rfc9548.original   rfc9548.txt 
Network Working Group E. Karelina, Ed. Independent Submission E. Karelina, Ed.
Internet-Draft InfoTeCS Request for Comments: 9548 InfoTeCS
Intended status: Informational December 2023 Category: Informational April 2024
Expires: 14 June 2024 ISSN: 2070-1721
Generating the Transport Key Containers Using the GOST Algorithms Generating Transport Key Containers (PFX) Using the GOST Algorithms
draft-pkcs12-gost-08
Abstract Abstract
This document specifies how to use "PKCS #12: Personal Information This document specifies how to use "PKCS #12: Personal Information
Exchange Syntax v1.1" (RFC 7292) to generate the transport key Exchange Syntax v1.1" (RFC 7292) to transport key containers (PFX)
containers for storing keys and certificates in conjunction with the for storing keys and certificates in conjunction with the Russian
Russian national standard GOST algorithms. national standard GOST algorithms.
This specification has been developed outside the IETF. The purpose This specification has been developed outside the IETF. The purpose
of publication being to facilitate interoperable implementations that of publication is to facilitate interoperable implementations that
wish to support the GOST algorithms. This document does not imply wish to support the GOST algorithms. This document does not imply
IETF endorsement of the cryptographic algorithms used here. IETF endorsement of the cryptographic algorithms used here.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This is a contribution to the RFC Series, independently of any other
and may be updated, replaced, or obsoleted by other documents at any RFC stream. The RFC Editor has chosen to publish this document at
time. It is inappropriate to use Internet-Drafts as reference its discretion and makes no statement about its value for
material or to cite them other than as "work in progress." implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
This Internet-Draft will expire on 3 June 2024. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9548.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2024 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Conventions Used in This Document . . . . . . . . . . . . . . 3 2. Conventions Used in This Document
3. Basic Terms and Definitions . . . . . . . . . . . . . . . . . 3 3. Basic Terms and Definitions
4. PFX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. PFX
4.1. Structure of PFX . . . . . . . . . . . . . . . . . . . . 6 4.1. Structure of PFX
4.2. AuthenticatedSafe . . . . . . . . . . . . . . . . . . . . 6 4.2. AuthenticatedSafe
4.2.1. Unencrypted Data . . . . . . . . . . . . . . . . . . 6 4.2.1. Unencrypted Data
4.2.2. Password-encrypted data . . . . . . . . . . . . . . . 7 4.2.2. Password-Encrypted Data
4.3. SafeContents and SafeBag . . . . . . . . . . . . . . . . 7 4.3. SafeContents and SafeBag
5. GOST R 34.10–2012 key representation . . . . . . . . . . . . 8 5. GOST R 34.10-2012 Key Representation
5.1. Masking GOST R 34.10–2012 keys . . . . . . . . . . . . . 8 5.1. Masking GOST R 34.10-2012 Keys
5.2. KeyBag structure for GOST R 34.10–2012 key . . . . . . . 10 5.2. KeyBag Structure for GOST R 34.10-2012 Key
5.3. OneAsymmetricKey structure . . . . . . . . . . . . . . . 10 5.3. OneAsymmetricKey Structure
5.4. EncryptedPrivateKeyInfo structure for GOST R 34.10–2012 5.4. EncryptedPrivateKeyInfo Structure for GOST R 34.10-2012 Key
key . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 6. GOST R 34.10-2012 Certificate Representation
6. GOST R 34.10–2012 certificate representation . . . . . . . . 11 7. Security Mechanisms
7. Security Mechanisms . . . . . . . . . . . . . . . . . . . . . 12 8. Security Considerations
8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 9. IANA Considerations
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 10. ASN.1 Modules
10. ASN.1 Modules . . . . . . . . . . . . . . . . . . . . . . . . 13 11. References
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 11.1. Normative References
11.1. Normative References . . . . . . . . . . . . . . . . . . 13 11.2. Informative References
11.2. Informative References . . . . . . . . . . . . . . . . . 15 Appendix A. Examples
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 15 A.1. Test Data
A.1. Test data . . . . . . . . . . . . . . . . . . . . . . . . 15 A.1.1. Test Certificate
A.1.1. Test certificate . . . . . . . . . . . . . . . . . . 15 A.1.2. Test Key
A.1.2. Test key . . . . . . . . . . . . . . . . . . . . . . 16 A.2. Example of a PFX with a Password-Protected Key and
A.2. The example of a PFX with a password-protected key and Unencrypted Certificate
unencrypted certificate. . . . . . . . . . . . . . . . . 16 A.2.1. PFX in BASE64 Format
A.2.1. PFX in BASE64 format . . . . . . . . . . . . . . . . 16 A.2.2. PFX in ASN.1 Format
A.2.2. PFX in ASN.1 format . . . . . . . . . . . . . . . . . 17 A.2.3. Decrypted Key Value in BASE64 Format
A.2.3. Decrypted key value in BASE64 format . . . . . . . . 21 A.2.4. Decrypted Key Value in ASN.1 Format
A.2.4. Decrypted key value in ASN.1 format . . . . . . . . . 22 A.3. Example of a PFX with a Password-Protected Key and a
A.3. The example of a PFX with a password-protected key and a Password-Protected Certificate
password-protected certificate. . . . . . . . . . . . . . 22 A.3.1. PFX in BASE64 Format
A.3.1. PFX in BASE64 format . . . . . . . . . . . . . . . . 22 A.3.2. PFX in ASN.1 Format
A.3.2. PFX in ASN.1 format . . . . . . . . . . . . . . . . . 23 A.3.3. Decrypted Key Value in BASE64 Format
A.3.3. Decrypted key value in BASE64 format . . . . . . . . 26 A.3.4. Decrypted Key Value in ASN.1 Format
A.3.4. Decrypted key value in ASN.1 format . . . . . . . . . 26 Acknowledgments
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 26 Author's Address
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
This document provides a specification of the usage of GOST This document provides a specification of the usage of GOST
algorithms with PKCS #12 v1.1. algorithms with PKCS #12 v1.1.
PKCS #12 v1.1 describes a syntax for transfer of personal information PKCS #12 v1.1 describes a syntax for transfer of personal information
such as private keys, certificates, various secrets. such as private keys, certificates, and various secrets.
This memo describes the creating of transport key containers for keys This memo describes the creation of transport key containers (PFX)
and certificates of electronic signature verification keys which are for keys and certificates using the GOST R 34.10-2012 algorithm. The
created in accordance with GOST R 34.10–2012 algorithm. The GOST R GOST R 34.11-2012 algorithm is used to ensure the integrity of PFX.
34.11-2012 algorithm is used to ensure integrity of transport key
containers. Caution:
This specification is not a standard and does not have IETF community
consensus. It makes use of a cryptographic algorithm that is a
national standard for Russia. Neither the IETF nor the IRTF has
analyzed that algorithm for suitability for any given application,
and it may contain either intended or unintended weaknesses.
2. Conventions Used in This Document 2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. Basic Terms and Definitions 3. Basic Terms and Definitions
Throughout this document, the following notation is used: Throughout this document, the following notations are used:
+==========+====================================================+ P a password encoded as a Unicode UTF-8 string
| Notation | Definition |
+==========+====================================================+
| P | a password encoded as a Unicode UTF-8 string |
+----------+----------------------------------------------------+
| S | a random initializing value |
+----------+----------------------------------------------------+
| V^(*) | the set of all binary row vectors of finite length |
| | (hereinafter referred to as vectors) including |
| | empty string |
+----------+----------------------------------------------------+
| V_s | the set of all binary row vectors of length s, s |
| | >= 0; if s = 0, then the set V_s consists of an |
| | empty string of length 0 |
+----------+----------------------------------------------------+
| |A| | the number of components (a length) of the vector |
| | A belonging to V^(*) (if A is an empty string, |
| | then |A| = 0) |
+----------+----------------------------------------------------+
| A||C | a concatenation of two octet strings A, C, i.e., a |
| | vector from V_(|A|+|C|), where the left subvector |
| | from V_(|A|) is equal to the vector A and the |
| | right subvector from V_(|C|) is equal to the |
| | vector C: A = (a_(n_1),...,a_1) in V_(n_1) and C = |
| | (c_(n_2),..., c_1) in V_(n_2), res = |
| | (a_(n_1),...,a_1,c_(n_2),..., c_1) in V_(n_1+n_2)) |
+----------+----------------------------------------------------+
| F_q | a finite prime field represented as a set of q |
| | integers {0,1,..., q - 1}, where q > 3 – prime |
| | number |
+----------+----------------------------------------------------+
| b mod q | the minimum non-negative number comparable to b |
| | modulo p |
+----------+----------------------------------------------------+
Table 1: Terms and Definitions S a random initializing value
This document uses the following abbreviations and definitions: V_s the set of byte strings of length s, where s >= 0; the string b
= (b_1,...,b_s) belongs to the set V_s if b_1,...,b_s belongs to
{0,...,255}
+================+==================================================+ |A| the number of components (a length) of the vector A belonging to
| Abbreviations | Definition | V_s (if A is an empty string, then |A| = 0)
| and Terms | |
+================+==================================================+
| Signature | one or more data elements resulting from |
| | the signature process (clause 3.12 of |
| | [ISO14888-1]). Note: the terms "digital |
| | signature", "electronic signature", and |
| | "electronic digital signature" are |
| | considered equivalent in this document. |
+----------------+--------------------------------------------------+
| Signature key | set of private data elements specific to |
| | an entity and usable only by this entity |
| | in the signature process (clause 3.13 of |
| | [ISO14888-1]). Note: Sometimes called a |
| | private key. |
+----------------+--------------------------------------------------+
| Verification | set of public data elements which is |
| key | mathematically related to an entity's |
| | signature key and which is used by the |
| | verifier in the verification process |
| | (clause 3.16 of [ISO14888-1]). Note: |
| | Sometimes called a public key. |
+----------------+--------------------------------------------------+
| ASN.1 | Abstract Syntax Notation One, as defined |
| | in [X.680]. |
+----------------+--------------------------------------------------+
| BER | Basic Encoding Rules, as defined in |
| | [X.690]. |
+----------------+--------------------------------------------------+
| HMAC_GOSTR3411 | Hashed-Based Message Authentication |
| | Code. A function for calculating a |
| | Message Authentication Code (MAC) based |
| | on the GOST R 34.11-2012 hash function |
| | (see [RFC6986]) with 512-bit output in |
| | accordance with [RFC2104]. |
+----------------+--------------------------------------------------+
Table 2: Abbreviations and Definition A||C a concatenation of two byte strings A, C from V_s, i.e., a
string from V_(|A|+|C|), where the left substring from V_(|A|) is
equal to the string A and the right substring from V_(|C|) is
equal to the string C: A = (a_1,...,a_(n_1)) in V_(n_1) and C =
(c_2,...,c_(n_2)) in V_(n_2), res =
(a_1,...,a_(n_1),c_2,...,c_(n_2)) in V_(n_1+n_2)
F_q a finite prime field represented as a set of q integers
{0,1,...,q - 1}, where q > 3 - prime number
b mod q the minimum non-negative number comparable to b modulo p
INT(b) integer INT(b) = b_1 + b_2 * 256 +...+ b_s * 256^(s-1), where
b belongs to V_s
This document uses the following terms and abbreviations:
Signature one or more data elements resulting from the signature
process (Clause 3.12 of [ISO14888-1]). Note: The terms "digital
signature", "electronic signature", and "electronic digital
signature" are considered equivalent in this document.
