Presentation is loading. Please wait.

Presentation is loading. Please wait.

Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure Grigory Chudov Crypto-Pro Ltd., Russia draft-leontiev-cryptopro-cppk-00.txt.

Published byRoy Fletcher Modified over 9 years ago

Similar presentations

Presentation on theme: "Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure Grigory Chudov Crypto-Pro Ltd., Russia draft-leontiev-cryptopro-cppk-00.txt."— Presentation transcript:

1 Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure Grigory Chudov Crypto-Pro Ltd., Russia Chudov@cryptopro.ru draft-leontiev-cryptopro-cppk-00.txt

2 Russian state standards GOST 28147-89 - "Cryptographic Protection for Data Processing System“, 1989 GOST R 34.10-2001 - "Information technology. Cryptographic data security. Signature and verification processes of [electronic] digital signature.“, 2001. GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Produce and check procedures of Electronic Digital Signatures based on Asymmetric Cryptographic Algorithm.", 1994. GOST R 34.10-94 - "Information technology. Cryptographic Data Security. Hashing function.", 1994. Encryption Hashing Digital signature

3 Compatibility problem S-BOX not defined (except for test values) Elliptic Curve parameters not defined P, Q, A not defined (except for test values) S-BOX not defined Encryption Digest Digital signature Russian Federal Digital Signature Law, 10 Jan 2002 PKI ready Algorithm parameters

4 Cryptographic Software Compatibility Agreement FGUE STC "Atlas" www.stcnet.ruwww.stcnet.ru CRYPTO-PRO www.cryptopro.ruwww.cryptopro.ru Factor-TC www.factor-ts.ruwww.factor-ts.ru MD PREI www.security.ruwww.security.ru Infotecs GmbH www.infotecs.ruwww.infotecs.ru SPRCIS (SPbRCZI) www.rczi.spb.ruwww.rczi.spb.ru Cryptocom www.cryptocom.ruwww.cryptocom.ru R-Alpha www.alpha.ruwww.alpha.ru Russian commercial cryptographic software vendors

5 Internet Drafts Addition of GOST Ciphersuites to Transport Layer Security (TLS) http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt http://www.ietf.org/internet-drafts/draft-chudov-cryptopro-cptls-00.txt Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificates and Certificate Revocation List (CRL), corresponding to the algorithms GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94 http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cppk-00.txt Cryptographic Message Syntax (CMS) algorithms for GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, GOST R 34.11-94. http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt http://www.ietf.org/internet-drafts/draft-leontiev-cryptopro-cpcms-00.txt

6 PKIX GOST OIDs id-CryptoPro-algorithms OBJECT IDENTIFIER ::= { iso(1) member-body(2) ru(643) rans(2) cryptopro(2) } id-GostR3410-94 OBJECT IDENTIFIER ::= { id-CryptoPro-algorithms gostR3410-94(20) } id-GostR3411-94-with-GostR3410-94 OBJECT IDENTIFIER ::= { id-CryptoPro-algorithms gostR3411-94-with-gostR3410-94(4)} id-GostR3410-2001 OBJECT IDENTIFIER ::= { id-CryptoPro-algorithms gostR3410-2001(19) } id-GostR3411-94-with-GostR3410-2001 OBJECT IDENTIFIER ::= { id-CryptoPro-algorithms gostR3411-94-with-gostR3410-2001(3) }

7 PKIX GOST Parameters GostR3410-94-PublicKeyParameters ::= SEQUENCE { publicKeyParamSetOBJECT IDENTIFIER, digestParamSetOBJECT IDENTIFIER, encryptionParamSetOBJECT IDENTIFIER OPTIONAL } GostR3410-94-PublicKeyAlgorithms ALGORITHM-IDENTIFIER ::= { { GostR3410-94-PublicKeyParameters IDENTIFIED BY id-GostR3410-94 } } GostR3410-94-CertificateSignatureAlgorithms ALGORITHM-IDENTIFIER ::= { { NULL IDENTIFIED BY id-GostR3411-94-with-GostR3410-94 } | { GostR3410-94-PublicKeyParameters IDENTIFIED BY id-GostR3411-94-with-GostR3410-94 } }

8 End Entity Implementations Microsoft Windows CryptoPro CSP – Russian cryptography standards through Microsoft Cryptographic Service Provider Interface. CryptoPro TLS – adds GOST cipher suites to Microsoft Schannel SSP (Security Support Provider). Solaris (Sun, Intel), VSTa - released Linux, Free BSD, AIX - in progress CSP, TLS ISV products SAP R/3 SNC, SSF adapters Apache, Open SSL, mod_ssl, JCA CSP, TLS

9 CA Implementations RSA Keon 6.5 W2K - released Sun Solaris – in progress Unicert 5.01 W2K - released Microsoft CA with CryptoPro CSP CryptoPro CA based on MS certificate services

Download ppt "Russian cryptographic algorithms (GOST) in Internet X.509 Public Key Infrastructure Grigory Chudov Crypto-Pro Ltd., Russia draft-leontiev-cryptopro-cppk-00.txt."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
CP3397 ECommerce.

CP3397 ECommerce.
1 PK-Enabling Toolkits August 27, 2001. 2 CSOS Interfaces STATUS CHECKING Network Interface: HTTP Port 80 PKI Interface: PKCS 10 Request PKCS 7 Response.

1 PK-Enabling Toolkits August 27, CSOS Interfaces STATUS CHECKING Network Interface: HTTP Port 80 PKI Interface: PKCS 10 Request PKCS 7 Response.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch

An Introduction to SSL/TLS and Certificates Providing secure communication over the Internet Frederick J. Hirsch
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.

Security Technology Lab The CSSM PKCS #11 Adaptation Layer Adapting the Technologies and Obtaining Module Integrity Using the CDSA Infrastructure Matthew.
Introduction to Cryptography

Introduction to Cryptography
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
© 2004, The Technology Firm WWW.THETECHFIRM.COM SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.

© 2004, The Technology Firm SSL Packet Decodes From Wikipedia, the free encyclopedia.  Secure Sockets Layer (SSL) is a cryptographic.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.

About PKI Key Stores Dartmouth College PKI Lab. Key Store Defined Protected “vault” to hold user’s private key with their copy of their x.509 certificate.
Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Similar presentations

Ads by Google