rfc9548v6.txt   rfc9548.txt 
skipping to change at line 128 skipping to change at line 128
capitals, as shown here. capitals, as shown here.
3. Basic Terms and Definitions 3. Basic Terms and Definitions
Throughout this document, the following notations are used: Throughout this document, the following notations are used:
P a password encoded as a Unicode UTF-8 string P a password encoded as a Unicode UTF-8 string
S a random initializing value S a random initializing value
V_s the set of byte strings of length s, where s >= 0; the string š‘ V_s the set of byte strings of length s, where s >= 0; the string b
= (b_1,...,b_s) belongs to the set V_s if b_1,...,b_sāˆˆ{0,...,255} = (b_1,...,b_s) belongs to the set V_s if b_1,...,b_s belongs to
{0,...,255}
|A| the number of components (a length) of the vector A belonging to |A| the number of components (a length) of the vector A belonging to
V_s (if A is an empty string, then |A| = 0) V_s (if A is an empty string, then |A| = 0)
A||C a concatenation of two byte strings A, C from V_s, i.e., a A||C a concatenation of two byte strings A, C from V_s, i.e., a
string from V_(|A|+|C|), where the left substring from V_(|A|) is string from V_(|A|+|C|), where the left substring from V_(|A|) is
equal to the string A and the right substring from V_(|C|) is equal to the string A and the right substring from V_(|C|) is
equal to the string C: A = (a_(n_1),...,a_1) in V_(n_1) and C = equal to the string C: A = (a_1,...,a_(n_1)) in V_(n_1) and C =
(c_(n_2),...,c_1) in V_(n_2), res = (c_2,...,c_(n_2)) in V_(n_2), res =
(a_(n_1),...,a_1,c_(n_2),...,c_1) in V_(n_1+n_2)) (a_1,...,a_(n_1),c_2,...,c_(n_2)) in V_(n_1+n_2)
F_q a finite prime field represented as a set of q integers F_q a finite prime field represented as a set of q integers
{0,1,...,q - 1}, where q > 3 - prime number {0,1,...,q - 1}, where q > 3 - prime number
b mod q the minimum non-negative number comparable to b modulo p b mod q the minimum non-negative number comparable to b modulo p
INT(b) integer INT(b) = b_1 +b_2 * 256+ā‹Æ+b_s * 256^(s-1), where b INT(b) integer INT(b) = b_1 + b_2 * 256 +...+ b_s * 256^(s-1), where
belongs to V_s b belongs to V_s
This document uses the following terms and abbreviations: This document uses the following terms and abbreviations:
Signature one or more data elements resulting from the signature Signature one or more data elements resulting from the signature
process (Clause 3.12 of [ISO14888-1]). Note: The terms "digital process (Clause 3.12 of [ISO14888-1]). Note: The terms "digital
signature", "electronic signature", and "electronic digital signature", "electronic signature", and "electronic digital
signature" are considered equivalent in this document. signature" are considered equivalent in this document.
Signature key set of private data elements specific to an entity and Signature key set of private data elements specific to an entity and
usable only by this entity in the signature process (Clause 3.13 usable only by this entity in the signature process (Clause 3.13
skipping to change at line 787 skipping to change at line 788
: 937E4ECFC9525BF9F6A0850 : 937E4ECFC9525BF9F6A0850
: 76718A45C81FF4921E3E2BB : 76718A45C81FF4921E3E2BB
: F72BF3EEBF3EE1613412665 : F72BF3EEBF3EE1613412665
: FF13DDA7BF275268EB11AE9 : FF13DDA7BF275268EB11AE9
: DE707D7F1B884CB6CF4760B : DE707D7F1B884CB6CF4760B
: 9F16F024330D546B881D5EA0CE : 9F16F024330D546B881D5EA0CE