Signature key set of private data elements specific to an entity and
usable only by this entity in the signature process (Clause 3.13
of [ISO14888-1]). Note: Sometimes called a private key.
Verification key set of public data elements that is mathematically
related to an entity's signature key and is used by the verifier
in the verification process (Clause 3.16 of [ISO14888-1]). Note:
Sometimes called a public key.
ASN.1 Abstract Syntax Notation One, as defined in [X.680].
BER Basic Encoding Rules, as defined in [X.690].
HMAC_GOSTR3411 Hash-Based Message Authentication Code. A function
for calculating a Message Authentication Code (MAC) based on the
GOST R 34.11-2012 hash function (see [RFC6986]) with 512-bit
output in accordance with [RFC2104].
4. PFX 4. PFX
The transport key container (PFX, see [RFC7292]) is designed for The PFX (see [RFC7292]) is designed for secure storage and data
secure storage and data transfer. The scope of this document is to transfer. The scope of this document is to define how PFX is used
define how the transport key container is used for private key and for private key and certificate protection with a password when GOST
certificate protection with a password when GOST R 34.10-2012 is R 34.10-2012 is applied.
applied. .
4.1. Structure of PFX 4.1. Structure of PFX
In accordance with [RFC7292] the transport key container has the In accordance with [RFC7292], PFX has the following structure:
following structure:
PFX ::= SEQUENCE PFX ::= SEQUENCE
{ {
version INTEGER {v3(3)}(v3,...), version INTEGER {v3(3)}(v3,...),
authSafe ContentInfo, authSafe ContentInfo,
macData MacData OPTIONAL macData MacData OPTIONAL
} }
The fields of PFX have the following meanings: The fields of the PFX have the following meanings:
* version is the syntax version number; the only allowed value for * version is the syntax version number; the only allowed value for
this specification is 3; this specification is 3.
* authSafe contains the data of type ContentInfo. In the case of * authSafe contains the data of type ContentInfo. In the case of
password integrity mode the authSafe.content field has a Data type password integrity mode, the authSafe.content field has a Data
value and contains a BER-encoded value of AuthenticatedSafe type value and contains a BER-encoded value of the
structure; AuthenticatedSafe structure.
* macData has a MacData type and in the case of password integrity * macData has a MacData type; in the case of password integrity
mode the macData field should contain the information about mode, the macData field should contain information about the
algorithm and parameters for a password key generation. The algorithm and parameters for password key generation. Integrity
integrity control is ensured by using the HMAC_GOSTR3411_2012_512 control is ensured by using the HMAC_GOSTR3411_2012_512 algorithm:
algorithm: the macData.mac.digestAlgorithm.algorithm field the macData.mac.digestAlgorithm.algorithm field contains the
contains the HMAC_GOSTR3411_2012_512 algorithm identifier (see HMAC_GOSTR3411_2012_512 algorithm identifier (see Section 7).
Section 7). When processing a transport key container, this field When processing PFX, this field should be checked first.
should be checked first.
4.2. AuthenticatedSafe 4.2. AuthenticatedSafe
The AuthenticatedSafe structure is a sequence of ContentInfo values The AuthenticatedSafe structure is a sequence of ContentInfo values
(see [RFC5652]): (see [RFC5652]):
AuthenticatedSafe ::= SEQUENCE OF ContentInfo AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-- Data if unencrypted -- Data if unencrypted
-- EncryptedData if password-encrypted -- EncryptedData if password-encrypted
-- EnvelopedData if public key-encrypted -- EnvelopedData if public key-encrypted
4.2.1. Unencrypted Data 4.2.1. Unencrypted Data
If the data is not encrypted then the content field is the BER- If the data is not encrypted, then the content field is the BER-
encoded value of the SafeContents structure. The contentType field encoded value of the SafeContents structure. The contentType field
is set to the id-data type. is set to the id-data type.
4.2.2. Password-encrypted data 4.2.2. Password-Encrypted Data
When password integrity mode is used the data is represented as an When password integrity mode is used, the data is represented as an
EncryptedData structure ([RFC5652]). The encryption algorithm and EncryptedData structure (see [RFC5652]). The encryption algorithm
parameters have the following values: and parameters have the following values:
ContentEncryptionAlgorithmIdentifier ::= SEQUENCE ContentEncryptionAlgorithmIdentifier ::= SEQUENCE
{ {
encryptionAlgorithmOID OBJECT IDENTIFIER, encryptionAlgorithmOID OBJECT IDENTIFIER,
parameters PBES2-params parameters PBES2-params
} }
The PBES2-params type is defined in [RFC9337]. The content should be The PBES2-params type is defined in [RFC9337]. The content should be
encrypted according to the encryption algorithm in the PBES2 scheme, encrypted according to the encryption algorithm in the PBES2 scheme,
described in [RFC9337]. The following identifier MUST be specified as described in [RFC9337]. The following identifier MUST be
in EncryptedData.EncryptedContentInfo.contentEncryptionAlgorithm.encr specified in the
yptionAlgorithmOID field: EncryptedData.EncryptedContentInfo.contentEncryptionAlgorithm.
encryptionAlgorithmOID field:
{ {
iso(1) member-body(2) us(840) rsadsi(113549) iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-5(5) pbes2(13) pkcs(1) pkcs-5(5) pbes2(13)
} }
The encrypted content is specified in The encrypted content is specified in the
EncryptedData.EncryptedContentInfo.encryptedContent field. EncryptedData.EncryptedContentInfo.encryptedContent field.
4.3. SafeContents and SafeBag 4.3. SafeContents and SafeBag
In accordance with [RFC7292] the SafeContents structure is a sequence In accordance with [RFC7292], the SafeContents structure is a
of SafeBag: sequence of SafeBag:
SafeContents ::= SEQUENCE OF SafeBag SafeContents ::= SEQUENCE OF SafeBag
where where
SafeBag ::= SEQUENCE SafeBag ::= SEQUENCE
{ {
bagId BAG-TYPE.&id ({PKCS12BagSet}) bagId BAG-TYPE.&id ({PKCS12BagSet})
bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId})
bagAttributes SET OF PKCS12Attribute OPTIONAL bagAttributes SET OF PKCS12Attribute OPTIONAL
} }
The fields of SafeBag have the following meanings: The fields of SafeBag have the following meanings:
* bagId is an object identifier, it defines the type of object; * bagId is an object identifier; it defines the type of object.
* bagValue is the value of an object; * bagValue is the value of an object.
* bagAttributes contains the users names, the key identifiers and
other additional information. It is optional.
See [RFC7292] Section 4.2. for the different bag types. This * bagAttributes contains the users' names, the key identifiers, and
document describes the 2 object types of SafeBag structure: other additional information. This field is optional.
* pkcs8ShroudedKeyBag, See [RFC7292], Section 4.2 for the different bag types. This
document describes the two object types of the SafeBag structure:
* certBag. 1. pkcs8ShroudedKeyBag
When password integrity mode is used the private key has the 2. certBag
When password integrity mode is used, the private key has the
following structure: following structure:
pkcs8ShroudedKeyBag BAG-TYPE ::= pkcs8ShroudedKeyBag BAG-TYPE ::=
{ {
PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2} PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}
} }
The bagValue field contains the key and information about it in the The bagValue field contains the key and information about the key, in
encrypted form in the EncryptedPrivateKeyInfo structure. encrypted form, in the EncryptedPrivateKeyInfo structure.
A certBag contains a certificate of a certain type. Object A certBag contains a certificate of a certain type. Object
identifiers are used to distinguish between different certificate identifiers are used to distinguish between different certificate
types. types.
certBag BAG-TYPE ::= certBag BAG-TYPE ::=
{ {
CertBag IDENTIFIED BY { bagtypes 3 } CertBag IDENTIFIED BY { bagtypes 3 }
} }
If the certificate is not encrypted, the CertBag structure is placed If the certificate is not encrypted, the CertBag structure is placed
in the Data structure (see [RFC5652]). If the certificate is in the Data structure (see [RFC5652]). If the certificate is
encrypted, the CertBag structure is placed in the EncryptedData encrypted, the CertBag structure is placed in the EncryptedData
structure (see [RFC5652]). structure (see [RFC5652]).
5. GOST R 34.10–2012 key representation 5. GOST R 34.10-2012 Key Representation
This section describes the GOST R 34.10–2012 private keys This section describes the GOST R 34.10-2012 private key
representation for asymmetric key pairs. Masked keys should be used representation for asymmetric key pairs. Masked keys should be used
to ensure the protection of private keys from leaks through the side to ensure that private keys are protected from leaking through side
channels when reading and performing operations with keys. channels when reading and performing operations with keys.
5.1. Masking GOST R 34.10–2012 keys 5.1. Masking GOST R 34.10-2012 Keys
The masking algorithm is defined by the basic cryptographic The masking algorithm is defined by the basic cryptographic
transformation operation of the algorithm: multiplication in the F_q transformation operation of the algorithm: multiplication in the F_q
field for GOST R 34.102012 keys. field for GOST R 34.10-2012 keys.
Let M_1, M_2, ..., M_k be a sequence of k masks. Let M_i() denote Let M_1, M_2, ..., M_k be a sequence of k masks. Let M_i() denote
the operation of applying the i-th mask and M_i^-1() denote the the operation of applying the i-th mask and M_i^-1() denote the
operation of removing the i-th mask, 1 <= i <= k. Let K be a key. operation of removing the i-th mask, 1 <= i <= k. Let K be a key.
The masked key K_M is obtained by applying the masking operation k The masked key K_M is obtained by applying the masking operation k
times: times:
K_M = M_k (...(M_2(M_1(K)...). K_M = M_k (...(M_2(M_1(K)...).
Unmasking is performed by applying the removing operation k times, Unmasking is performed by applying the removal operation k times, but
but in reverse order: in reverse order:
K = M_1^-1(...(M_(k-1)^-1(M_k^-1(K_M))...). K = M_1^-1(...(M_(k-1)^-1(M_k^-1(K_M))...).
The masked key is represented as the sequence The masked key is represented as the sequence
I = K_M||M_1||M_2||...||M_k. I = K_M||M_1||M_2||...||M_k.
