RFC 2875 (rfc2875) - Page 1 of 23

Diffie-Hellman Proof-of-Possession Algorithms

Network Working Group                                  H. Prafullchandra
Request for Comments: 2875                             Critical Path Inc
Category: Standards Track                                      J. Schaad
                                                               July 2000


             Diffie-Hellman Proof-of-Possession Algorithms

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

Abstract

   This document describes two methods for producing an integrity check
   value from a Diffie-Hellman key pair.  This behavior is needed for
   such operations as creating the signature of a PKCS #10 certification
   request.  These algorithms are designed to provide a proof-of-
   possession rather than general purpose signing.

1. Introduction

   PKCS #10 [RFC 2314] defines a syntax for certification requests. It
   assumes that the public key being requested for certification
   corresponds to an algorithm that is capable of signing/encrypting.
   Diffie-Hellman (DH) is a key agreement algorithm and as such cannot
   be directly used for signing or encryption.

   This document describes two new proof-of-possession algorithms using
   the Diffie-Hellman key agreement process to provide a shared secret
   as the basis of an integrity check value.  In the first algorithm,
   the value is constructed for a specific recipient/verifier by using a
   public key of that verifier.  In the second algorithm, the value is
   constructed for arbitrary verifiers.









Prafullchandra & Schaad     Standards Track