Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia draft-leontiev-cryptopro-cpcms-00.txt.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure and Applications

Advertisements

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

CP3397 ECommerce.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.

Introduction to Cryptography

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Principles of Information Security, 2nd edition1 Cryptography.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.

Digital Certificates With Chuck Easttom. Digital Signatures  Digital Signature is usually the encryption of a message or message digest with the sender's.

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

The Windows NT ® 5.0 Public Key Infrastructure Charlie Chase Program Manager Windows NT Security Microsoft Corporation.

Introduction to Secure Messaging Issues Russ Chung, American Eagle Group The Open Group Messaging Forum July 24, 2003.

Computer encryption is… Based on the science of cryptography.

Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Integrating security services with the automatic processing of content TERENA 2001 Antalya, May 2001 Francesco Gennai, Marina Buzzi Istituto.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Public Key Encryption.

SSL (TLS) Part 2 Generating the Premaster and Master Secrets + Encryption.

Washington System Center © 2005 IBM Corporation August 25, 2005 RDS Training Secure Socket Layer (SSL) Overview z/Series Security (Mary Sweat, Greg Boyd)

Elliptic Curve Cryptography

SMUCSE 5349/7349 SSL/TLS. SMUCSE 5349/7349 Layers of Security.

Cryptography Gerard Klonarides. What is cryptography? Symmetric Encryption Symmetric Encryption Asymmetric Encryption Asymmetric Encryption Other cryptography.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure Grigory Chudov Crypto-Pro Ltd., Russia draft-leontiev-cryptopro-cppk-00.txt.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Network Security: Lab#2 J. H. Wang Oct. 9, Objectives To learn to use message digests –MD5 To learn to use secure hash functions –SHA-1, SHA-2 To.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden

Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service.

Dan Brown, Certicom Research November 10, 2004

CompTIA Security+ Study Guide (SY0-401)

CompTIA Security+ Study Guide (SY0-501)

Cryptology/Cryptography

The Secure Sockets Layer (SSL) Protocol

Transport Layer Security (TLS)

Presentation transcript:

Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia draft-leontiev-cryptopro-cpcms-00.txt

Russian state standards GOST "Cryptographic Protection for Data Processing System“, 1989 GOST R "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, GOST R "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", GOST R "Information technology. Cryptographic Data Security. Hashing function.", Encryption Hashing Digital signature

Compatibility S-BOX not defined (except for test values) Elliptic Curve parameters not defined P, Q, A not defined (except for test values) S-BOX not defined Encryption Digest Digital signature Russian Federal Digital Signature Law, 10 Jan 2002 PKI ready Algorithm Parameters

Cryptographic Software Compatibility Agreement FGUE STC "Atlas" CRYPTO-PRO Factor-TC MD PREI Infotecs GmbH SPRCIS (SPbRCZI) Cryptocom R-Alpha Russian commercial cryptographic software vendors

Informational Internet Drafts Addition of GOST Ciphersuites to Transport Layer Security (TLS) Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R , GOST R , GOST R Cryptographic Message Syntax (CMS) algorithms for GOST , GOST R , GOST R , GOST R

CMS GOST Algorithms id-Gost OBJECT IDENTIFIER ::= -- Encryption { id-CryptoPro-algorithms gost (21) } id-GostR OBJECT IDENTIFIER ::= -- Digest { id-CryptoPro-algorithms gostr3411(9) } id-GostR OBJECT IDENTIFIER ::= -- Signature { id-CryptoPro-algorithms gostR (20) } id-GostR OBJECT IDENTIFIER ::= -- Signature { id-CryptoPro-algorithms gostR (19) }

CMS GOST Parameters Gost Parameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, -- S-Box, etc ivGost IV } GostR ParamSetParameters ::= SEQUENCE { hUZ Gost UZ, -- S-Box for digest OID h0 GostR Digest -- starting value } GostR PublicKeyParameters ::= SEQUENCE { publicKeyParamSetOBJECT IDENTIFIER, digestParamSetOBJECT IDENTIFIER, encryptionParamSetOBJECT IDENTIFIER OPTIONAL } GostR PublicKeyParameters ::= SEQUENCE { publicKeyParamSetOBJECT IDENTIFIER, digestParamSetOBJECT IDENTIFIER, encryptionParamSetOBJECT IDENTIFIER OPTIONAL }

GOST Key Transport GostR KeyTransportEncryptedKeyOctetString ::= SEQUENCE { sessionEncryptedKeyGost EncryptedKey, transportParameters[0] IMPLICIT GostR TransportParameters OPTIONAL } GostR TransportParameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, ephemeralPublicKey[0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, ukmOCTET STRING } GostR KeyTransportEncryptedKeyOctetString ::= SEQUENCE { sessionEncryptedKeyGost EncryptedKey, transportParameters[0] IMPLICIT GostR TransportParameters OPTIONAL } GostR TransportParameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, ephemeralPublicKey[0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, ukmOCTET STRING }

CMS Implementations Microsoft Windows CryptoPro CSP – Russian cryptography standards through Microsoft Cryptographic Service Provider Interface. CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider). Solaris (Sun, Intel), VSTa - released Linux, Free BSD, AIX - in progress CSP, TLS ISV products SAP R/3 SNC, SSF adapters Apache, Open SSL, mod_ssl, JCA CSP, TLS

S/MIME Implementations CryptoPro CSP Outlook Outlook Express The BAT! ( Moldova