Let the key K be n bits in length, then the sequence I is represented Let the key K be n bits in length; then, the sequence I is
in memory as a sequence of (k + 1)*n bits. I is represented in represented in memory as a sequence of (k + 1)*n bits. I is
little-endian format. It is possible to use an unmasked private key represented in little-endian format. It is possible to use an
(i.e., k = 0, K_M = K). The masking operation is the multiplication unmasked private key (i.e., k = 0, K_M = K). For GOST R 34.10-2012
of the key by the inverse of the mask: K_M = K * M^-1 mod Q, where keys, the masking operation is the multiplication of the key by the
the Q value is taken from the key parameters. The operation of inverse of the mask: INT(K_M) = INT(K) * INT(M)^-1 mod Q, where the Q
removing the mask is the multiplication of the masked key by the value is taken from the key parameters. The operation of removing
mask: K = K_M * M mod Q. The public key is specified by a pair of the mask is the multiplication of the masked key by the mask: INT(K)
coordinates (x, y) defined in GOST R 34.10–2012, presented in the = INT(K_M) * INT(M) mod Q. The public key is specified by a pair of
coordinates (x, y) as defined in GOST R 34.10-2012, presented in the
following format: following format:
* a public key corresponding to the GOST R 34.10–2012 algorithm with * a public key corresponding to the GOST R 34.10-2012 algorithm with
a key length of 256 bits has the GostR3410–2012-256-PublicKey a key length of 256 bits has the GostR3410-2012-256-PublicKey
representation. It is specified by a 64-byte string, where the representation. It is specified by a 64-byte string, where the
first 32 bytes contain the little-endian representation of the x first 32 bytes contain the little-endian representation of the x
coordinate, and the last 32 bytes contain the little-endian coordinate and the last 32 bytes contain the little-endian
representation of the y coordinate; representation of the y coordinate.
* a public key corresponding to the GOST R 34.10–2012 algorithm with * a public key corresponding to the GOST R 34.10-2012 algorithm with
a key length of 512 bits has the GostR3410–2012-512-PublicKey a key length of 512 bits has the GostR3410-2012-512-PublicKey
representation. It is specified by a 128-byte string, where the representation. It is specified by a 128-byte string, where the
first 64 bytes contain the little-endian representation of the x first 64 bytes contain the little-endian representation of the x
coordinate, and the last 64 bytes contain the little-endian coordinate and the last 64 bytes contain the little-endian
representation of the y coordinate. representation of the y coordinate.
The public keys GostR3410-2012-256-PublicKey and The public keys GostR3410-2012-256-PublicKey and
GostR3410-2012-512-PublicKey MUST be DER-encoded as an octet string GostR3410-2012-512-PublicKey MUST be DER encoded as an octet string
in accordance with [RFC9215] (section 4.3): in accordance with Section 4.3 of [RFC9215]:
GostR3410–2012-256-PublicKey ::= OCTET STRING (64), GostR3410-2012-256-PublicKey ::= OCTET STRING (64),
GostR3410–2012-512-PublicKey ::= OCTET STRING (128). GostR3410-2012-512-PublicKey ::= OCTET STRING (128).
5.2. KeyBag structure for GOST R 34.10–2012 key 5.2. KeyBag Structure for GOST R 34.10-2012 Key
In accordance with [RFC7292] a KeyBag is defined as information about In accordance with [RFC7292], a KeyBag is defined as information
a private key represented as the PrivateKeyInfo structure: about a private key represented as the PrivateKeyInfo structure:
KeyBag := PrivateKeyInfo KeyBag ::= PrivateKeyInfo
In accordance with [RFC5958], information about a private key is In accordance with [RFC5958], information about a private key is
presented in the following form: presented in the following form:
PrivateKeyInfo := OneAsymmetricKey PrivateKeyInfo ::= OneAsymmetricKey
5.3. OneAsymmetricKey structure 5.3. OneAsymmetricKey Structure
In accordance with [RFC5958] OneAsymmetricKey has the following In accordance with [RFC5958], OneAsymmetricKey has the following
structure: structure:
OneAsymmetricKey::= SEQUENCE OneAsymmetricKey::= SEQUENCE
{ {
version Version, version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey, privateKey PrivateKey,
attributes [0] Attributes OPTIONAL, attributes [0] Attributes OPTIONAL,
..., ...,
[[2:publicKey [1] PublicKey OPTIONAL]], [[2:publicKey [1] PublicKey OPTIONAL]],
skipping to change at page 10, line 42 skipping to change at line 410
} }
Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2) Version ::= INTEGER { v1(0), v2(1) } (v1, ..., v2)
PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
PrivateKey ::= OCTET STRING PrivateKey ::= OCTET STRING
PublicKey ::= BIT STRING PublicKey ::= BIT STRING
Attributes ::= SET OF Attribute Attributes ::= SET OF Attribute
The fields have the following meanings: The fields have the following meanings:
* version identifies the version of OneAsymmetricKey. If publicKey * version identifies the version of OneAsymmetricKey. If publicKey
is present, then version is set to 2 else version is set to 1. is present, then version is set to 2; else, version is set to 1.
* privateKeyAlgorithm identifies the private-key algorithm and * privateKeyAlgorithm identifies the private key algorithm and
optionally contains parameters associated with the asymmetric key optionally contains parameters associated with the asymmetric key
pair. For GOST R 34.10–2012 private keys the identifiers of the pair. For GOST R 34.10-2012 private keys, the identifiers of the
corresponding public keys are used, they are defined in the corresponding public keys are used; they are defined in [RFC9215].
[RFC9215]. The use of identifiers and public key parameters is The use of identifiers and public key parameters is defined in
defined in the [RFC9215]. [RFC9215].
* privateKey is an OCTET STRING that contains the value of the * privateKey is an OCTET STRING that contains the value of the
masked private key I. masked private key I.
* attributes are optional. They contain information corresponding * attributes are optional. They contain information corresponding
to the public key (e.g., certificates). to the public key (e.g., certificates).
* publicKey contains the value of the public key * publicKey contains the value of the public key
GostR3410–2012-256-PublicKey or GostR3410–2012-512-PublicKey GostR3410-2012-256-PublicKey or GostR3410-2012-512-PublicKey
encoded in a BIT STRING. It is an optional field. encoded in a BIT STRING. This field is optional.
5.4. EncryptedPrivateKeyInfo structure for GOST R 34.10–2012 key 5.4. EncryptedPrivateKeyInfo Structure for GOST R 34.10-2012 Key
In accordance with [RFC7292] the encrypted information of the private In accordance with [RFC7292], the encrypted information regarding the
key is defined as the PKCS8ShroudedKeyBag structure: private key is defined as the PKCS8ShroudedKeyBag structure:
PKCS8ShroudedKeyBag::= EncryptedPrivateKeyInfo PKCS8ShroudedKeyBag::= EncryptedPrivateKeyInfo
In accordance with [RFC5958] the EncryptedPrivateKeyInfo has the In accordance with [RFC5958], EncryptedPrivateKeyInfo has the
following structure: following structure:
EncryptedPrivateKeyInfo ::= SEQUENCE EncryptedPrivateKeyInfo ::= SEQUENCE
{ {
encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData EncryptedData encryptedData EncryptedData
} }
EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedData ::= OCTET STRING EncryptedData ::= OCTET STRING
The fields have the following meanings: The fields have the following meanings:
* encryptionAlgorithm identifies the algorithm under which the * encryptionAlgorithm identifies the algorithm under which the
private key information is encrypted. Encryption MUST use PBES2 private key information is encrypted. Encryption MUST use the
scheme. The algorithm and parameters of this scheme are presented PBES2 scheme. The algorithm and parameters of this scheme are
in [RFC9337]. presented in [RFC9337].
* encryptedData is the DER-encoded PrivateKeyInfo structure. * encryptedData is the DER-encoded PrivateKeyInfo structure.
6. GOST R 34.10–2012 certificate representation 6. GOST R 34.10-2012 Certificate Representation
In accordance with [RFC7292] a CertBag is defined as information In accordance with [RFC7292], a CertBag is defined as information
about a certificate and represented as the following structure: about a certificate and has the following structure:
CertBag ::= SEQUENCE CertBag ::= SEQUENCE
{ {
certId BAG-TYPE.&id ({CertTypes}), certId BAG-TYPE.&id ({CertTypes}),
certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
} }
The fields have the following meanings: The fields have the following meanings:
* certId identifies the type of certificate. * certId identifies the type of certificate.
* certValue contains certificate. * certValue contains the certificate.
7. Security Mechanisms 7. Security Mechanisms
Let the sender and receiver have a pre-agreed password P. The sender Let the sender and receiver have a previously agreed-upon password P.
generates a password key using the PBKDF2 algorithm in accordance The sender generates a password key using the PBKDF2 algorithm in
with [RFC9337] and uses it to encrypt the transmitted private key. accordance with [RFC9337] and uses it to encrypt the transmitted
The recipient independently generates a password key using the same private key. The recipient independently generates a password key
PBKDF2 diversification algorithm in accordance with [RFC9337] and using the same PBKDF2 diversification algorithm in accordance with
uses it to extract the private key from the PFX. [RFC9337] and uses it to extract the private key from the PFX.
The same password P is used to encrypt different sections of the PFX The same password P is used to encrypt different sections of the PFX
using different random initializing value S with a length of 8 to 32 using a different random initializing value S with a length of 8 to
bytes, where S and P are the input parameters of the PBKDF2 function. 32 bytes, where S and P are the input parameters of the PBKDF2
The password MUST be encoded as a Unicode UTF-8 string and fed into function. The password MUST be encoded as a Unicode UTF-8 string and
the PBKDF2 algorithm as a P parameter. fed into the PBKDF2 algorithm as a P parameter.
The integrity of PFX is ensured by using the HMAC_GOSTR3411_2012_512 The integrity of the PFX is ensured by using the
algorithm in accordance with [RFC7836]. For checking the integrity HMAC_GOSTR3411_2012_512 algorithm in accordance with [RFC7836]. To
of PFX with the HMAC_GOSTR3411_2012_512 algorithm the key for this check the integrity of the PFX with the HMAC_GOSTR3411_2012_512
algorithm is also generated by using the PBKDF2 algorithm in algorithm, the key for this algorithm is also generated by using the
accordance with [RFC9337] with the same value of the P parameter and PBKDF2 algorithm in accordance with [RFC9337], with the same value
a different initializing value S with a length of 8 to 32 bytes. The for the P parameter and a different initializing value S with a
dkLen parameter for the PBKDF2 algorithm is set to 96 bytes. The key length of 8 to 32 bytes. The dkLen parameter for the PBKDF2
for the HMAC_GOSTR3411_2012_512 algorithm must be the last 32 bytes algorithm is set to 96 bytes. The key for the
of the 96-byte sequence generated by the PBKDF2 algorithm. The HMAC_GOSTR3411_2012_512 algorithm must be the last 32 bytes of the
PBKDF2 algorithm parameters S and c are saved in macData.Salt and 96-byte sequence generated by the PBKDF2 algorithm. The PBKDF2
macData.iterations fileds respectively. The HMAC_GOSTR3411_2012_512 algorithm parameters S and c are saved in the macData.Salt and
macData.iterations fields, respectively. The HMAC_GOSTR3411_2012_512
function is calculated from the content field of the authSafe function is calculated from the content field of the authSafe
structure field. The authSafe structure field is a PFX structure structure field. The authSafe structure field is a PFX structure
field. The value of the calculated checksum is saved in the field. The value of the calculated checksum is saved in the
macData.mac.digest field. The macData.mac.digestAlgorithm.algorithm macData.mac.digest field. The macData.mac.digestAlgorithm.algorithm
field contains the following algorithm identifier: field contains the following algorithm identifier:
id-tc26-gost3411-12-512 :: = id-tc26-gost3411-12-512 :: =
{ {
iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms (1) digest(2) gost3411–2012-512(3) algorithms(1) digest(2) gost3411-12-512(3)
} }
The macData.mac.digestAlgorithm.parameters field isn't used and The macData.mac.digestAlgorithm.parameters field isn't used and
should be omitted. should be omitted.
