Elliptic Curve Cryptography Subject Public Key Information
RFC 5480
| Document | Type |
RFC - Proposed Standard
(March 2009; Errata)
Updated by RFC 8813
Updates RFC 3279
|
|
|---|---|---|---|
| Authors | Tim Polk , Russ Housley , Sean Turner , Daniel Brown , Kelvin Yiu | ||
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text html pdf htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 5480 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Pasi Eronen | ||
| Send notices to | (None) | ||
Network Working Group S. Turner
Request for Comments: 5480 IECA
Updates: 3279 D. Brown
Category: Standards Track Certicom
K. Yiu
Microsoft
R. Housley
Vigil Security
T. Polk
NIST
March 2009
Elliptic Curve Cryptography Subject Public Key Information
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
This document specifies the syntax and semantics for the Subject
Public Key Information field in certificates that support Elliptic
Curve Cryptography. This document updates Sections 2.3.5 and 5, and
the ASN.1 module of "Algorithms and Identifiers for the Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 3279.
Turner, et al. Standards Track [Page 1]
RFC 5480 ECC SubjectPublicKeyInfo Format March 2009
Table of Contents
1. Introduction ....................................................2
1.1. Terminology ................................................3
2. Subject Public Key Information Fields ...........................3
2.1. Elliptic Curve Cryptography Public Key Algorithm
Identifiers ................................................3
2.2. Subject Public Key .........................................7
3. Key Usage Bits ..................................................7
4. Security Considerations .........................................8
5. ASN.1 Considerations ...........................................10
6. IANA Considerations ............................................11
7. Acknowledgments ................................................11
8. References .....................................................11
8.1. Normative References ......................................11
8.2. Informative References ....................................12
Appendix A. ASN.1 Module ..........................................13
1. Introduction
This document specifies the format of the subjectPublicKeyInfo field
in X.509 certificates [PKI] that use Elliptic Curve Cryptography
(ECC). It updates RFC 3279 [PKI-ALG]. This document specifies the
encoding formats for public keys used with the following ECC
algorithms:
o Elliptic Curve Digital Signature Algorithm (ECDSA);
o Elliptic Curve Diffie-Hellman (ECDH) family schemes; and
o Elliptic Curve Menezes-Qu-Vanstone (ECMQV) family schemes.
Two methods for specifying the algorithms that can be used with the
subjectPublicKey are defined. One method allows the key to be used
with any ECC algorithm, while the other method restricts the usage of
the key to specific algorithms. To promote interoperability, this
document indicates which is required to implement for Certification
Authorities (CAs) that implement ECC algorithms and relying parties
that claim to process ECC algorithms.
The ASN.1 [X.680] module in this document includes ASN.1 for ECC
algorithms. It also includes ASN.1 for non-ECC algorithms defined in
[PKI-ALG] and [PKI-ADALG], even though the associated text is
unaffected. By updating all of the ASN.1 from [PKI-ALG] in this
document, implementers only need to use the module found in this
document.
Turner, et al. Standards Track [Page 2]
RFC 5480 ECC SubjectPublicKeyInfo Format March 2009
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
Show full document text