Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure
Download
1 / 9

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure. Grigory Chudov Crypto-Pro Ltd., Russia [email protected] draft-leontiev-cryptopro-cppk-00.txt. Russian state standards. Encryption.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure' - hedwig


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure

Grigory Chudov

Crypto-Pro Ltd., Russia

[email protected]

draft-leontiev-cryptopro-cppk-00.txt


Russian state standards
Russian state standards Public Key Infrastructure

Encryption

GOST 28147-89 - "Cryptographic Protection for Data Processing System“, 1989

Hashing

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Hashing function.", 1994.

Digital signature

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", 1994.

GOST R 34.10-2001 - "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, 2001.


Compatibility problem
Compatibility problem Public Key Infrastructure

Algorithm parameters

Encryption

S-BOX not defined (except for test values)

Digest

S-BOX not defined

Digital signature

P, Q, A not defined (except for test values)

Elliptic Curve parameters not defined

Russian Federal Digital SignatureLaw, 10 Jan 2002

PKI ready


Cryptographic software compatibility agreement
Cryptographic Software Compatibility Agreement Public Key Infrastructure

Russian commercial cryptographic software vendors

FGUE STC "Atlas" www.stcnet.ru

CRYPTO-PRO www.cryptopro.ru

Factor-TC www.factor-ts.ru

MD PREI www.security.ru

Infotecs GmbH www.infotecs.ru

SPRCIS (SPbRCZI) www.rczi.spb.ru

Cryptocom www.cryptocom.ru

R-Alpha www.alpha.ru


Internet drafts
Internet Drafts Public Key Infrastructure

Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt

Addition of GOST Ciphersuites to Transport Layer Security (TLS)http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt

Cryptographic Message Syntax (CMS) algorithms for GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94.http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt


Pkix gost oids
PKIX GOST OIDs Public Key Infrastructure

id-CryptoPro-algorithms OBJECT IDENTIFIER ::=

{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }

id-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-94(20) }

id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-94(4)}

id-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-2001(19) }

id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-2001(3) }


Pkix gost parameters
PKIX GOST Parameters Public Key Infrastructure

GostR3410-94-PublicKeyParameters ::= SEQUENCE {

publicKeyParamSetOBJECT IDENTIFIER,

digestParamSetOBJECT IDENTIFIER,

encryptionParamSet OBJECT IDENTIFIER OPTIONAL

}

GostR3410-94-PublicKeyAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3410-94 }

}

GostR3410-94-CertificateSignatureAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ NULL IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 } |

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 }

}


End entity implementations
End Entity Implementations Public Key Infrastructure

Microsoft Windows

CryptoPro CSP – Russian cryptography standards

through Microsoft Cryptographic Service Provider

Interface.

CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider).

CSP, TLS

Solaris (Sun, Intel), VSTa - released

Linux, Free BSD, AIX - in progress

ISV products

CSP, TLS

SAP R/3 SNC, SSF adapters

Apache, Open SSL, mod_ssl, JCA


Ca implementations
CA Public Key InfrastructureImplementations

Microsoft CA with CryptoPro CSP

CryptoPro CA

based on MS certificate services

RSA Keon 6.5

W2K - released

Sun Solaris – in progress

Unicert 5.01

W2K - released


ad