PKCS #1 v2.1 Errata

最新推荐文章于 2022-02-27 09:22:19 发布
最新推荐文章于 2022-02-27 09:22:19 发布
阅读量1.2k 收藏
点赞数
分类专栏: 数据结构+算法+编程技巧+效率+ACM+密码学 文章标签: parameters cryptography encryption standards security exception
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/aaaaatiger/article/details/2137556
版权
$Revision: 2.0 $

December, 2005

Copyright (C) 2005 RSA Laboratories, a division of RSA Security
Inc. License to copy this document is granted provided that it is
identified as "RSA Security Inc. Public-Key Cryptography Standards
(PKCS)" in all material mentioning or referencing this document.

This note lists known errors in PKCS #1: RSA Cryptography Standard,
version 2.1, and should be incorporated into that version. Some of
these errors were previously published in PKCS #1 v2.1 Errata and some
were previously published as part of IETF RFC 3447 Errata.

-Section 5.1.2: Note should refer to step 2.b rather than 2.a.

-Section 5.2.1: Note should refer to step 2.b rather than 2.a.

-Section 7.1.1: {RSAES-OAEP} Encryption Operation - page 21
Figure 1 does not represent correctly DB as specified in
step 2.c. on page 20

- Modify Figure 1 from:

                             
                    +----------+---------+-------+
               DB = |  lHash   |    PS   |   M   |
                    +----------+---------+-------+
                                   |    
          +----------+             V
          |   seed   |--> MGF --->xor
          +----------+             |
               |                   |
      +--+     V                   |
      |00|    xor <----- MGF <-----|
      +--+     |                   |
        |      |                   |
        V      V                   V
      +--+----------+----------------------------+
EM =  |00|maskedSeed|          maskedDB          |
      +--+----------+----------------------------+


-to:
                    +----------+--------+--+-------+
               DB = |  lHash   |   PS   |01|   M   |
                    +----------+--------+--+-------+
                                   |
         +----------+              V
         |   seed   |--> MGF ---> xor
         +----------+              |
               |                   |
      +--+     V                   |
      |00|    xor <----- MGF <-----|
      +--+     |                   |
        |      |                   |
        V      V                   V
      +--+----------+------------------------------+
EM =  |00|maskedSeed|          maskedDB            |
      +--+----------+------------------------------+



-Section "8.2.2 {RSASSA-PKCS1-v1_5} Signature verification
-Operation"

-In 'step 2.c.', in fact "EM" is computed, not "EM'" -- as stated
-in the text; see also 'step 3.' below.

- Therefore replace:
       c. Convert the message representative m to an encoded message
           EM of length k octets (see Section 4.1):
               EM' = I2OSP (m, k).
-by:
       c. Convert the message representative m to an encoded message
           EM of length k octets (see Section 4.1):
               EM = I2OSP (m, k).

-Section B.1: Hash functions
-The new "Secure Hash Standard", FIPS Pub 180-2 has been published
-on "2002 August 1" and became "effective on February 1, 2003".

-Therefore, in the first sentence of the second paragraph Appendix B.1
-replace:
     Six hash functions are given as examples for the encoding methods
     in this document: MD2 [33], MD5 [41], SHA-1 [38], and the
     proposed algorithms SHA-256, SHA-384, and SHA-512 [39].
-by:
     Six hash functions are given as examples for the encoding methods
     in this document: MD2 [33], MD5 [41], and the algorithms SHA-1,
     SHA-256, SHA-384, and SHA-512 [38].

-In the NIST parameters field definition for the SHA algorithms
-implementations containing a SHA algorithm MUST accept
-AlgorithmIdentifier values both without parameters and with NULL
-parameters.

-Therefore to align PKCS #1 v2.1 with the NIST definitions in the first
-paragraph following the ASN.1 statements replace the text:

  The parameters field associated with these OIDs in a value of
  type AlgorithmIdentifier shall have a value of type NULL.

-with the text:

  The parameters field associated with id-md2 and id-md5 in a value of
  type AlgorithmIdentifier shall have a value of type NULL.

  The parameters field associated with id-sha1, id-sha256, id-sha384,
  and id-sha512 should generally be omitted, but if present, shall have
  a value of type NULL.

  This is to align with the definitions originally promulgated by NIST.
  For the SHA algorithms, implementations MUST accept
  AlgorithmIdentifier values both without parameters and with NULL
  parameters.
   
