Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure. Grigory Chudov Crypto-Pro Ltd., Russia [email protected] draft-leontiev-cryptopro-cppk-00.txt. Russian state standards. Encryption.

Download Presentation

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Russian cryptographic algorithms gost in internet x 509 public key infrastructure

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure

Grigory Chudov

Crypto-Pro Ltd., Russia

[email protected]

draft-leontiev-cryptopro-cppk-00.txt


Russian state standards

Russian state standards

Encryption

GOST 28147-89 - "Cryptographic Protection for Data Processing System“, 1989

Hashing

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Hashing function.", 1994.

Digital signature

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", 1994.

GOST R 34.10-2001 - "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, 2001.


Compatibility problem

Compatibility problem

Algorithm parameters

Encryption

S-BOX not defined (except for test values)

Digest

S-BOX not defined

Digital signature

P, Q, A not defined (except for test values)

Elliptic Curve parameters not defined

Russian Federal Digital SignatureLaw, 10 Jan 2002

PKI ready


Cryptographic software compatibility agreement

Cryptographic Software Compatibility Agreement

Russian commercial cryptographic software vendors

FGUE STC "Atlas" www.stcnet.ru

CRYPTO-PRO www.cryptopro.ru

Factor-TC www.factor-ts.ru

MD PREI www.security.ru

Infotecs GmbH www.infotecs.ru

SPRCIS (SPbRCZI) www.rczi.spb.ru

Cryptocom www.cryptocom.ru

R-Alpha www.alpha.ru


Internet drafts

Internet Drafts

Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt

Addition of GOST Ciphersuites to Transport Layer Security (TLS)http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt

Cryptographic Message Syntax (CMS) algorithms for GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94.http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt


Pkix gost oids

PKIX GOST OIDs

id-CryptoPro-algorithms OBJECT IDENTIFIER ::=

{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }

id-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-94(20) }

id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-94(4)}

id-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-2001(19) }

id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-2001(3) }


Pkix gost parameters

PKIX GOST Parameters

GostR3410-94-PublicKeyParameters ::= SEQUENCE {

publicKeyParamSetOBJECT IDENTIFIER,

digestParamSetOBJECT IDENTIFIER,

encryptionParamSetOBJECT IDENTIFIER OPTIONAL

}

GostR3410-94-PublicKeyAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3410-94 }

}

GostR3410-94-CertificateSignatureAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ NULL IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 } |

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 }

}


End entity implementations

End Entity Implementations

Microsoft Windows

CryptoPro CSP – Russian cryptography standards

through Microsoft Cryptographic Service Provider

Interface.

CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider).

CSP, TLS

Solaris (Sun, Intel), VSTa - released

Linux, Free BSD, AIX - in progress

ISV products

CSP, TLS

SAP R/3 SNC, SSF adapters

Apache, Open SSL, mod_ssl, JCA


Ca implementations

CAImplementations

Microsoft CA with CryptoPro CSP

CryptoPro CA

based on MS certificate services

RSA Keon 6.5

W2K - released

Sun Solaris – in progress

Unicert 5.01

W2K - released


  • Login