Hi Jean-Paul,
Thanks for your quick answer.
I do not believe we can redefine the ALGORITHM information object class, as
other public-key algorithms, like DSA and RSA, do not have an OID as
parameter.
Regards,
Erik
Fra: x500standard-bounce@xxxxxxxxxxxxx
[mailto:x500standard-bounce@xxxxxxxxxxxxx] På vegne af Jean-Paul Lemaire
Sendt: 30 August 2015 19:33
Til: x500standard@xxxxxxxxxxxxx; 'SG17-Q11' <t13sg17q11@xxxxxxxxxxxxx>
Emne: [x500standard] Re: ASN.1 to support ECDSA
Hi Erik,
If we define a specific OID value (id-ecPublicKey) to identify ECDSA and if
each ECDSA curve is identified by an OID, we can use this oid as the
parameter.
CURVE ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX {
IDENTIFIED BY &id
}
SupportedCurves CURVE ::= {...}
ecPublicKey ALGORITHM ::= {
PARMS CURVE.&id({SupportedCurves})
IDENTIFIED BY id-ecPublicKey
}
With the following definitions:
ALGORITHM ::= CLASS {
&Type OPTIONAL,
&id OBJECT IDENTIFIER
}
WITH SYNTAX {
[PARMS &Type] IDENTIFIED BY &id
}
SupportedAlgorithms ALGORITHM ::= {...}
Jean-Paul.
De : x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>
[mailto:x500standard-bounce@xxxxxxxxxxxxx] De la part de Erik Andersen
Envoyé : vendredi 28 août 2015 17:02
À : Directory list; SG17-Q11
Objet : [x500standard] ASN.1 to support ECDSA
The X.509 defines the AlgorithmIdentifier as
AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {
algorithm ALGORITHM.&id({SupportedAlgorithms}),
parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,
... }
where
ALGORITHM ::= CLASS {
&Type OPTIONAL,
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
[PARMS &Type]
IDENTIFIED BY &id }
As to RFC 5480 the parameter for ECDSA is an object identifier for the curve
to be used.
To get a more formal specification I tried to define:
CURVE ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE }
WITH SYNTAX {
IDENTIFIED BY &id }
SupportedCurves CURVE ::= {...} -- to be filled by referencing specification
The ECDSA public key algorithm may then be written as:
ecPublicKey ALGORITHM ::= { -- IETF RFC 5480
PARMS CURVE.&id ({SupportedCurves})
IDENTIFIED BY id-ecPublicKey }
It is then possible in a referencing specification to formally specify in
the ASN.1 what curve(s) may be used and thereby make optimal use of tools..
Most likely, the ASN.1 guys (Jean-Paul and Paul) can find a more elegant way
of doing the same thing or at least check whether the proposed ASN.1 is
correct (it compiles).
Your comments will be highly appreciated.
Erik