451 135: CONTEXT SPECIFIC (3): 451 135: CONTEXT SPECIFIC (3):
454 132: SEQUENCE: 454 132: SEQUENCE:
457 99: SEQUENCE: 457 99: SEQUENCE:
459 3: OBJECT IDENTIFIER: 459 3: OBJECT IDENTIFIER:
: authorityKeyIdentifier [2.5.29.35] : authorityKeyIdentifier
: [2.5.29.35]
464 92: OCTET STRING: 464 92: OCTET STRING:
466 90: SEQUENCE: 466 90: SEQUENCE:
468 20: CONTEXT SPECIFIC (0): 468 20: CONTEXT SPECIFIC (0):
: AC6C0E4C4466A24296E2 : AC6C0E4C4466A24296E2
: 9F093B2566F3CBA4532A : 9F093B2566F3CBA4532A
490 60: CONTEXT SPECIFIC (1): 490 60: CONTEXT SPECIFIC (1):
492 58: CONTEXT SPECIFIC (4): 492 58: CONTEXT SPECIFIC (4):
494 56: SEQUENCE: 494 56: SEQUENCE:
496 13: SET: 496 13: SET:
498 11: SEQUENCE: 498 11: SEQUENCE:
500 3: OBJECT IDENTIFIER: 500 3: OBJECT IDENTIFIER:
: organizationName : organizationName
: [2.5.4.10] : [2.5.4.10]
505 4: PRINTABLE STRING:'TK26' 505 4: PRINTABLE STRING:
: 'TK26'
511 39: SET: 511 39: SET:
513 37: SEQUENCE: 513 37: SEQUENCE:
515 3: OBJECT IDENTIFIER: 515 3: OBJECT IDENTIFIER:
: commonName [2.5.4.3] : commonName
: [2.5.4.3]
520 30: PRINTABLE STRING: 520 30: PRINTABLE STRING:
: 'CA TK26: GOST ' : 'CA TK26: GOST '
: '34.10-12 256-bit' : '34.10-12 256-bit'
552 4: CONTEXT SPECIFIC (2): 552 4: CONTEXT SPECIFIC (2):
: 018CBA81 : 018CBA81
558 29: SEQUENCE: 558 29: SEQUENCE:
560 3: OBJECT IDENTIFIER: 560 3: OBJECT IDENTIFIER:
: subjectKeyIdentifier [2.5.29.14] : subjectKeyIdentifier
: [2.5.29.14]
565 22: OCTET STRING: 565 22: OCTET STRING:
567 20: OCTET STRING: 567 20: OCTET STRING:
: 7E065709980CAD6B08A8 : 7E065709980CAD6B08A8
: 57EE7900583AC9D7A0A4 : 57EE7900583AC9D7A0A4
589 10: SEQUENCE: 589 10: SEQUENCE:
591 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.3.2] 591 8: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.3.2]
601 65: BIT STRING UnusedBits:0: 601 65: BIT STRING UnusedBits:0:
: 0A5EA9F1D01BA62F4793EDE680CC88D1 : 0A5EA9F1D01BA62F4793EDE680CC88D1
: 6221D7B22B96B4A9FE607417B67332DF : 6221D7B22B96B4A9FE607417B67332DF
: 17503D43C33DC9AEB9F17979DF32F380 : 17503D43C33DC9AEB9F17979DF32F380
: E4175427D842C8380C5401ACFC870410 : E4175427D842C8380C5401ACFC870410
668 84: SET: 668 84: SET:
670 35: SEQUENCE: 670 35: SEQUENCE:
672 9: OBJECT IDENTIFIER:localKeyID 672 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21] : [1.2.840.113549.1.9.21]
683 22: SET: 683 22: SET:
skipping to change at line 844 skipping to change at line 850
709 9: OBJECT IDENTIFIER:friendlyName 709 9: OBJECT IDENTIFIER:friendlyName
: [1.2.840.113549.1.9.20] : [1.2.840.113549.1.9.20]
720 32: SET: 720 32: SET:
722 30: BMP STRING:'p12FriendlyName' 722 30: BMP STRING:'p12FriendlyName'
754 473: SEQUENCE: 754 473: SEQUENCE:
758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
769 458: CONTEXT SPECIFIC (0): 769 458: CONTEXT SPECIFIC (0):
773 454: OCTET STRING: 773 454: OCTET STRING:
777 450: SEQUENCE: 777 450: SEQUENCE:
781 446: SEQUENCE: 781 446: SEQUENCE:
785 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag 785 11: OBJECT IDENTIFIER:
: [1.2.840.113549.1.12.10.1.2] : pkcs-12-pkcs-8ShroudedKeyBag
: [1.2.840.113549.1.12.10.1.2]
798 343: CONTEXT SPECIFIC (0): 798 343: CONTEXT SPECIFIC (0):
802 339: SEQUENCE: 802 339: SEQUENCE:
806 89: SEQUENCE: 806 89: SEQUENCE:
808 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] 808 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.13]
819 76: SEQUENCE: 819 76: SEQUENCE:
821 41: SEQUENCE: 821 41: SEQUENCE:
