slide1
Download
Skip this Video
Download Presentation
Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure

Loading in 2 Seconds...

play fullscreen
1 / 9

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure. Grigory Chudov Crypto-Pro Ltd., Russia [email protected] draft-leontiev-cryptopro-cppk-00.txt. Russian state standards. Encryption.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure' - hedwig


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure

Grigory Chudov

Crypto-Pro Ltd., Russia

[email protected]

draft-leontiev-cryptopro-cppk-00.txt

russian state standards
Russian state standards

Encryption

GOST 28147-89 - "Cryptographic Protection for Data Processing System“, 1989

Hashing

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Hashing function.", 1994.

Digital signature

GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", 1994.

GOST R 34.10-2001 - "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, 2001.

compatibility problem
Compatibility problem

Algorithm parameters

Encryption

S-BOX not defined (except for test values)

Digest

S-BOX not defined

Digital signature

P, Q, A not defined (except for test values)

Elliptic Curve parameters not defined

Russian Federal Digital SignatureLaw, 10 Jan 2002

PKI ready

cryptographic software compatibility agreement
Cryptographic Software Compatibility Agreement

Russian commercial cryptographic software vendors

FGUE STC "Atlas" www.stcnet.ru

CRYPTO-PRO www.cryptopro.ru

Factor-TC www.factor-ts.ru

MD PREI www.security.ru

Infotecs GmbH www.infotecs.ru

SPRCIS (SPbRCZI) www.rczi.spb.ru

Cryptocom www.cryptocom.ru

R-Alpha www.alpha.ru

internet drafts
Internet Drafts

Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt

Addition of GOST Ciphersuites to Transport Layer Security (TLS)http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt

Cryptographic Message Syntax (CMS) algorithms for GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94.http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt

pkix gost oids
PKIX GOST OIDs

id-CryptoPro-algorithms OBJECT IDENTIFIER ::=

{ iso(1) member-body(2) ru(643) rans(2) cryptopro(2) }

id-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-94(20) }

id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-94(4)}

id-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3410-2001(19) }

id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::=

{ id-CryptoPro-algorithms gostR3411-94-with-gostR3410-2001(3) }

pkix gost parameters
PKIX GOST Parameters

GostR3410-94-PublicKeyParameters ::= SEQUENCE {

publicKeyParamSetOBJECT IDENTIFIER,

digestParamSetOBJECT IDENTIFIER,

encryptionParamSet OBJECT IDENTIFIER OPTIONAL

}

GostR3410-94-PublicKeyAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3410-94 }

}

GostR3410-94-CertificateSignatureAlgorithms

ALGORITHM-IDENTIFIER ::= {

{ NULL IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 } |

{ GostR3410-94-PublicKeyParameters IDENTIFIED BY

id-GostR3411-94-with-GostR3410-94 }

}

end entity implementations
End Entity Implementations

Microsoft Windows

CryptoPro CSP – Russian cryptography standards

through Microsoft Cryptographic Service Provider

Interface.

CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider).

CSP, TLS

Solaris (Sun, Intel), VSTa - released

Linux, Free BSD, AIX - in progress

ISV products

CSP, TLS

SAP R/3 SNC, SSF adapters

Apache, Open SSL, mod_ssl, JCA

ca implementations
CAImplementations

Microsoft CA with CryptoPro CSP

CryptoPro CA

based on MS certificate services

RSA Keon 6.5

W2K - released

Sun Solaris – in progress

Unicert 5.01

W2K - released

ad