RFC 2875 (rfc2875) - Page 1 of 23
Diffie-Hellman Proof-of-Possession Algorithms
Alternative Format: Original Text Document
Network Working Group H. Prafullchandra
Request for Comments: 2875 Critical Path Inc
Category: Standards Track J. Schaad
July 2000
Diffie-Hellman Proof-of-Possession Algorithms
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document describes two methods for producing an integrity check
value from a Diffie-Hellman key pair. This behavior is needed for
such operations as creating the signature of a PKCS #10 certification
request. These algorithms are designed to provide a proof-of-
possession rather than general purpose signing.
1. Introduction
PKCS #10 [RFC 2314] defines a syntax for certification requests. It
assumes that the public key being requested for certification
corresponds to an algorithm that is capable of signing/encrypting.
Diffie-Hellman (DH) is a key agreement algorithm and as such cannot
be directly used for signing or encryption.
This document describes two new proof-of-possession algorithms using
the Diffie-Hellman key agreement process to provide a shared secret
as the basis of an integrity check value. In the first algorithm,
the value is constructed for a specific recipient/verifier by using a
public key of that verifier. In the second algorithm, the value is
constructed for arbitrary verifiers.
Prafullchandra & Schaad Standards Track