  Exception: When formatting the DigestInfoValue in EMSA-PKCS1-V1.5
  (see 9.2), the parameters field associated with id-sha1, id-sha256,
  id-sha384 and id-sha512 SHALL have a value of type NULL. This is to
  maintain compatibility with existing implementations and with the
  numeric information values already published for EMSA-PKCS1-V1.5
  which are also reflected in IEEE 1363a-2004[27].
  

-Section C: After the definition of PKCS1-v1_5 DigestAlgorithms, add
the text

  -- When id-md2 and id-md5 are used in an AlgorithmIdentifier the
  -- parameters field SHALL have a value of type NULL.

  -- When id-sha1, id-sha256, id-sha384 and id-sha512 are used in an
  -- AlgorithmIdentifier the parameters (which are optional) SHOULD
  -- be omitted, but if present, SHALL have a value of type NULL.
  -- However, implementations MUST accept AlgorithmIdentifier values
  -- both without parameters and with NULL parameters.

  Exception: When formatting the DigestInfoValue in EMSA-PKCS1-V1.5
  (see 9.2), the parameters field associated with id-sha1, id-sha256,
  id-sha384 and id-sha512 SHALL have a value of type NULL. This is to
  maintain compatibility with existing implementations and with the
  numeric information values already published for EMSA-PKCS1-V1.5
  which are also reflected in IEEE 1363a-2004[27].

-Also, although not errors, the references should be updated as
-follows to reflect new publication data:

   [25]  Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3369,
         August 2002.  Housley, R., "Cryptographic Message Syntax (CMS)
         Algorithms", RFC 3370, August 2002.

   [27]  IEEE 1363a-2004: Standard Specifications For Public Key
         Cryptography - Amendment 1: Additional Techniques, 2004,
         Available from http://grouper.ieee.org/groups/1363/P1363a/

   [32]  J. Jonsson and B. Kaliski.  On the Security of RSA Encryption
         in TLS.  In M. Yung, editor, Advances in Cryptology - CRYPTO
         2002, vol. 2442 of Lecture Notes in Computer Science, pp. 127 -
         142.  Springer Verlag, 2002.

   [38]  National Institute of Standards and Technology (NIST).
         FIPS Publication 180-2: Secure Hash Standard.  February
2002.

-Reference [39] should be deleted (it is superseeded by the updated [38]).

