[x500standard] SV: Re: ASN.1 to support ECDSA

  • From: "Erik Andersen" <era@xxxxxxx>
  • To: <x500standard@xxxxxxxxxxxxx>, "'SG17-Q11'" <t13sg17q11@xxxxxxxxxxxxx>
  • Date: Mon, 31 Aug 2015 08:25:29 +0200

Hi Jean-Paul,



Thanks for your quick answer.



I do not believe we can redefine the ALGORITHM information object class, as
other public-key algorithms, like DSA and RSA, do not have an OID as
parameter.



Regards,



Erik



Fra: x500standard-bounce@xxxxxxxxxxxxx
[mailto:x500standard-bounce@xxxxxxxxxxxxx] På vegne af Jean-Paul Lemaire
Sendt: 30 August 2015 19:33
Til: x500standard@xxxxxxxxxxxxx; 'SG17-Q11' <t13sg17q11@xxxxxxxxxxxxx>
Emne: [x500standard] Re: ASN.1 to support ECDSA



Hi Erik,



If we define a specific OID value (id-ecPublicKey) to identify ECDSA and if
each ECDSA curve is identified by an OID, we can use this oid as the
parameter.



CURVE ::= CLASS {

&id OBJECT IDENTIFIER UNIQUE

}

WITH SYNTAX {

IDENTIFIED BY &id

}



SupportedCurves CURVE ::= {...}



ecPublicKey ALGORITHM ::= {

PARMS CURVE.&id({SupportedCurves})

IDENTIFIED BY id-ecPublicKey

}



With the following definitions:



ALGORITHM ::= CLASS {

&Type OPTIONAL,

&id OBJECT IDENTIFIER

}

WITH SYNTAX {

[PARMS &Type] IDENTIFIED BY &id

}



SupportedAlgorithms ALGORITHM ::= {...}



Jean-Paul.



De : x500standard-bounce@xxxxxxxxxxxxx
<mailto:x500standard-bounce@xxxxxxxxxxxxx>
[mailto:x500standard-bounce@xxxxxxxxxxxxx] De la part de Erik Andersen
Envoyé : vendredi 28 août 2015 17:02
À : Directory list; SG17-Q11
Objet : [x500standard] ASN.1 to support ECDSA



The X.509 defines the AlgorithmIdentifier as



AlgorithmIdentifier{ALGORITHM:SupportedAlgorithms} ::= SEQUENCE {

algorithm ALGORITHM.&id({SupportedAlgorithms}),

parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL,

... }



where



ALGORITHM ::= CLASS {

&Type OPTIONAL,

&id OBJECT IDENTIFIER UNIQUE }

WITH SYNTAX {

[PARMS &Type]

IDENTIFIED BY &id }



As to RFC 5480 the parameter for ECDSA is an object identifier for the curve
to be used.



To get a more formal specification I tried to define:



CURVE ::= CLASS {

&id OBJECT IDENTIFIER UNIQUE }

WITH SYNTAX {

IDENTIFIED BY &id }



SupportedCurves CURVE ::= {...} -- to be filled by referencing specification



The ECDSA public key algorithm may then be written as:



ecPublicKey ALGORITHM ::= { -- IETF RFC 5480

PARMS CURVE.&id ({SupportedCurves})

IDENTIFIED BY id-ecPublicKey }



It is then possible in a referencing specification to formally specify in
the ASN.1 what curve(s) may be used and thereby make optimal use of tools..



Most likely, the ASN.1 guys (Jean-Paul and Paul) can find a more elegant way
of doing the same thing or at least check whether the proposed ASN.1 is
correct (it compiles).



Your comments will be highly appreciated.



Erik





Other related posts:

  • » [x500standard] SV: Re: ASN.1 to support ECDSA - Erik Andersen
  1. Home
  2. x500standard
  3. Archive
  4. 08-2015