Presentation is loading. Please wait.

Presentation is loading. Please wait.

Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia draft-leontiev-cryptopro-cpcms-00.txt.

Published byAriel Simpson Modified over 9 years ago

Similar presentations

Presentation on theme: "Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia draft-leontiev-cryptopro-cpcms-00.txt."— Presentation transcript:

1 Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia Chudov@cryptopro.ru draft-leontiev-cryptopro-cpcms-00.txt

2 Russian state standards GOST 28147-89 - "Cryptographic Protection for Data Processing System“, 1989 GOST R 34.10-2001 - "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, 2001. GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", 1994. GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Hashing function.", 1994. Encryption Hashing Digital signature

3 Compatibility S-BOX not defined (except for test values) Elliptic Curve parameters not defined P, Q, A not defined (except for test values) S-BOX not defined Encryption Digest Digital signature Russian Federal Digital Signature Law, 10 Jan 2002 PKI ready Algorithm Parameters

4 Cryptographic Software Compatibility Agreement FGUE STC "Atlas" www.stcnet.ruwww.stcnet.ru CRYPTO-PRO www.cryptopro.ruwww.cryptopro.ru Factor-TC www.factor-ts.ruwww.factor-ts.ru MD PREI www.security.ruwww.security.ru Infotecs GmbH www.infotecs.ruwww.infotecs.ru SPRCIS (SPbRCZI) www.rczi.spb.ruwww.rczi.spb.ru Cryptocom www.cryptocom.ruwww.cryptocom.ru R-Alpha www.alpha.ruwww.alpha.ru Russian commercial cryptographic software vendors

5 Informational Internet Drafts Addition of GOST Ciphersuites to Transport Layer Security (TLS) http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94 http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt Cryptographic Message Syntax (CMS) algorithms for GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94. http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt

6 CMS GOST Algorithms id-Gost28147-89 OBJECT IDENTIFIER ::= -- Encryption { id-CryptoPro-algorithms gost28147-89(21) } id-GostR3411-94 OBJECT IDENTIFIER ::= -- Digest { id-CryptoPro-algorithms gostr3411(9) } id-GostR3410-94 OBJECT IDENTIFIER ::= -- Signature { id-CryptoPro-algorithms gostR3410-94(20) } id-GostR3410-2001 OBJECT IDENTIFIER ::= -- Signature { id-CryptoPro-algorithms gostR3410-2001(19) }

7 CMS GOST Parameters Gost28147-89-Parameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, -- S-Box, etc ivGost28147-89-IV } GostR3411-94-ParamSetParameters ::= SEQUENCE { hUZ Gost28147-89-UZ, -- S-Box for digest OID h0 GostR3411-94-Digest -- starting value } GostR3410-94-PublicKeyParameters ::= SEQUENCE { publicKeyParamSetOBJECT IDENTIFIER, digestParamSetOBJECT IDENTIFIER, encryptionParamSetOBJECT IDENTIFIER OPTIONAL } GostR3410-2001-PublicKeyParameters ::= SEQUENCE { publicKeyParamSetOBJECT IDENTIFIER, digestParamSetOBJECT IDENTIFIER, encryptionParamSetOBJECT IDENTIFIER OPTIONAL }

8 GOST Key Transport GostR3410-94-KeyTransportEncryptedKeyOctetString ::= SEQUENCE { sessionEncryptedKeyGost28147-89-EncryptedKey, transportParameters[0] IMPLICIT GostR3410-94-TransportParameters OPTIONAL } GostR3410-94-TransportParameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, ephemeralPublicKey[0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, ukmOCTET STRING } GostR3410-2001-KeyTransportEncryptedKeyOctetString ::= SEQUENCE { sessionEncryptedKeyGost28147-89-EncryptedKey, transportParameters[0] IMPLICIT GostR3410-94-TransportParameters OPTIONAL } GostR3410-2001-TransportParameters ::= SEQUENCE { encryptionParamSetOBJECT IDENTIFIER, ephemeralPublicKey[0] IMPLICIT SubjectPublicKeyInfo OPTIONAL, ukmOCTET STRING }

9 CMS Implementations Microsoft Windows CryptoPro CSP – Russian cryptography standards through Microsoft Cryptographic Service Provider Interface. CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider). Solaris (Sun, Intel), VSTa - released Linux, Free BSD, AIX - in progress CSP, TLS ISV products SAP R/3 SNC, SSF adapters Apache, Open SSL, mod_ssl, JCA CSP, TLS

10 S/MIME Implementations CryptoPro CSP Outlook Outlook Express The BAT! (www.ritlabs.com)www.ritlabs.com Moldova

Download ppt "Russian cryptographic algorithms (GOST) in Cryptographic Message Syntax and S/MIME Grigory Chudov CRYPTO-PRO, Russia draft-leontiev-cryptopro-cpcms-00.txt."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
CP3397 ECommerce.

CP3397 ECommerce.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.

Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.
Introduction to Cryptography

Introduction to Cryptography
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
© 2004, The Technology Firm WWW.THETECHFIRM.COM SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Similar presentations

Ads by Google