8. Security Considerations 8. Security Considerations
The masked keys SHOULD be used to ensure the protection of private The masked keys SHOULD be used to ensure that private keys are
keys from leaking through side channels when reading and performing protected from leaking through side channels when reading and
operations with keys. Applications MUST use unique values for ukm performing operations with keys. Applications MUST use unique values
and S in the PBKDF2 algorithm. It is RECOMMENDED that parameter S for ukm and S in the PBKDF2 algorithm. It is RECOMMENDED that
consist of at least 32 octets of pseudo-random data in order to parameter S consist of at least 32 octets of pseudorandom data in
reduce the probability of collisions of keys generated from the same order to reduce the probability of collisions of keys generated from
password. The password MUST be encoded as a Unicode UTF-8 string and the same password. The password MUST be encoded as a Unicode UTF-8
fed into the PBKDF2 algorithm as a P parameter. For more information string and fed into the PBKDF2 algorithm as a P parameter. For more
see [RFC9337]. Encryption MUST use PBES2 scheme for encryption information, see [RFC9337]. Encryption MUST use the PBES2 scheme to
private keys. Public keys MUST be DER-encoded as an octet string in encrypt private keys. Public keys MUST be DER encoded as an octet
accordance with [RFC9215]. Passwords SHOULD be stored in secure way. string in accordance with [RFC9215]. Passwords SHOULD be stored in a
For information on security considerations for generating the secure way. For information on security considerations for
transport key containers see [RFC7292]. generating PFX, see [RFC7292].
9. IANA Considerations 9. IANA Considerations
This document has no IANA actions. This document has no IANA actions.
10. ASN.1 Modules 10. ASN.1 Modules
PKCS-12RU PKCS-12RU
{ {
iso(1) member-body(2) ru(643) rosstandart(7) iso(1) member-body(2) ru(643) rosstandart(7)
tc26(1) modules(0) pkcs-12ruSyntax(5) tc26(1) modules(0) pkcs-12ruSyntax(5)
} }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
GostR3410–2012-PublicKey GostR3410-2012-PublicKey
FROM GostR3410–2012-PKISyntax FROM GostR3410-2012-PKISyntax
{ {
iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
modules(0) gostR34102012-PKISyntax(2) modules(0) gostR3410-2012-PKISyntax(2)
}; };
END END
11. References 11. References
11.1. Normative References 11.1. Normative References
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997, DOI 10.17487/RFC2104, February 1997,
skipping to change at page 14, line 49 skipping to change at line 606
GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with
the Internet X.509 Public Key Infrastructure", RFC 9215, the Internet X.509 Public Key Infrastructure", RFC 9215,
DOI 10.17487/RFC9215, March 2022, DOI 10.17487/RFC9215, March 2022,
<https://www.rfc-editor.org/info/rfc9215>. <https://www.rfc-editor.org/info/rfc9215>.
[RFC9337] Karelina, E., Ed., "Generating Password-Based Keys Using [RFC9337] Karelina, E., Ed., "Generating Password-Based Keys Using
the GOST Algorithms", RFC 9337, DOI 10.17487/RFC9337, the GOST Algorithms", RFC 9337, DOI 10.17487/RFC9337,
December 2022, <https://www.rfc-editor.org/info/rfc9337>. December 2022, <https://www.rfc-editor.org/info/rfc9337>.
[X.680] ITU-T, "Information Technology - Abstract Syntax Notation [X.680] ITU-T, "Information Technology - Abstract Syntax Notation
One: Specification of Basic Notation.", ITU-T, One (ASN.1): Specification of basic notation", ITU-T
Recommendation X.680, ISO/IEC 8824-1:2002, 2002. Recommendation X.680, ISO/IEC 8824-1:2021, February 2021,
<https://www.itu.int/rec/T-REC-X.680>.
[X.690] ITU-T, "Information technology - ASN.1 encoding rules: [X.690] ITU-T, "Information technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules Encoding Rules (CER) and Distinguished Encoding Rules
(DER).", ITU-T, Recommendation X.690, ISO/IEC (DER)", ITU-T Recommendation X.690, ISO/IEC International
International Standard 8825-1:2008, November 2008. Standard 8825-1:2021, February 2021,
<https://www.itu.int/rec/T-REC-X.690>.
11.2. Informative References 11.2. Informative References
[GostPkcs12]
Potashnikov, A., Karelina, E., Pianov, S., and A.
Naumenko, "Information technology. Cryptographic Data
Security. The transport key containers.", R
1323565.1.041–2022. Federal Agency on Technical Regulating
and Metrology (In Russian).
[ISO14888-1] [ISO14888-1]
ISO/IEC, "Information technology - Security techniques - ISO/IEC, "Information technology - Security techniques -
Digital signatures with appendix - Part 1: General.", ISO/ Digital signatures with appendix - Part 1: General", ISO/
IEC 14888-1, 2008. IEC 14888-1, April 2008,
<https://www.iso.org/standard/44226.html>.
Appendix A. Examples Appendix A. Examples
This section contains examples of using GOST cryptographic algorithms This section contains examples of using GOST cryptographic algorithms
to create a PFX. to create a PFX.
A.1. Test data A.1. Test Data
In all examples the following data is used. In all examples, the following data is used.
A.1.1. Test certificate A.1.1. Test Certificate
This section contains a test certififcate in BASE64 format. This section contains a test certificate in BASE64 format.
MIICLjCCAdugAwIBAgIEAYy6hDAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2 MIICLjCCAdugAwIBAgIEAYy6hDAKBggqhQMHAQEDAjA4MQ0wCwYDVQQKEwRUSzI2
MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0LjEwLTEyIDI1Ni1iaXQwHhcNMDEw
MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRUSzI2MSowKAYD MTAxMDAwMDAwWhcNNDkxMjMxMDAwMDAwWjA7MQ0wCwYDVQQKEwRUSzI2MSowKAYD
VQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDUxMi1iaXQwgaAwFwYIKoUD VQQDEyFPUklHSU5BVE9SOiBHT1NUIDM0LjEwLTEyIDUxMi1iaXQwgaAwFwYIKoUD
BwEBAQIwCwYJKoUDBwECAQIBA4GEAASBgLSLt1q8KQ4YZVxioU+1LV9QhE7MHR9g BwEBAQIwCwYJKoUDBwECAQIBA4GEAASBgLSLt1q8KQ4YZVxioU+1LV9QhE7MHR9g
BEh7S1yVNGlqt7+rNG5VFqmrPM74rbUsOlhV8M+zZKprXdk35Oz8lSW/n2oIUHZx BEh7S1yVNGlqt7+rNG5VFqmrPM74rbUsOlhV8M+zZKprXdk35Oz8lSW/n2oIUHZx
ikXIH/SSHj4rv3K/Puvz7hYTQSZl/xPdp78nUmjrEa6d5wfX8biEy2z0dgufFvAk ikXIH/SSHj4rv3K/Puvz7hYTQSZl/xPdp78nUmjrEa6d5wfX8biEy2z0dgufFvAk
Mw1Ua4gdXqDOo4GHMIGEMGMGA1UdIwRcMFqAFKxsDkxEZqJCluKfCTslZvPLpFMq Mw1Ua4gdXqDOo4GHMIGEMGMGA1UdIwRcMFqAFKxsDkxEZqJCluKfCTslZvPLpFMq
oTykOjA4MQ0wCwYDVQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0 oTykOjA4MQ0wCwYDVQQKEwRUSzI2MScwJQYDVQQDEx5DQSBUSzI2OiBHT1NUIDM0
LjEwLTEyIDI1Ni1iaXSCBAGMuoEwHQYDVR0OBBYEFH4GVwmYDK1rCKhX7nkAWDrJ LjEwLTEyIDI1Ni1iaXSCBAGMuoEwHQYDVR0OBBYEFH4GVwmYDK1rCKhX7nkAWDrJ
16CkMAoGCCqFAwcBAQMCA0EACl6p8dAbpi9Hk+3mgMyI0WIh17IrlrSp/mB0F7Zz 16CkMAoGCCqFAwcBAQMCA0EACl6p8dAbpi9Hk+3mgMyI0WIh17IrlrSp/mB0F7Zz
Mt8XUD1Dwz3JrrnxeXnfMvOA5BdUJ9hCyDgMVAGs/IcEEA== Mt8XUD1Dwz3JrrnxeXnfMvOA5BdUJ9hCyDgMVAGs/IcEEA==
A.1.2. Test key A.1.2. Test Key
This section contains a test key bytes in hexadecimal. This section contains test key bytes in hexadecimal.