 
aaaaatiger
关注
专栏目录
PKCS#1 v2.1 java 语言实现参考
邹德强(CaesarZou)的专栏
03-27 5265
PKCS#1 v2.1 逐渐已经替代 PKCS#1 v1.5成为了应用选择的主要加密/签名方案。近期看了一下这规范。发现新增的OAEP加密、PSS签名网上的资源不是很多。所以弄了这么个工程,一个目的是导读,一个目的是验证对算法的理解,这里共享给大家,希望对大家理解这个规范有所帮助:     基于BigInteger类用java封装的PKCS#1 v2.1 全算法实现,模块与规范一一对应。包含 I
pkcs#1_V2.1.zip
07-11
**PKCS#1 V2.1详解** PKCS(Public Key Cryptography Standards)是由RSA Security公司发起的一系列标准,旨在规范公钥加密技术的使用。其中,PKCS#1是关于RSA加密算法的一个核心标准,它详细定义了RSA算法的安全...
PKCS__1_v2.1_RSA_算法标准+RSA-oaep_spec
04-05
两份内容打包 1. PKCS__1_v2.1_RSA_算法标准.pdf 【中文版】 2.RSA-oaep_spec.pdf【英文版】
PKCS#1 v2.1 RSA Cryptography Standard (PKCS#1 RSA密码学规范,版本2.1)
邹德强(CaesarZou)的专栏
03-23 1万+
PKCS#1 v2.1: RSA密码学规范 RSA实验室 2002年6月14日 --翻译:CaesarZou (zoudeqiang1979@tsinghua.org.cn) 1.介绍 这个文档提供了基于RSA算法的公钥密码学的建议实现,包含如下的方面: > 密码学单元 > 加密方案 > 带填充的签名方案 > 以ASN.1语法展现的密钥和方案 参考建议基于计算机的通用需
PKCS #1 v2.1 RSA 算法标准和测试数据
05-10
PKCS#1本质上可以理解为一套填充/验证规则,用于RSA算法的签名和验证,可以增加安全性。 压缩包中有PKCS #1 v2.1 RSA 算法标准(中文和英文文档以及rfc3447_PKCS #1 v2.1),另附一组测试示例数据.
PKCS #1 v2.1: RSA Cryptography Standard
01-06
PKCS #1 v2.1: RSA Cryptography Standard
PKCS#1 V2.1.pdf
02-20
PKCS#1 V2.1 思维导图。涉及PKCS#1关键知识点,看图便于理解PKCS#1 V2.1技术标准。
PKCS #1 v2.2 RSA Cryptography Standard.pdf
03-25
另一个被广泛使用的方案是RSAES-PKCS1-v1_5,它是基于PKCS#1 v1.5标准的加密方案,同样包含加密和解密操作。 在签名方案方面,文档介绍了两种主要的签名方案RSASSA-PSS和RSASSA-PKCS1-v1_5。RSASSA-PSS是一种采用...
PKCS__1_v2.1_RSA_算法标准.pdf
05-29
PKCS__1_v2.1_RSA_算法标准.pdf 中文版 这篇文档是介绍基于 RSA 算法[42]的公钥密码系统的实现方法的,它包括以下几个方面: z 密码原语 z 加密方案 z 带附属的签名方案 z 密钥和方案的 ASN.1 描述
PKCS加密标准
12-04
压缩包包括两个文档: 1. PKCS#1 v2.1基于RSA算法的加解密标准 2. PKCS#5 v2.0基于RSA算法的加解密标准 主要内容: 1. 填充算法 2. 签名生成 3. 签名验证
Java RSA私钥 pkcs1转pkcs8;
08-15
Java RSA私钥 pkcs1转pkcs8;适用于Java与C#程序交互时使用
PKCS RSA执行标准
weixin_30569001的博客
06-04 327
RSA是一种算法,但是,在相关应用的时候,还是需要有一些标准的。这就是pkcs。现在的各种程序中,基本都是遵循这个标准来使用RSA的。最近陆续读取RSA相关的内容进行学习。 RSA官网:https://www.rsa.com 标准的查看:https://www.rfc-editor.org/search/rfc_search_detail.php?title=pkcs&...
PKCS 是什么
ayang1986的专栏
06-25 3810
转载自:https://www.jianshu.com/p/b98b12de85f3公钥密码学标准(PKCS)是由RSA实验室与一个非正式联盟合作共同开发的一套公钥密码学的标准,这个非正式联盟最初包括Apple, Microsoft, DEC, Lotus, Sun 和 MIT。PKCS已经被OIW(OSI 标准实现研讨会)作为一个OSI标准实现。PKCS是基于二进制和ASCII编码来设计的,也兼...
RSA算法 --- go加解密及验签
my_miuye的博客
02-27 1334
1、生成公钥和私钥文件 2、编写读取公钥方法、读取私钥方法、私钥签名方法和公钥解密方法 3、go代码测试
java网络学习之 PKCS标准 X.509标准 证书等概念 的汇总(16)
xiaoliuliu2050的专栏
04-18 1466
一、文件编码格式(pem,der) PEM (Privacy Enhancement Message),定义见RFC1421 是一种基于 base64 的编码格式,常见于 linux/unix 下的证书编码 结构组成== {header} body {tail}示例 -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBi...
图解PKCS#1——第四部分 签名验签方案
热门推荐
云与山的彼端
11-19 1万+
8.1 RSASSA-PSS签名验签方案 采用EMSA-PSS编码方案 + RSASP/RSAVP签名验签 整个签名/验签流程与加解密流程非常相似。 RSASSA-PSS-SIGN (K, M) (§8.1.1,见图6) 输入 K RSA 私钥 (记k为模数n的字节长) M 消息,字节长度需满足杂凑函数的输出限制 输出 S 签名,字节长度为k或者错误信息 RSASS...
PKCS#1 v2.1 RSA算法标准详解
"PKCS#1 v2.1_RSA算法标准中文版" 本文档详细介绍了RSA算法的标准,PKCS#1 v2.1,是PKI论坛的PKCS/PKIX中文翻译计划的一部分,旨在帮助对数字签名有兴趣的人士更好地理解和应用RSA算法。PKCS(Public Key ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值