823 9: OBJECT IDENTIFIER: 823 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.12] : [1.2.840.113549.1.5.12]
834 28: SEQUENCE: 834 28: SEQUENCE:
836 8: OCTET STRING:'A7F837B34CC2E82A' 836 8: OCTET STRING:'A7F837B34CC2E82A'
846 2: INTEGER:2048 846 2: INTEGER:2048
850 12: SEQUENCE: 850 12: SEQUENCE:
852 8: OBJECT IDENTIFIER: 852 8: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.4.2] : [1.2.643.7.1.1.4.2]
862 0: NULL: 862 0: NULL:
864 31: SEQUENCE: 864 31: SEQUENCE:
866 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.2.2] 866 9: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.5.2.2]
877 18: SEQUENCE: 877 18: SEQUENCE:
879 16: OCTET STRING: 879 16: OCTET STRING:
: 259ADD960DF68F265B00B3498B2A0973 : 259ADD960DF68F265B00B3498B2A0973
897 245: OCTET STRING: 897 245: OCTET STRING:
: 0CCBC469C6DB5913435529D724B5B281 : 0CCBC469C6DB5913435529D724B5B281
: 8ACAA22A5D3A30C0FF61C49C1677E2E1 : 8ACAA22A5D3A30C0FF61C49C1677E2E1
: 4E2CD85E52A88AA423E81696D1D86062 : 4E2CD85E52A88AA423E81696D1D86062
: 55855354AF626E273381A71A1106330D : 55855354AF626E273381A71A1106330D
: 7B5C4B440264EC692967ED78095B7492 : 7B5C4B440264EC692967ED78095B7492
: C2FD2A8FBAB3D8C8A8B43154543D13A1 : C2FD2A8FBAB3D8C8A8B43154543D13A1
skipping to change at line 889 skipping to change at line 898
: F730B6DE568364E896669954C8BAD489 : F730B6DE568364E896669954C8BAD489
: 309B1EBB67D51A693C398B14D32DF5D2 : 309B1EBB67D51A693C398B14D32DF5D2
: 7B28A80290E8BB666E6786A3C285BCB0 : 7B28A80290E8BB666E6786A3C285BCB0
: 5F5DF071F6 : 5F5DF071F6
1145 84: SET: 1145 84: SET:
1147 35: SEQUENCE: 1147 35: SEQUENCE:
1149 9: OBJECT IDENTIFIER:localKeyID 1149 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21] : [1.2.840.113549.1.9.21]
1160 22: SET: 1160 22: SET:
1162 20: OCTET STRING: 1162 20: OCTET STRING:
: 795574F9D4B6E4C20224286998673FF00A14C04D : 795574F9D4B6E4C20224
: 286998673FF00A14C04D
1184 45: SEQUENCE: 1184 45: SEQUENCE:
1186 9: OBJECT IDENTIFIER:friendlyName 1186 9: OBJECT IDENTIFIER:friendlyName
: [1.2.840.113549.1.9.20] : [1.2.840.113549.1.9.20]
1197 32: SET: 1197 32: SET:
1199 30: BMP STRING:'p12FriendlyName' 1199 30: BMP STRING:'p12FriendlyName'
1231 94: SEQUENCE: 1231 94: SEQUENCE:
1233 78: SEQUENCE: 1233 78: SEQUENCE:
1235 10: SEQUENCE: 1235 10: SEQUENCE:
1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] 1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3]
1247 64: OCTET STRING: 1247 64: OCTET STRING:
skipping to change at line 944 skipping to change at line 954
A.3. Example of a PFX with a Password-Protected Key and a Password- A.3. Example of a PFX with a Password-Protected Key and a Password-
Protected Certificate Protected Certificate
In this example, the PKCS8SHroudedKeybag structure is used to store In this example, the PKCS8SHroudedKeybag structure is used to store
the key, which is placed in the Data structure (see [RFC5652]). The the key, which is placed in the Data structure (see [RFC5652]). The
certBag structure is used to store the certificate, which is placed certBag structure is used to store the certificate, which is placed
in the EncryptedData structure (see [RFC5652]). The following in the EncryptedData structure (see [RFC5652]). The following
password is used to encrypt the key and provide integrity control. password is used to encrypt the key and provide integrity control.
The password is in hexadecimal. The password is in hexadecimal.