F95A5D44C5245F63F2E7DF8E782C1924EADCB8D06C52D91023179786154CBDB1 F95A5D44C5245F63F2E7DF8E782C1924EADCB8D06C52D91023179786154CBDB1
561B4DF759D69F67EE1FBD5B68800E134BAA12818DA4F3AC75B0E5E6F9256911 561B4DF759D69F67EE1FBD5B68800E134BAA12818DA4F3AC75B0E5E6F9256911
A.2. The example of a PFX with a password-protected key and unencrypted A.2. Example of a PFX with a Password-Protected Key and Unencrypted
certificate. Certificate
In this example the PKCS8SHroudedKeybag structure is used to store In this example, the PKCS8SHroudedKeybag structure is used to store
the key, which is placed in the Data structure. The certBag the key, which is placed in the Data structure. The certBag
structure is used to store the certificate, which is placed in the structure is used to store the certificate, which is placed in the
Data structure. A following password is used to encrypt the key and Data structure. The following password is used to encrypt the key
control the integrity: "Пароль для PFX". The password is in and provide integrity control: "Пароль для PFX". The password is in
hexadecimal: hexadecimal:
D09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658 D09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658
The key encryption algorithm identifier: The key encryption algorithm identifier:
1.2.643.7.1.1.5.2.2 1.2.643.7.1.1.5.2.2
A.2.1. PFX in BASE64 format A.2.1. PFX in BASE64 Format
MIIFKwIBAzCCBMQGCSqGSIb3DQEHAaCCBLUEggSxMIIErTCCAswGCSqGSIb3DQEH MIIFKwIBAzCCBMQGCSqGSIb3DQEHAaCCBLUEggSxMIIErTCCAswGCSqGSIb3DQEH
AaCCAr0EggK5MIICtTCCArEGCyqGSIb3DQEMCgEDoIICSjCCAkYGCiqGSIb3DQEJ AaCCAr0EggK5MIICtTCCArEGCyqGSIb3DQEMCgEDoIICSjCCAkYGCiqGSIb3DQEJ
FgGgggI2BIICMjCCAi4wggHboAMCAQICBAGMuoQwCgYIKoUDBwEBAwIwODENMAsG FgGgggI2BIICMjCCAi4wggHboAMCAQICBAGMuoQwCgYIKoUDBwEBAwIwODENMAsG
A1UEChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjogR09TVCAzNC4xMC0xMiAyNTYt A1UEChMEVEsyNjEnMCUGA1UEAxMeQ0EgVEsyNjogR09TVCAzNC4xMC0xMiAyNTYt
Yml0MB4XDTAxMDEwMTAwMDAwMFoXDTQ5MTIzMTAwMDAwMFowOzENMAsGA1UEChME Yml0MB4XDTAxMDEwMTAwMDAwMFoXDTQ5MTIzMTAwMDAwMFowOzENMAsGA1UEChME
VEsyNjEqMCgGA1UEAxMhT1JJR0lOQVRPUjogR09TVCAzNC4xMC0xMiA1MTItYml0 VEsyNjEqMCgGA1UEAxMhT1JJR0lOQVRPUjogR09TVCAzNC4xMC0xMiA1MTItYml0
MIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQOBhAAEgYC0i7davCkOGGVcYqFP MIGgMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQOBhAAEgYC0i7davCkOGGVcYqFP
tS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO+K21LDpYVfDPs2Sqa13ZN+Ts tS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO+K21LDpYVfDPs2Sqa13ZN+Ts
/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0EmZf8T3ae/J1Jo6xGunecH1/G4 /JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0EmZf8T3ae/J1Jo6xGunecH1/G4
hMts9HYLnxbwJDMNVGuIHV6gzqOBhzCBhDBjBgNVHSMEXDBagBSsbA5MRGaiQpbi hMts9HYLnxbwJDMNVGuIHV6gzqOBhzCBhDBjBgNVHSMEXDBagBSsbA5MRGaiQpbi
skipping to change at page 17, line 33 skipping to change at line 705
JLWygYrKoipdOjDA/2HEnBZ34uFOLNheUqiKpCPoFpbR2GBiVYVTVK9ibiczgaca JLWygYrKoipdOjDA/2HEnBZ34uFOLNheUqiKpCPoFpbR2GBiVYVTVK9ibiczgaca
EQYzDXtcS0QCZOxpKWfteAlbdJLC/SqPurPYyKi0MVRUPROhbisFASDT38HDH1Dh EQYzDXtcS0QCZOxpKWfteAlbdJLC/SqPurPYyKi0MVRUPROhbisFASDT38HDH1Dh
0dL5f6ga4aPWLrWbbgWERFOoOPyh4DotlPF37AQOwiEjsbyyRHq3HgbWiaxQRuAh 0dL5f6ga4aPWLrWbbgWERFOoOPyh4DotlPF37AQOwiEjsbyyRHq3HgbWiaxQRuAh
eqHOn4QVGY92/HFvJ7u3TcnQdLWhTe/lh1RHLNF3RnXtN9if9zC23laDZOiWZplU eqHOn4QVGY92/HFvJ7u3TcnQdLWhTe/lh1RHLNF3RnXtN9if9zC23laDZOiWZplU
yLrUiTCbHrtn1RppPDmLFNMt9dJ7KKgCkOi7Zm5nhqPChbywX13wcfYxVDAjBgkq yLrUiTCbHrtn1RppPDmLFNMt9dJ7KKgCkOi7Zm5nhqPChbywX13wcfYxVDAjBgkq
hkiG9w0BCRUxFgQUeVV0+dS25MICJChpmGc/8AoUwE0wLQYJKoZIhvcNAQkUMSAe hkiG9w0BCRUxFgQUeVV0+dS25MICJChpmGc/8AoUwE0wLQYJKoZIhvcNAQkUMSAe
HgBwADEAMgBGAHIAaQBlAG4AZABsAHkATgBhAG0AZTBeME4wCgYIKoUDBwEBAgME HgBwADEAMgBGAHIAaQBlAG4AZABsAHkATgBhAG0AZTBeME4wCgYIKoUDBwEBAgME
QAkBKw4ihn7pSIYTEhu0bcvTPZjI3WgVxCkUVlOsc80G69EKFEOTnObGJGSKJ51U QAkBKw4ihn7pSIYTEhu0bcvTPZjI3WgVxCkUVlOsc80G69EKFEOTnObGJGSKJ51U
KkOsXF0a7+VBZf3BcVVQh9UECIVEtO+VpuskAgIIAA== KkOsXF0a7+VBZf3BcVVQh9UECIVEtO+VpuskAgIIAA==
A.2.2. PFX in ASN.1 format A.2.2. PFX in ASN.1 Format
0 1323:SEQUENCE: 0 1323:SEQUENCE:
4 1: INTEGER: 3 4 1: INTEGER: 3
7 1220: SEQUENCE: 7 1220: SEQUENCE:
11 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 11 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
22 1205: CONTEXT SPECIFIC (0): 22 1205: CONTEXT SPECIFIC (0):
26 1201: OCTET STRING: 26 1201: OCTET STRING:
30 1197: SEQUENCE: 30 1197: SEQUENCE:
34 716: SEQUENCE: 34 716: SEQUENCE:
38 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 38 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
skipping to change at page 19, line 4 skipping to change at line 772
: 'ORIGINATOR: : 'ORIGINATOR:
: GOST 34.10-12 512-bit' : GOST 34.10-12 512-bit'
288 160: SEQUENCE: 288 160: SEQUENCE:
291 23: SEQUENCE: 291 23: SEQUENCE:
293 8: OBJECT IDENTIFIER: 293 8: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.1.2] : [1.2.643.7.1.1.1.2]
303 11: SEQUENCE: 303 11: SEQUENCE:
305 9: OBJECT IDENTIFIER: 305 9: OBJECT IDENTIFIER:
: [1.2.643.7.1.2.1.2.1] : [1.2.643.7.1.2.1.2.1]
316 132: BIT STRING UnusedBits:0: 316 132: BIT STRING UnusedBits:0:
320 128: OCTET STRING: 320 128: OCTET STRING:
: B48BB75ABC290E18655C62A : B48BB75ABC290E18655C62A
: 14FB52D5F50844ECC1D1F60 : 14FB52D5F50844ECC1D1F60
: 04487B4B5C9534696AB7BFA : 04487B4B5C9534696AB7BFA
: B346E5516A9AB3CCEF8ADB5 : B346E5516A9AB3CCEF8ADB5
: 2C3A5855F0CFB364AA6B5DD : 2C3A5855F0CFB364AA6B5DD
: 937E4ECFC9525BF9F6A0850 : 937E4ECFC9525BF9F6A0850
: 76718A45C81FF4921E3E2BB : 76718A45C81FF4921E3E2BB
: F72BF3EEBF3EE1613412665 : F72BF3EEBF3EE1613412665
: FF13DDA7BF275268EB11AE9 : FF13DDA7BF275268EB11AE9
: DE707D7F1B884CB6CF4760B : DE707D7F1B884CB6CF4760B
: 9F16F024330D546B881D5EA0CE : 9F16F024330D546B881D5EA0CE
451 135: CONTEXT SPECIFIC (3): 451 135: CONTEXT SPECIFIC (3):
454 132: SEQUENCE: 454 132: SEQUENCE:
457 99: SEQUENCE: 457 99: SEQUENCE:
459 3: OBJECT IDENTIFIER: 459 3: OBJECT IDENTIFIER:
: authorityKeyIdentifier [2.5.29.35] : authorityKeyIdentifier
: [2.5.29.35]
464 92: OCTET STRING: 464 92: OCTET STRING:
466 90: SEQUENCE: 466 90: SEQUENCE:
468 20: CONTEXT SPECIFIC (0): 468 20: CONTEXT SPECIFIC (0):
: AC6C0E4C4466A24296E2 : AC6C0E4C4466A24296E2
: 9F093B2566F3CBA4532A : 9F093B2566F3CBA4532A
490 60: CONTEXT SPECIFIC (1): 490 60: CONTEXT SPECIFIC (1):
492 58: CONTEXT SPECIFIC (4): 492 58: CONTEXT SPECIFIC (4):
494 56: SEQUENCE: 494 56: SEQUENCE:
496 13: SET: 496 13: SET:
498 11: SEQUENCE: 498 11: SEQUENCE:
500 3: OBJECT IDENTIFIER: 500 3: OBJECT IDENTIFIER:
: organizationName : organizationName
: [2.5.4.10] : [2.5.4.10]
505 4: PRINTABLE STRING:'TK26' 505 4: PRINTABLE STRING:
: 'TK26'
511 39: SET: 511 39: SET:
513 37: SEQUENCE: 513 37: SEQUENCE:
515 3: OBJECT IDENTIFIER: 515 3: OBJECT IDENTIFIER:
: commonName [2.5.4.3] : commonName
: [2.5.4.3]
520 30: PRINTABLE STRING: 520 30: PRINTABLE STRING:
: 'CA TK26: GOST ' : 'CA TK26: GOST '
: '34.10-12 256-bit' : '34.10-12 256-bit'
552 4: CONTEXT SPECIFIC (2): 552 4: CONTEXT SPECIFIC (2):
: 018CBA81 : 018CBA81
558 29: SEQUENCE: 558 29: SEQUENCE:
560 3: OBJECT IDENTIFIER: 560 3: OBJECT IDENTIFIER:
: subjectKeyIdentifier [2.5.29.14] : subjectKeyIdentifier
: [2.5.29.14]
565 22: OCTET STRING: 565 22: OCTET STRING:
567 20: OCTET STRING: 567 20: OCTET STRING:
: 7E065709980CAD6B08A8 : 7E065709980CAD6B08A8
: 57EE7900583AC9D7A0A4 : 57EE7900583AC9D7A0A4
589 10: SEQUENCE: 589 10: SEQUENCE:
591 8: OBJECT IDENTIFIER:
591 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.3.2] : [1.2.643.7.1.1.3.2]
601 65: BIT STRING UnusedBits:0: 601 65: BIT STRING UnusedBits:0:
: 0A5EA9F1D01BA62F4793EDE680CC88D1 : 0A5EA9F1D01BA62F4793EDE680CC88D1
: 6221D7B22B96B4A9FE607417B67332DF : 6221D7B22B96B4A9FE607417B67332DF
