEGER      , -- order of sub-group (must be prime)
30    y              INTEGER      , -- public key, specifically, g^x mod p, 
31                                  -- check that y^q mod p == 1
32                                  -- and that 1 < y < p - 1
33}
34
35DSAPrivateKey ::= SEQUENCE {
36    publicFlags    BIT STRING(1), -- must be 1
37    g              INTEGER      , -- base generator, check that g^q mod p == 1
38                                  -- and that 1 < g < p - 1
39    p              INTEGER      , -- prime modulus 
40    q              INTEGER      , -- order of sub-group (must be prime)
41    y              INTEGER      , -- public key, specifically, g^x mod p, 
42                                  -- check that y^q mod p == 1
43                                  -- and that 1 < y < p - 1
44    x              INTEGER        -- private key
45}
46
47Signatures are stored as 
48
49DSASignature ::= SEQUENCE {
50    r, s           INTEGER        -- signature parameters
51}
52
53ECC
54----
55
56The ANSI X9.62 and X9.63 algorithms [partial].  Supports all NIST GF(p) curves.
57
58Key Format   :  Homebrew [see below, only GF(p) NIST curves supported]
59Signature    :  X9.62 compliant
60Encryption   :  Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
61Shared Secret:  X9.63 compliant
62
63ECCPublicKey ::= SEQUENCE {
64    flags       BIT STRING(1), -- public/private flag (always zero), 
65    keySize     INTEGER,       -- Curve size (in bits) divided by eight 
66                               -- and rounded down, e.g. 521 => 65
67    pubkey.x    INTEGER,       -- The X co-ordinate of the public key point
68    pubkey.y    INTEGER,       -- The Y co-ordinate of the public key point
69}
70
71ECCPrivateKey ::= SEQUENCE {
72    flags       BIT STRING(1), -- public/private flag (always one), 
73    keySize     INTEGER,       -- Curve size (in bits) divided by eight 
74                               -- and rounded down, e.g. 521 => 65
75    pubkey.x    INTEGER,       -- The X co-ordinate of the public key point
76    pubkey.y    INTEGER,       -- The Y co-ordinate of the public key point
77    secret.k    INTEGER,       -- The secret key scalar
78}
79
80The encryption works by finding the X9.63 shared secret and hashing it.  The hash is then simply XOR'ed against the message [which must be at most the size
81of the hash digest].  The format of the encrypted text is as follows
82
83ECCEncrypted ::= SEQUENCE {
84    hashOID     OBJECT IDENTIFIER,   -- The OID of the hash used
85    pubkey      OCTET STRING     ,   -- Encapsulation of a random ECCPublicKey
86    skey        OCTET STRING         -- The encrypted text (which the hash was XOR'ed against)
87}
88
89% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $   
90% $Revision: 1.2 $   
91% $Date: 2005/06/18 02:26:27 $ 
92