1 / 17

ECC X.509 Certificate Format

ECC X.509 Certificate Format . Discussion. Goal. Enable and standardize the use of elliptic curve keys within the X.509 framework. 2. Objectives. Specify how ECC keys and their usage are indicated within X.509 certificates Simple Flexible Generic. 3. Today’s Situation.

bernad
Download Presentation

ECC X.509 Certificate Format

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ECC X.509 Certificate Format Discussion Peter de Rooij Certicom Corp. pderooij@certicom.com (650) 312-7995

  2. Goal • Enable and standardize the use of elliptic curve keys within the X.509 framework 2

  3. Objectives • Specify how ECC keys and their usage are indicated within X.509 certificates • Simple • Flexible • Generic 3

  4. Today’s Situation • X.509 does not discuss algorithms. • Standards building on X.509 do; e.g.: • PKIX, ECDSA extension to PKIX, • SET • Missing: general, universal way to specify ECC keys within X.509 4

  5. What to specify • Usage of (ECC) keys requires specification of: • certificate signature format • public key format • algorithm type (ECC) • parameters, if any (field, basis, curve, generator) • algorithm (ECDSA, ECDH, MQV, …) • key usage (sign, cert sign, encrypt, …)

  6. Certificate Signature Format • A Certificate contains a signature. • Its format is determined by the signature algorithm chosen for certificate signing. • Proposal: use whatever the standard specifying the certificate signature says. • Caveat: encoding rules

  7. Public Key Format • Public Key format depends on public key type only; is independent of (signature) algorithm. • Proposal: use ECDSA format for any ECC key • Caveat: encoding rules

  8. Algorithm Indicators in X.509 • Subject Public Key Type and Algorithm / Usage are indicated in: • algorithmIdentifier fields • keyUsage extension • extKeyUsage extension • supportedAlgorithms attribute

  9. Algorithm Type and Parameters • Key type (ECC) and system parameters are indicated in algorithmIdentifier • Type: OID for ECC is available via ECDSA • 3 ways of indicating parameters: • by inheritance from CA (omission) • by explicit specification • by reference: OID for a specific parameter set 6

  10. Algorithm Type and Parameters • Proposal: • “Borrow” the parameter specification as in ECDSA and the ECDSA extension to PKIX Certificate Format. • Add OIDs for the standard curves (for the incorporation by reference)

  11. Key Usage • Key usage is indicated through keyUsage and extKeyUsage extensions • No impact specific to ECC • Proposal: no change

  12. Supported Algorithms • Usage: No impact specific to ECC • Required: list of all ECC algorithms (OIDs) supported by the “SECG profile”

  13. Proposals • Key format • As in ECDSA • Signature format • As in signature standard 7

  14. Proposals (cont.) • Algorithm type and parameters: • Borrow algorithmIdentifier OID and specification from ECDSA • Key usage: • No change • Supported Algorithms Attribute • produce list of supported algorithms with OIDs

  15. Summary • Proposals are the wider adoption of an existing (specialized) solutions: • no changes to existing infrastructure; • “compliance” with existing standards; • simple; • flexible.

  16. Roadmap • Formally specify • public key format (see ECDSA) • signature format (encoding rule) • the algorithmIdentifier usage, incl. OID for ECC key type (see ECDSA) • Define OIDs for selected curves • Define OIDs for supported algorithms

  17. Your Input! • Please let us know of any comments, additions, omissions, etc. • Contributions are welcome.

More Related