: 17503D43C33DC9AEB9F17979DF32F380 : 17503D43C33DC9AEB9F17979DF32F380
: E4175427D842C8380C5401ACFC870410 : E4175427D842C8380C5401ACFC870410
668 84: SET: 668 84: SET:
670 35: SEQUENCE: 670 35: SEQUENCE:
672 9: OBJECT IDENTIFIER:localKeyID 672 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21] : [1.2.840.113549.1.9.21]
683 22: SET: 683 22: SET:
skipping to change at page 20, line 30 skipping to change at line 850
709 9: OBJECT IDENTIFIER:friendlyName 709 9: OBJECT IDENTIFIER:friendlyName
: [1.2.840.113549.1.9.20] : [1.2.840.113549.1.9.20]
720 32: SET: 720 32: SET:
722 30: BMP STRING:'p12FriendlyName' 722 30: BMP STRING:'p12FriendlyName'
754 473: SEQUENCE: 754 473: SEQUENCE:
758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 758 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
769 458: CONTEXT SPECIFIC (0): 769 458: CONTEXT SPECIFIC (0):
773 454: OCTET STRING: 773 454: OCTET STRING:
777 450: SEQUENCE: 777 450: SEQUENCE:
781 446: SEQUENCE: 781 446: SEQUENCE:
785 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag 785 11: OBJECT IDENTIFIER:
: [1.2.840.113549.1.12.10.1.2] : pkcs-12-pkcs-8ShroudedKeyBag
: [1.2.840.113549.1.12.10.1.2]
798 343: CONTEXT SPECIFIC (0): 798 343: CONTEXT SPECIFIC (0):
802 339: SEQUENCE: 802 339: SEQUENCE:
806 89: SEQUENCE: 806 89: SEQUENCE:
808 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] 808 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.13]
819 76: SEQUENCE: 819 76: SEQUENCE:
821 41: SEQUENCE: 821 41: SEQUENCE:
823 9: OBJECT IDENTIFIER: 823 9: OBJECT IDENTIFIER:
: [1.2.840.113549.1.5.12] : [1.2.840.113549.1.5.12]
834 28: SEQUENCE: 834 28: SEQUENCE:
836 8: OCTET STRING:'A7F837B34CC2E82A' 836 8: OCTET STRING:'A7F837B34CC2E82A'
846 2: INTEGER:2048 846 2: INTEGER:2048
850 12: SEQUENCE: 850 12: SEQUENCE:
852 8: OBJECT IDENTIFIER: 852 8: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.4.2] : [1.2.643.7.1.1.4.2]
862 0: NULL: 862 0: NULL:
864 31: SEQUENCE: 864 31: SEQUENCE:
866 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.2.2] 866 9: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.5.2.2]
877 18: SEQUENCE: 877 18: SEQUENCE:
879 16: OCTET STRING: 879 16: OCTET STRING:
: 259ADD960DF68F265B00B3498B2A0973 : 259ADD960DF68F265B00B3498B2A0973
897 245: OCTET STRING: 897 245: OCTET STRING:
: 0CCBC469C6DB5913435529D724B5B281 : 0CCBC469C6DB5913435529D724B5B281
: 8ACAA22A5D3A30C0FF61C49C1677E2E1 : 8ACAA22A5D3A30C0FF61C49C1677E2E1
: 4E2CD85E52A88AA423E81696D1D86062 : 4E2CD85E52A88AA423E81696D1D86062
: 55855354AF626E273381A71A1106330D : 55855354AF626E273381A71A1106330D
: 7B5C4B440264EC692967ED78095B7492 : 7B5C4B440264EC692967ED78095B7492
: C2FD2A8FBAB3D8C8A8B43154543D13A1 : C2FD2A8FBAB3D8C8A8B43154543D13A1
: 6E2B050120D3DFC1C31F50E1D1D2F97F : 6E2B050120D3DFC1C31F50E1D1D2F97F
: A81AE1A3D62EB59B6E05844453A838FC : A81AE1A3D62EB59B6E05844453A838FC
: A1E03A2D94F177EC040EC22123B1BCB2 : A1E03A2D94F177EC040EC22123B1BCB2
: 447AB71E06D689AC5046E0217AA1CE9F : 447AB71E06D689AC5046E0217AA1CE9F
skipping to change at page 21, line 27 skipping to change at line 898
: F730B6DE568364E896669954C8BAD489 : F730B6DE568364E896669954C8BAD489
: 309B1EBB67D51A693C398B14D32DF5D2 : 309B1EBB67D51A693C398B14D32DF5D2
: 7B28A80290E8BB666E6786A3C285BCB0 : 7B28A80290E8BB666E6786A3C285BCB0
: 5F5DF071F6 : 5F5DF071F6
1145 84: SET: 1145 84: SET:
1147 35: SEQUENCE: 1147 35: SEQUENCE:
1149 9: OBJECT IDENTIFIER:localKeyID 1149 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21] : [1.2.840.113549.1.9.21]
1160 22: SET: 1160 22: SET:
1162 20: OCTET STRING: 1162 20: OCTET STRING:
: 795574F9D4B6E4C20224286998673FF00A14C04D : 795574F9D4B6E4C20224
: 286998673FF00A14C04D
1184 45: SEQUENCE: 1184 45: SEQUENCE:
1186 9: OBJECT IDENTIFIER:friendlyName 1186 9: OBJECT IDENTIFIER:friendlyName
: [1.2.840.113549.1.9.20] : [1.2.840.113549.1.9.20]
1197 32: SET: 1197 32: SET:
1199 30: BMP STRING:'p12FriendlyName' 1199 30: BMP STRING:'p12FriendlyName'
1231 94: SEQUENCE: 1231 94: SEQUENCE:
1233 78: SEQUENCE: 1233 78: SEQUENCE:
1235 10: SEQUENCE: 1235 10: SEQUENCE:
1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] 1237 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3]
1247 64: OCTET STRING: 1247 64: OCTET STRING:
: 09012B0E22867EE9488613121BB46DCB : 09012B0E22867EE9488613121BB46DCB
: D33D98C8DD6815C429145653AC73CD06 : D33D98C8DD6815C429145653AC73CD06
: EBD10A1443939CE6C624648A279D542A : EBD10A1443939CE6C624648A279D542A
: 43AC5C5D1AEFE54165FDC171555087D5 : 43AC5C5D1AEFE54165FDC171555087D5
1313 8: OCTET STRING:'8544B4EF95A6EB24' 1313 8: OCTET STRING:'8544B4EF95A6EB24'
1323 2: INTEGER:2048 1323 2: INTEGER:2048
A.2.3. Decrypted key value in BASE64 format A.2.3. Decrypted Key Value in BASE64 Format
MIHiAgEBMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQRAEWkl+eblsHWs86SNgRKq MIHiAgEBMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQRAEWkl+eblsHWs86SNgRKq
SxMOgGhbvR/uZ5/WWfdNG1axvUwVhpcXIxDZUmzQuNzqJBkseI7f5/JjXyTFRF1a SxMOgGhbvR/uZ5/WWfdNG1axvUwVhpcXIxDZUmzQuNzqJBkseI7f5/JjXyTFRF1a
+YGBgQG0i7davCkOGGVcYqFPtS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO +YGBgQG0i7davCkOGGVcYqFPtS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO
+K21LDpYVfDPs2Sqa13ZN+Ts/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0Em +K21LDpYVfDPs2Sqa13ZN+Ts/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0Em
Zf8T3ae/J1Jo6xGunecH1/G4hMts9HYLnxbwJDMNVGuIHV6gzg== Zf8T3ae/J1Jo6xGunecH1/G4hMts9HYLnxbwJDMNVGuIHV6gzg==
A.2.4. Decrypted key value in ASN.1 format A.2.4. Decrypted Key Value in ASN.1 Format
0 226:SEQUENCE : 0 226:SEQUENCE:
3 1: INTEGER : 1 3 1: INTEGER: 1
6 23: SEQUENCE : 6 23: SEQUENCE:
8 8: OBJECT IDENTIFIER : [1.2.643.7.1.1.1.2] 8 8: OBJECT IDENTIFIER: [1.2.643.7.1.1.1.2]
18 11: SEQUENCE : 18 11: SEQUENCE:
20 9: OBJECT IDENTIFIER : [1.2.643.7.1.2.1.2.1] 20 9: OBJECT IDENTIFIER: [1.2.643.7.1.2.1.2.1]
31 64: OCTET STRING : 31 64: OCTET STRING:
: 116925F9E6E5B075ACF3A48D8112AA4B130E80685BBD1FEE679FD6 : 116925F9E6E5B075ACF3A48D8112AA4B130E80685BBD1FEE679FD6
: 59F74D1B56B1BD4C158697172310D9526CD0B8DCEA24192C788EDF : 59F74D1B56B1BD4C158697172310D9526CD0B8DCEA24192C788EDF
: E7F2635F24C5445D5AF9 : E7F2635F24C5445D5AF9
97 129: CONTEXT SPECIFIC (1) : 97 129: CONTEXT SPECIFIC (1):
: 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B : 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B
: 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3 : 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3
: 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B : 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B
: BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7 : BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7
: F1B884CB6CF4760B9F16F024330D546B881D5EA0CE : F1B884CB6CF4760B9F16F024330D546B881D5EA0CE
A.3. The example of a PFX with a password-protected key and a password- A.3. Example of a PFX with a Password-Protected Key and a Password-
protected certificate. Protected Certificate
In this example the PKCS8SHroudedKeybag structure is used to store In this example, the PKCS8SHroudedKeybag structure is used to store
the key, which is placed in the Data structure (see [RFC5652]). The the key, which is placed in the Data structure (see [RFC5652]). The
certBag structure is used to store the certificate, which is placed certBag structure is used to store the certificate, which is placed
in the EncryptedData structure (see [RFC5652]). A following password in the EncryptedData structure (see [RFC5652]). The following
is used to encrypt the key and control the integrity. The password password is used to encrypt the key and provide integrity control.
is in hexadecimal. The password is in hexadecimal.