0xD09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658 D09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658
The key encryption algorithm identifier: The key encryption algorithm identifier:
1.2.643.7.1.1.5.1.1 1.2.643.7.1.1.5.1.1
The certificate encryption algorithm identifier: The certificate encryption algorithm identifier:
1.2.643.7.1.1.5.1.2 1.2.643.7.1.1.5.1.2
A.3.1. PFX in BASE64 Format A.3.1. PFX in BASE64 Format
skipping to change at line 1068 skipping to change at line 1078
: 35F0CB6CAD133DA4375A765F264FF55F87D : 35F0CB6CAD133DA4375A765F264FF55F87D
: F81F1D641655C6042EEF494C3C419EC5B52 : F81F1D641655C6042EEF494C3C419EC5B52
: 4607B850829F28BD27457DD92B5B233125C : 4607B850829F28BD27457DD92B5B233125C
: 656B555E6E : 656B555E6E
871 453: SEQUENCE: 871 453: SEQUENCE:
875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
886 438: CONTEXT SPECIFIC (0): 886 438: CONTEXT SPECIFIC (0):
890 434: OCTET STRING: 890 434: OCTET STRING:
894 430: SEQUENCE: 894 430: SEQUENCE:
898 426: SEQUENCE: 898 426: SEQUENCE:
902 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag 902 11: OBJECT IDENTIFIER:
: pkcs-12-pkcs-8ShroudedKeyBag
: [1.2.840.113549.1.12.10.1.2] : [1.2.840.113549.1.12.10.1.2]
915 323: CONTEXT SPECIFIC (0): 915 323: CONTEXT SPECIFIC (0):
919 319: SEQUENCE: 919 319: SEQUENCE:
923 85: SEQUENCE: 923 85: SEQUENCE:
925 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] 925 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.13]
936 72: SEQUENCE: 936 72: SEQUENCE:
938 41: SEQUENCE: 938 41: SEQUENCE:
940 9: OBJECT IDENTIFIER: 940 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.12] : [1.2.840.113549.1.5.12]
951 28: SEQUENCE: 951 28: SEQUENCE:
953 8: OCTET STRING: 953 8: OCTET STRING:
: FD04424D0ED6DC2F : FD04424D0ED6DC2F
963 2: INTEGER:2048 963 2: INTEGER:2048
967 12: SEQUENCE: 967 12: SEQUENCE:
969 8: OBJECT IDENTIFIER: 969 8: OBJECT IDENTIFIER:
skipping to change at line 1114 skipping to change at line 1126
: 50F1098013386AB3D29C070A55942C70 : 50F1098013386AB3D29C070A55942C70
: FD2C86A32CC0761A104AC90C3ABA3225 : FD2C86A32CC0761A104AC90C3ABA3225
: 96D26CD13F9635D5FF013D852E2D4B15 : 96D26CD13F9635D5FF013D852E2D4B15
: 24B7F828FD : 24B7F828FD
1242 84: SET: 1242 84: SET:
1244 35: SEQUENCE: 1244 35: SEQUENCE:
1246 9: OBJECT IDENTIFIER:localKeyID 1246 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21] : [1.2.840.113549.1.9.21]
1257 22: SET: 1257 22: SET:
1259 20: OCTET STRING: 1259 20: OCTET STRING:
: 795574F9D4B6E4C20224286998673FF00A14C04D : 795574F9D4B6E4C20224
: 286998673FF00A14C04D
1281 45: SEQUENCE: 1281 45: SEQUENCE:
1283 9: OBJECT IDENTIFIER: 1283 9: OBJECT IDENTIFIER:
: friendlyName [1.2.840.113549.1.9.20] : friendlyName [1.2.840.113549.1.9.20]
1294 32: SET: 1294 32: SET:
1296 30: BMP STRING:'p12FriendlyName' 1296 30: BMP STRING:'p12FriendlyName'
1328 94: SEQUENCE: 1328 94: SEQUENCE:
1330 78: SEQUENCE: 1330 78: SEQUENCE:
1332 10: SEQUENCE: 1332 10: SEQUENCE:
1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] 1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3]
1344 64: OCTET STRING: 1344 64: OCTET STRING:
skipping to change at line 1162 skipping to change at line 1175
97 129: CONTEXT SPECIFIC (1): 97 129: CONTEXT SPECIFIC (1):
: 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B : 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B
: 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3 : 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3
: 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B : 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B
: BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7 : BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7
: F1B884CB6CF4760B9F16F024330D546B881D5EA0CE : F1B884CB6CF4760B9F16F024330D546B881D5EA0CE
Acknowledgments Acknowledgments
The author thanks Alexander Potashnikov, Semen Pianov, and Valery The author thanks Alexander Potashnikov, Semen Pianov, and Valery
Smyslov for their careful readings and useful comments. Smyslov for their careful readings and useful comments, and Alexander
Chelpanov for his help with the registration of identifiers.
Author's Address Author's Address
Ekaterina Karelina (editor) Ekaterina Karelina (editor)
InfoTeCS InfoTeCS
2B stroenie 1, ul. Otradnaya 2B stroenie 1, ul. Otradnaya
Moscow Moscow
127273 127273
Russian Federation Russian Federation
Email: Ekaterina.Karelina@infotecs.ru Email: Ekaterina.Karelina@infotecs.ru
 End of changes. 17 change blocks. 
22 lines changed or deleted 36 lines changed or added

This html diff was produced by rfcdiff 1.48.