Title: Russian%20cryptographic%20algorithms%20(GOST)%20in%20Cryptographic%20Message%20Syntax%20and%20S/MIME
1Russian cryptographic algorithms (GOST) in
Cryptographic Message Syntax and S/MIME
Grigory Chudov CRYPTO-PRO, Russia Chudov_at_cryptopro
.ru
draft-leontiev-cryptopro-cpcms-00.txt
2Russian state standards
Encryption
GOST 28147-89 - "Cryptographic Protection for
Data Processing System, 1989
Hashing
GOST R 34.10-94 - "Information technology.
Cryptographic Data Security. Hashing function.",
1994.
Digital signature
GOST R 34.10-94 - "Information technology.
Cryptographic Data Security. Produce and check
procedures of Electronic Digital Signatures based
on Asymmetric Cryptographic Algorithm.", 1994.
GOST R 34.10-2001 - "Information technology.
Cryptographic data security. Signature and
verification processes of electronic digital
signature., 2001.
3Compatibility
Algorithm Parameters
Encryption
S-BOX not defined (except for test values)
Digest
S-BOX not defined
Digital signature
P, Q, A not defined (except for test values)
Elliptic Curve parameters not defined
Russian Federal Digital Signature Law, 10 Jan 2002
PKI ready
4Cryptographic Software Compatibility Agreement
Russian commercial cryptographic software vendors
FGUE STC "Atlas" www.stcnet.ru CRYPTO-PRO
www.cryptopro.ru Factor-TC www.factor-ts.ru M
D PREI www.security.ru Infotecs GmbH
www.infotecs.ru SPRCIS (SPbRCZI)
www.rczi.spb.ru Cryptocom www.cryptocom.ru R-A
lpha www.alpha.ru
5Informational Internet Drafts
Algorithms and Identifiers for the Internet X.509
Public Key Infrastructure Certificates and
Certificate Revocation List (CRL), corresponding
to the algorithms GOST R 34.10-94, GOST R
34.10-2001, GOST R 34.11-94http//www.ietf.org/in
ternet-drafts/draft-leontiev-cryptopro-cppk-00.txt
Addition of GOST Ciphersuites to Transport Layer
Security (TLS)http//www.ietf.org/internet-drafts
/draft-chudov-cryptopro-cptls-00.txt
Cryptographic Message Syntax (CMS) algorithms for
GOST 28147-89, GOST R 34.10-94, GOST R
34.10-2001, GOST R 34.11-94.http//www.ietf.org/i
nternet-drafts/draft-leontiev-cryptopro-cpcms-00.t
xt
6CMS GOST Algorithms
id-Gost28147-89 OBJECT IDENTIFIER --
Encryption id-CryptoPro-algorithms
gost28147-89(21) id-GostR3411-94 OBJECT
IDENTIFIER -- Digest id-CryptoPro-algorithm
s gostr3411(9) id-GostR3410-94 OBJECT
IDENTIFIER -- Signature id-CryptoPro-algori
thms gostR3410-94(20) id-GostR3410-2001
OBJECT IDENTIFIER -- Signature
id-CryptoPro-algorithms gostR3410-2001(19)
7CMS GOST Parameters
Gost28147-89-Parameters SEQUENCE
encryptionParamSet OBJECT IDENTIFIER, --
S-Box, etc iv Gost28147-89-IV GostR3411-94-P
aramSetParameters SEQUENCE hUZ
Gost28147-89-UZ, -- S-Box for digest OID h0
GostR3411-94-Digest -- starting
value GostR3410-94-PublicKeyParameters
SEQUENCE publicKeyParamSet OBJECT IDENTIFIER,
digestParamSet OBJECT IDENTIFIER,
encryptionParamSet OBJECT IDENTIFIER
OPTIONAL GostR3410-2001-PublicKeyParameters
SEQUENCE publicKeyParamSet OBJECT
IDENTIFIER, digestParamSet OBJECT IDENTIFIER,
encryptionParamSet OBJECT IDENTIFIER OPTIONAL
8GOST Key Transport
GostR3410-94-KeyTransportEncryptedKeyOctetString
SEQUENCE sessionEncryptedKey Gost28147-8
9-EncryptedKey, transportParameters 0
IMPLICIT GostR3410-94-TransportParameters
OPTIONAL GostR3410-94-TransportParameters
SEQUENCE encryptionParamSet OBJECT
IDENTIFIER, ephemeralPublicKey 0 IMPLICIT
SubjectPublicKeyInfo OPTIONAL, ukm OCTET
STRING GostR3410-2001-KeyTransportEncryptedKeyO
ctetString SEQUENCE sessionEncryptedKey
Gost28147-89-EncryptedKey, transportParameters
0 IMPLICIT GostR3410-94-TransportParameters
OPTIONAL GostR3410-2001-TransportParameters
SEQUENCE encryptionParamSet OBJECT
IDENTIFIER, ephemeralPublicKey 0 IMPLICIT
SubjectPublicKeyInfo OPTIONAL, ukm OCTET
STRING
9CMS Implementations
Microsoft Windows
CryptoPro CSP Russian cryptography
standards through Microsoft Cryptographic Service
Provider Interface. CryptoPro TLS adds GOST
cipher suites to Microsoft Schannel SSP (Security
Support Provider).
CSP, TLS
Solaris (Sun, Intel), VSTa - released Linux,
Free BSD, AIX - in progress
ISV products
CSP, TLS
SAP R/3 SNC, SSF adapters Apache, Open SSL,
mod_ssl, JCA
10S/MIME Implementations
CryptoPro CSP
Outlook
The BAT! (www.ritlabs.com) Moldova
Outlook Express