0xD09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658 D09FD0B0D180D0BED0BBD18C20D0B4D0BBD18F20504658
The key encryption algorithm identifier: The key encryption algorithm identifier:
1.2.643.7.1.1.5.1.1 1.2.643.7.1.1.5.1.1
The certificate encryption algorithm identifier: The certificate encryption algorithm identifier:
1.2.643.7.1.1.5.1.2 1.2.643.7.1.1.5.1.2
A.3.1. PFX in BASE64 format A.3.1. PFX in BASE64 Format
MIIFjAIBAzCCBSUGCSqGSIb3DQEHAaCCBRYEggUSMIIFDjCCA0EGCSqGSIb3DQEH MIIFjAIBAzCCBSUGCSqGSIb3DQEHAaCCBRYEggUSMIIFDjCCA0EGCSqGSIb3DQEH
BqCCAzIwggMuAgEAMIIDJwYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBIMCkGCSqG BqCCAzIwggMuAgEAMIIDJwYJKoZIhvcNAQcBMFUGCSqGSIb3DQEFDTBIMCkGCSqG
SIb3DQEFDDAcBAgUuSVGsSwGjQICCAAwDAYIKoUDBwEBBAIFADAbBgkqhQMHAQEF SIb3DQEFDDAcBAgUuSVGsSwGjQICCAAwDAYIKoUDBwEBBAIFADAbBgkqhQMHAQEF
AQIwDgQM9Hk3dagtS48+G/x+gIICwWGPqxxN+sTrKbruRf9R5Ya9cf5AtO1frqMn AQIwDgQM9Hk3dagtS48+G/x+gIICwWGPqxxN+sTrKbruRf9R5Ya9cf5AtO1frqMn
f1eULfmZmTg/BdE51QQ+Vbnh3v1kmspr6h2+e4Wli+ndEeCWG6A6X/G22h/RAHW2 f1eULfmZmTg/BdE51QQ+Vbnh3v1kmspr6h2+e4Wli+ndEeCWG6A6X/G22h/RAHW2
YrVmf6cCWxW+YrqzT4h/8RQL/9haunD5LmHPLVsYrEai0OwbgXayDSwARVJQLQYq YrVmf6cCWxW+YrqzT4h/8RQL/9haunD5LmHPLVsYrEai0OwbgXayDSwARVJQLQYq
sLNmZK5ViN+fRiS5wszVJ3AtVq8EuPt41aQEKwPy2gmH4S6WmnQRC6W7aoqmIifF sLNmZK5ViN+fRiS5wszVJ3AtVq8EuPt41aQEKwPy2gmH4S6WmnQRC6W7aoqmIifF
PJENJNn5K2M1J6zNESs6bFtYNKMArNqtvv3rioY6eAaaLy6AV6ljsekmqodHmQjv PJENJNn5K2M1J6zNESs6bFtYNKMArNqtvv3rioY6eAaaLy6AV6ljsekmqodHmQjv
Y4eEioJs0xhpXhZY69PXT+ZBeHv6MSheBhwXqxAd1DqtPTafMjNK8rqKCap9TtPG Y4eEioJs0xhpXhZY69PXT+ZBeHv6MSheBhwXqxAd1DqtPTafMjNK8rqKCap9TtPG
vONvo5W9dgwegxRRQzlum8dzV4m1W9Aq4W7t8/UcxDWRz3k6ijFPlGaA9+8ZMTEO vONvo5W9dgwegxRRQzlum8dzV4m1W9Aq4W7t8/UcxDWRz3k6ijFPlGaA9+8ZMTEO
skipping to change at page 23, line 35 skipping to change at line 997
AAAEgeUqj9mI3RDfK5hMd0EeYws7foZK/5ANr2wUhP5qnDjAZgn76lExJ+wuvlnS AAAEgeUqj9mI3RDfK5hMd0EeYws7foZK/5ANr2wUhP5qnDjAZgn76lExJ+wuvlnS
9PChfWVugvdl/9XJgQvvr9Cu4pOh4ICXplchcy0dGk/MzItHRVC5wK2nTxwQ4kKT 9PChfWVugvdl/9XJgQvvr9Cu4pOh4ICXplchcy0dGk/MzItHRVC5wK2nTxwQ4kKT
kG9xhLFzoD16dhtqX0+/dQg9G8pE5EzCBIYRXLm1Arcz9k7KVsTJuNMjFrr7EQuu kG9xhLFzoD16dhtqX0+/dQg9G8pE5EzCBIYRXLm1Arcz9k7KVsTJuNMjFrr7EQuu
Tr80ATSQOtsq50zpFyrpznVPGCrOdIjpymZxNdvw48bZxqTtRVDxCYATOGqz0pwH Tr80ATSQOtsq50zpFyrpznVPGCrOdIjpymZxNdvw48bZxqTtRVDxCYATOGqz0pwH
ClWULHD9LIajLMB2GhBKyQw6ujIlltJs0T+WNdX/AT2FLi1LFSS3+Cj9MVQwIwYJ ClWULHD9LIajLMB2GhBKyQw6ujIlltJs0T+WNdX/AT2FLi1LFSS3+Cj9MVQwIwYJ
KoZIhvcNAQkVMRYEFHlVdPnUtuTCAiQoaZhnP/AKFMBNMC0GCSqGSIb3DQEJFDEg KoZIhvcNAQkVMRYEFHlVdPnUtuTCAiQoaZhnP/AKFMBNMC0GCSqGSIb3DQEJFDEg
Hh4AcAAxADIARgByAGkAZQBuAGQAbAB5AE4AYQBtAGUwXjBOMAoGCCqFAwcBAQID Hh4AcAAxADIARgByAGkAZQBuAGQAbAB5AE4AYQBtAGUwXjBOMAoGCCqFAwcBAQID
BEDp4e22JmXdnvR0xA99yQuzQuJ8pxBeOpsLm2dZQqt3Fje5zqW1uk/7VOcfV5r2 BEDp4e22JmXdnvR0xA99yQuzQuJ8pxBeOpsLm2dZQqt3Fje5zqW1uk/7VOcfV5r2
bKm8nsLOs2rPT8hBOoeAZvOIBAjGIUHw6IjG2QICCAA= bKm8nsLOs2rPT8hBOoeAZvOIBAjGIUHw6IjG2QICCAA=
A.3.2. PFX in ASN.1 format A.3.2. PFX in ASN.1 Format
0 1420:SEQUENCE: 0 1420:SEQUENCE:
4 1: INTEGER:3 4 1: INTEGER:3
7 1317: SEQUENCE: 7 1317: SEQUENCE:
11 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 11 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
22 1302: CONTEXT SPECIFIC (0): 22 1302: CONTEXT SPECIFIC (0):
26 1298: OCTET STRING: 26 1298: OCTET STRING:
30 1294: SEQUENCE: 30 1294: SEQUENCE:
34 833: SEQUENCE: 34 833: SEQUENCE:
38 9: OBJECT IDENTIFIER:encryptedData [1.2.840.113549.1.7.6] 38 9: OBJECT IDENTIFIER:
49 818: CONTEXT SPECIFIC (0): : encryptedData [1.2.840.113549.1.7.6]
53 814: SEQUENCE: 49 818: CONTEXT SPECIFIC (0):
57 1: INTEGER:0 53 814: SEQUENCE:
60 807: SEQUENCE: 57 1: INTEGER:0
64 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 60 807: SEQUENCE:
75 85: SEQUENCE: 64 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
75 85: SEQUENCE:
77 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] 77 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13]
88 72: SEQUENCE: 88 72: SEQUENCE:
90 41: SEQUENCE: 90 41: SEQUENCE:
92 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.12] 92 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.12]
103 28: SEQUENCE: 103 28: SEQUENCE:
105 8: OCTET STRING:'14B92546B12C068D' 105 8: OCTET STRING:'14B92546B12C068D'
115 2: INTEGER:2048 115 2: INTEGER:2048
119 12: SEQUENCE: 119 12: SEQUENCE:
121 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.4.2] 121 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.4.2]
131 0: NULL: 131 0: NULL:
133 27: SEQUENCE: 133 27: SEQUENCE:
135 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.1.2] 135 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.1.2]
146 14: SEQUENCE: 146 14: SEQUENCE:
148 12: OCTET STRING: 148 12: OCTET STRING:
: F4793775A82D4B8F3E1BFC7E : F4793775A82D4B8F3E1BFC7E
162 705: CONTEXT SPECIFIC (0): 162 705: CONTEXT SPECIFIC (0):
: 618FAB1C4DFAC4EB29BAEE45FF51E586BD7 : 618FAB1C4DFAC4EB29BAEE45FF51E586BD7
: 1FE40B4ED5FAEA3277F57942DF99999383F : 1FE40B4ED5FAEA3277F57942DF99999383F
: 05D139D5043E55B9E1DEFD649ACA6BEA1DB : 05D139D5043E55B9E1DEFD649ACA6BEA1DB
: E7B85A58BE9DD11E0961BA03A5FF1B6DA1F : E7B85A58BE9DD11E0961BA03A5FF1B6DA1F
: D10075B662B5667FA7025B15BE62BAB34F8 : D10075B662B5667FA7025B15BE62BAB34F8
: 87FF1140BFFD85ABA70F92E61CF2D5B18AC : 87FF1140BFFD85ABA70F92E61CF2D5B18AC
: 46A2D0EC1B8176B20D2C004552502D062AB : 46A2D0EC1B8176B20D2C004552502D062AB
: 0B36664AE5588DF9F4624B9C2CCD527702D : 0B36664AE5588DF9F4624B9C2CCD527702D
: 56AF04B8FB78D5A4042B03F2DA0987E12E9 : 56AF04B8FB78D5A4042B03F2DA0987E12E9
: 69A74110BA5BB6A8AA62227C53C910D24D9 : 69A74110BA5BB6A8AA62227C53C910D24D9
: F92B633527ACCD112B3A6C5B5834A300ACD : F92B633527ACCD112B3A6C5B5834A300ACD
: AADBEFDEB8A863A78069A2F2E8057A963B1 : AADBEFDEB8A863A78069A2F2E8057A963B1
: E926AA87479908EF6387848A826CD318695 : E926AA87479908EF6387848A826CD318695
: E1658EBD3D74FE641787BFA31285E061C17 : E1658EBD3D74FE641787BFA31285E061C17
: AB101DD43AAD3D369F32334AF2BA8A09AA7 : AB101DD43AAD3D369F32334AF2BA8A09AA7
: D4ED3C6BCE36FA395BD760C1E8314514339 : D4ED3C6BCE36FA395BD760C1E8314514339
: 6E9BC7735789B55BD02AE16EEDF3F51CC43 : 6E9BC7735789B55BD02AE16EEDF3F51CC43
: 591CF793A8A314F946680F7EF1931310E44 : 591CF793A8A314F946680F7EF1931310E44
: 784146F33A398DBF54D3716E0C567C662E3 : 784146F33A398DBF54D3716E0C567C662E3
: F1A528B762709920F98111EE6553F5EFECA : F1A528B762709920F98111EE6553F5EFECA
: 8F316EB06337F05F1847AD64E3F40DA4A23 : 8F316EB06337F05F1847AD64E3F40DA4A23
: 5414BFBD7860A7DA510CE7B21186CC82EFD : 5414BFBD7860A7DA510CE7B21186CC82EFD
: 4D1880FADA9975F89237BEE6B08B698332B : 4D1880FADA9975F89237BEE6B08B698332B
: 9A4B8CF50154F6FFE444FF9CDAE0470EE38 : 9A4B8CF50154F6FFE444FF9CDAE0470EE38
: 6114512361174F29EFEC37BF1A656AD1965 : 6114512361174F29EFEC37BF1A656AD1965
: C7F5F988B0F05D9367F7C249FEAF0A2AAC4 : C7F5F988B0F05D9367F7C249FEAF0A2AAC4
: BA28CC23F6C2032954FCCD0330A840A3D8F : BA28CC23F6C2032954FCCD0330A840A3D8F
: 7D5461265D8B87EC7D15980C932AFFC14F9 : 7D5461265D8B87EC7D15980C932AFFC14F9
: FDEADBA8FA80A96EABF7354C2964CFFC2E2 : FDEADBA8FA80A96EABF7354C2964CFFC2E2
: E31AA04C7B58C3FF9F446D3F3FA5DA74D12 : E31AA04C7B58C3FF9F446D3F3FA5DA74D12
: 2208FD36237A72DF5475E300739526C55E0 : 2208FD36237A72DF5475E300739526C55E0
: AEFEDDC4B0C60741D74D0A1AC593F21CD8F : AEFEDDC4B0C60741D74D0A1AC593F21CD8F
: 74840EC81E3F7A7A56D2AACA7A049BC9936 : 74840EC81E3F7A7A56D2AACA7A049BC9936
