AlgorithmParameters

[TODO: ECNR/ASN.1, ElgamalSig/ASN.1, NR/ASN.1]


Generic/ASN.1 AlgorithmParameters
Description:
This KeyFactory uses the format of a BER or DER-encoded AlgorithmIdentifier object, as defined in X.509 and RFC 1422 (and also given in PKCS #6 appendix A.1):
   AlgorithmIdentifier ::= SEQUENCE {
       algorithm OBJECT IDENTIFIER,
       parameters ANY DEFINED BY algorithm OPTIONAL
   }
(Although the 'parameters' field is marked "OPTIONAL" in the ASN.1 syntax, it MUST be given in this context.)

This format is not algorithm-specific, since the 'algorithm' field specifies the key family, and therefore keys from different families (e.g. RSA, DSA, etc.) can be unambiguously distinguished.

Generic/ASN.1 SHOULD normally be implemented by expressing the algorithm OID as a dot-separated string, then looking up an algorithm-specific AlgorithmParameters implementation based on that string, e.g. "1.2.3.4" if the OID is { 1 2 3 4 }. This allows new public key algorithms to be added without having to change existing classes.

Output MUST be encoded as DER.

References:


× DH/ASN.1 AlgorithmParameters
Description:
We define a new DHParameters type (not taken from any existing standard) as follows:
   DHParameters ::= SEQUENCE {
       version INTEGER, -- always 1
       usageFlags INTEGER, -- see below
       p INTEGER, -- p
       g INTEGER, -- g
       order INTEGER OPTIONAL -- order of subgroup generated by g
   }
usageFlags is either 1 (i.e. bit 0 is set), indicating that the key pair is to be used for encryption, or 4 (i.e. bit 2 is set), indicating that it is to be used for key agreement.

Output MUST be encoded as DER.


× DSA/ASN.1 AlgorithmParameters
Description:
We define a new DSAParameters type (not taken from any existing standard) as follows:
   DSAParameters ::= SEQUENCE {
       version INTEGER, -- always 1
       usageFlags INTEGER, -- see below
       p INTEGER, -- p
       g INTEGER, -- g
       q INTEGER, -- q
   }
usageFlags is either 2 (i.e. bit 1 is set), indicating that the key pair is to be used for signatures on data, or 6 (i.e. bits 1 and 2 are set), indicating that it is to be used for signing messages sent in a key agreement protocol.

Output MUST be encoded as DER.


ECDH/ASN.1 AlgorithmParameters
Description:
The format of a BER or DER-encoded ECParameters object, as defined in X9.62:
   ECParameters ::= SEQUENCE {
       version INTEGER { ecpVer1(1) } (ecpVer1),
           -- version is always 1
       fieldID FieldID { {FieldTypes} },
           -- the finite field over which the curve is defined
       curve Curve,
           -- coefficients a and b of the elliptic curve
       base ECPoint,
           -- the base point P on the elliptic curve
       order INTEGER,
           -- the order n of the base point
       cofactor INTEGER,
           -- #E(Fq)/n (used only in parameter validation)
       ...
   }

   FieldElement ::= OCTET STRING

   Curve ::= SEQUENCE {
       a FieldElement,
       b FieldElement,
       seed BIT STRING OPTIONAL
   }

   ECPoint ::= OCTET STRING

   FieldID { FIELD-ID:IOSet } ::= SEQUENCE {
       fieldType FIELD-ID.&id({IOSet}),
       parameters FIELD-ID.&Type({IOSet}{@fieldType}) OPTIONAL
   }

   FieldTypes FIELD-ID ::= {
       { Prime-p IDENTIFIED BY prime-field } |
       { Characteristic-two
                 IDENTIFIED BY characteristic-two-field },
       ...
   }

   FIELD-ID ::= TYPE-IDENTIFIER

Output MUST be encoded as DER.

References:
Patent status:
[see patent status for ECDH]


ECDSA/ASN.1 AlgorithmParameters
Description:
The format of a BER or DER-encoded ECParameters object, as defined in X9.62. The ASN.1 syntax of ECParameters is given above, in the description of ECDH/ASN.1.

Output MUST be encoded as DER.

Aliases:
"1.2.840.10045.2.1"
References:
Patent status:
[see general elliptic curve patents]


× ESIGN/ASN.1 AlgorithmParameters
Description:
Although ESIGN keys do not require any cryptographic parameters in the usual sense, this AlgorithmParameters type can be used to specify the length of modulus that will be generated, and the public exponent if it is fixed.

We define a new ESIGNParameters type (not taken from any existing standard) as follows:

   ESIGNParameters ::= SEQUENCE {
       version INTEGER, -- always 1
       usageFlags INTEGER, -- see below
       modulusLength INTEGER, -- bitlength(n)
       publicExponent INTEGER OPTIONAL -- e
   }
usageFlags is either 2 (i.e. bit 1 is set), indicating that the key pair is to be used for signatures on data, or 6 (i.e. bits 1 and 2 are set), indicating that it is to be used for signing messages sent in a key agreement protocol.

A missing 'publicExponent' field indicates that a random full-length public exponent will be generated.

Implementations MUST also accept an ASN.1 NULL in place of the ESIGNParameters object. In this case a dummy AlgorithmParameters object, containing no parameters, will be generated.

Output MUST be encoded as DER.


× RSA/ASN.1 AlgorithmParameters
Description:
Although RSA keys do not require any cryptographic parameters in the usual sense, this AlgorithmParameters type can be used to specify the length of modulus that will be generated, the public exponent if it is fixed, and flags indicating how the key may be used.

We define a new RSAParameters type (not taken from any existing standard) as follows:

   RSAParameters ::= SEQUENCE {
       version INTEGER, -- always 1
       usageFlags INTEGER, -- see below
       modulusLength INTEGER, -- bitlength(n)
       publicExponent INTEGER OPTIONAL -- e
   }
usageFlags has bit 0 set if the key pair is to be used for encryption, bit 1 set if the key pair is to be used for signatures, and bit 2 set if the key pair is to be used for key agreement. Other bits are reserved for future use, and should be set to zero.

If bit 2 is set, then bit 0 or 1 should also be set to indicate how the key agreement algorithm uses the RSA primitive.

The purpose of the usage flags is to allow implementations to detect cases where an RSA key are used in an unexpected context, e.g. when a signing-only key is used for encryption or vice-versa.

A missing 'publicExponent' field indicates that a random full-length public exponent will be generated.

Implementations MUST also accept an ASN.1 NULL in place of the RSAParameters object. In this case a dummy AlgorithmParameters object, containing no parameters, will be generated.

Output MUST be encoded as DER.

Aliases:
"1.2.840.113549.1.1.1", "2.5.8.1.1"
References:


× RW/ASN.1 AlgorithmParameters
Description:
Although RW keys do not require any cryptographic parameters in the usual sense, this AlgorithmParameters type can be used to specify the length of modulus that will be generated.

We define a new RWParameters type (not taken from any existing standard) as follows:

   RWParameters ::= SEQUENCE {
       version INTEGER, -- always 1
       usageFlags INTEGER, -- see below
       modulusLength INTEGER -- bitlength(n)
   }
usageFlags is either 2 (i.e. bit 1 is set), indicating that the key pair is to be used for signatures on data, or 6 (i.e. bits 1 and 2 are set), indicating that it is to be used for signing messages sent in a key agreement protocol.

Implementations MUST also accept an ASN.1 NULL in place of the RWParameters object. In this case a dummy AlgorithmParameters object, containing no parameters, will be generated.

Output MUST be encoded as DER.


Valid HTML 4.0 Valid CSS Copyright and trademarks