: E175588E33978988F3D2FC753401524872E : E175588E33978988F3D2FC753401524872E
: 39C905D99430FC93512B61DB5D12C3EDCFF : 39C905D99430FC93512B61DB5D12C3EDCFF
: E33B92A5B9E6C021084683AE497B46B893F : E33B92A5B9E6C021084683AE497B46B893F
: EB5B71611744A336501822DEA063A67EC35 : EB5B71611744A336501822DEA063A67EC35
: 35F0CB6CAD133DA4375A765F264FF55F87D : 35F0CB6CAD133DA4375A765F264FF55F87D
: F81F1D641655C6042EEF494C3C419EC5B52 : F81F1D641655C6042EEF494C3C419EC5B52
: 4607B850829F28BD27457DD92B5B233125C : 4607B850829F28BD27457DD92B5B233125C
: 656B555E6E : 656B555E6E
871 453: SEQUENCE: 871 453: SEQUENCE:
875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1] 875 9: OBJECT IDENTIFIER:data [1.2.840.113549.1.7.1]
886 438: CONTEXT SPECIFIC (0): 886 438: CONTEXT SPECIFIC (0):
890 434: OCTET STRING: 890 434: OCTET STRING:
894 430: SEQUENCE: 894 430: SEQUENCE:
898 426: SEQUENCE: 898 426: SEQUENCE:
902 11: OBJECT IDENTIFIER:pkcs-12-pkcs-8ShroudedKeyBag [1.2.840.113549.1.12.10.1.2] 902 11: OBJECT IDENTIFIER:
915 323: CONTEXT SPECIFIC (0): : pkcs-12-pkcs-8ShroudedKeyBag
919 319: SEQUENCE: : [1.2.840.113549.1.12.10.1.2]
923 85: SEQUENCE: 915 323: CONTEXT SPECIFIC (0):
925 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.13] 919 319: SEQUENCE:
936 72: SEQUENCE: 923 85: SEQUENCE:
938 41: SEQUENCE: 925 9: OBJECT IDENTIFIER:
940 9: OBJECT IDENTIFIER:[1.2.840.113549.1.5.12] : [1.2.840.113549.1.5.13]
951 28: SEQUENCE: 936 72: SEQUENCE:
953 8: OCTET STRING: 938 41: SEQUENCE:
: FD04424D0ED6DC2F 940 9: OBJECT IDENTIFIER:
963 2: INTEGER:2048 : [1.2.840.113549.1.5.12]
967 12: SEQUENCE: 951 28: SEQUENCE:
969 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.4.2] 953 8: OCTET STRING:
979 0: NULL: : FD04424D0ED6DC2F
981 27: SEQUENCE: 963 2: INTEGER:2048
983 9: OBJECT IDENTIFIER:[1.2.643.7.1.1.5.1.1] 967 12: SEQUENCE:
994 14: SEQUENCE: 969 8: OBJECT IDENTIFIER:
996 12: OCTET STRING: : [1.2.643.7.1.1.4.2]
: F0C52AA00000000000000000 979 0: NULL:
981 27: SEQUENCE:
983 9: OBJECT IDENTIFIER:
: [1.2.643.7.1.1.5.1.1]
994 14: SEQUENCE:
996 12: OCTET STRING:
: F0C52AA00000000000000000
1010 229: OCTET STRING: 1010 229: OCTET STRING:
: 2A8FD988DD10DF2B984C77411E630B3B7E864AFF900DAF6C1484FE6A9C38C : 2A8FD988DD10DF2B984C77411E630B3B
: 06609FBEA513127EC2EBE59D2F4F0A17D656E82F765FFD5C9810BEFAFD0AE : 7E864AFF900DAF6C1484FE6A9C38C066
: E293A1E08097A65721732D1D1A4FCCCC8B474550B9C0ADA74F1C10E242939 : 09FBEA513127EC2EBE59D2F4F0A17D65
: 06F7184B173A03D7A761B6A5F4FBF75083D1BCA44E44CC20486115CB9B502 : 6E82F765FFD5C9810BEFAFD0AEE293A1
: B733F64ECA56C4C9B8D32316BAFB110BAE4EBF340134903ADB2AE74CE9172 : E08097A65721732D1D1A4FCCCC8B4745
: AE9CE754F182ACE7488E9CA667135DBF0E3C6D9C6A4ED4550F1098013386A : 50B9C0ADA74F1C10E24293906F7184B1
: B3D29C070A55942C70FD2C86A32CC0761A104AC90C3ABA322596D26CD13F9 : 73A03D7A761B6A5F4FBF75083D1BCA44
: 635D5FF013D852E2D4B1524B7F828FD : E44CC20486115CB9B502B733F64ECA56
: C4C9B8D32316BAFB110BAE4EBF340134
: 903ADB2AE74CE9172AE9CE754F182ACE
: 7488E9CA667135DBF0E3C6D9C6A4ED45
: 50F1098013386AB3D29C070A55942C70
: FD2C86A32CC0761A104AC90C3ABA3225
: 96D26CD13F9635D5FF013D852E2D4B15
: 24B7F828FD
1242 84: SET: 1242 84: SET:
1244 35: SEQUENCE: 1244 35: SEQUENCE:
1246 9: OBJECT IDENTIFIER:localKeyID [1.2.840.113549.1.9.21] 1246 9: OBJECT IDENTIFIER:localKeyID
: [1.2.840.113549.1.9.21]
1257 22: SET: 1257 22: SET:
1259 20: OCTET STRING: 1259 20: OCTET STRING:
: 795574F9D4B6E4C20224286998673FF00A14C04D : 795574F9D4B6E4C20224
: 286998673FF00A14C04D
1281 45: SEQUENCE: 1281 45: SEQUENCE:
1283 9: OBJECT IDENTIFIER:friendlyName [1.2.840.113549.1.9.20] 1283 9: OBJECT IDENTIFIER:
: friendlyName [1.2.840.113549.1.9.20]
1294 32: SET: 1294 32: SET:
1296 30: BMP STRING:'p12FriendlyName' 1296 30: BMP STRING:'p12FriendlyName'
1328 94: SEQUENCE: 1328 94: SEQUENCE:
1330 78: SEQUENCE: 1330 78: SEQUENCE:
1332 10: SEQUENCE: 1332 10: SEQUENCE:
1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3] 1334 8: OBJECT IDENTIFIER:[1.2.643.7.1.1.2.3]
1344 64: OCTET STRING: 1344 64: OCTET STRING:
: E9E1EDB62665DD9EF474C40F7DC90BB342E27CA7105E3A9B0B9B675942AB771637B9CEA5B5BA4FFB54E71F57 : E9E1EDB62665DD9EF474C40F7DC90BB3
: 9AF66CA9BC9EC2CEB36ACF4FC8413A878066F388 : 42E27CA7105E3A9B0B9B675942AB7716
: 37B9CEA5B5BA4FFB54E71F579AF66CA9
: BC9EC2CEB36ACF4FC8413A878066F388
1410 8: OCTET STRING:'C62141F0E888C6D9' 1410 8: OCTET STRING:'C62141F0E888C6D9'
1420 2: INTEGER:2048 1420 2: INTEGER:2048
A.3.3. Decrypted key value in BASE64 format A.3.3. Decrypted Key Value in BASE64 Format
MIHiAgEBMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQRAEWkl+eblsHWs86SNgRKq MIHiAgEBMBcGCCqFAwcBAQECMAsGCSqFAwcBAgECAQRAEWkl+eblsHWs86SNgRKq
SxMOgGhbvR/uZ5/WWfdNG1axvUwVhpcXIxDZUmzQuNzqJBkseI7f5/JjXyTFRF1a SxMOgGhbvR/uZ5/WWfdNG1axvUwVhpcXIxDZUmzQuNzqJBkseI7f5/JjXyTFRF1a
+YGBgQG0i7davCkOGGVcYqFPtS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO +YGBgQG0i7davCkOGGVcYqFPtS1fUIROzB0fYARIe0tclTRpare/qzRuVRapqzzO
+K21LDpYVfDPs2Sqa13ZN+Ts/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0Em +K21LDpYVfDPs2Sqa13ZN+Ts/JUlv59qCFB2cYpFyB/0kh4+K79yvz7r8+4WE0Em
Zf8T3ae/J1Jo6xGunecH1/G4hMts9HYLnxbwJDMNVGuIHV6gzg== Zf8T3ae/J1Jo6xGunecH1/G4hMts9HYLnxbwJDMNVGuIHV6gzg==
A.3.4. Decrypted key value in ASN.1 format A.3.4. Decrypted Key Value in ASN.1 Format
0 226:SEQUENCE : 0 226:SEQUENCE:
3 1: INTEGER : 1 3 1: INTEGER: 1
6 23: SEQUENCE : 6 23: SEQUENCE:
8 8: OBJECT IDENTIFIER : [1.2.643.7.1.1.1.2] 8 8: OBJECT IDENTIFIER: [1.2.643.7.1.1.1.2]
18 11: SEQUENCE : 18 11: SEQUENCE:
20 9: OBJECT IDENTIFIER : [1.2.643.7.1.2.1.2.1] 20 9: OBJECT IDENTIFIER: [1.2.643.7.1.2.1.2.1]
31 64: OCTET STRING : 31 64: OCTET STRING:
: 116925F9E6E5B075ACF3A48D8112AA4B130E80685BBD1FEE679FD6 : 116925F9E6E5B075ACF3A48D8112AA4B130E80685BBD1FEE679FD6
: 59F74D1B56B1BD4C158697172310D9526CD0B8DCEA24192C788EDF : 59F74D1B56B1BD4C158697172310D9526CD0B8DCEA24192C788EDF
: E7F2635F24C5445D5AF9 : E7F2635F24C5445D5AF9
97 129: CONTEXT SPECIFIC (1) : 97 129: CONTEXT SPECIFIC (1):
: 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B : 01B48BB75ABC290E18655C62A14FB52D5F50844ECC1D1F6004487B
: 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3 : 4B5C9534696AB7BFAB346E5516A9AB3CCEF8ADB52C3A5855F0CFB3
: 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B : 64AA6B5DD937E4ECFC9525BF9F6A085076718A45C81FF4921E3E2B
: BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7 : BF72BF3EEBF3EE1613412665FF13DDA7BF275268EB11AE9DE707D7
: F1B884CB6CF4760B9F16F024330D546B881D5EA0CE : F1B884CB6CF4760B9F16F024330D546B881D5EA0CE
Acknowledgments Acknowledgments
The author thanks Potashnikov Alexander, Pianov Semen and Smyslov The author thanks Alexander Potashnikov, Semen Pianov, and Valery
Valery for their careful readings and useful comments. Smyslov for their careful readings and useful comments, and Alexander
Chelpanov for his help with the registration of identifiers.
Author's Address Author's Address
Ekaterina Karelina (editor) Ekaterina Karelina (editor)
InfoTeCS InfoTeCS
2B stroenie 1, ul. Otradnaya 2B stroenie 1, ul. Otradnaya
Moscow Moscow
127273 127273
Russian Federation Russian Federation
Email: Ekaterina.Karelina@infotecs.ru Email: Ekaterina.Karelina@infotecs.ru
 End of changes. 123 change blocks. 
464 lines changed or deleted 464 lines changed or added

This html diff was produced by rfcdiff 1.48.