RFC 3279 (rfc3279) - Page 2 of 27


Algorithms and Identifiers for the Internet X



Alternative Format: Original Text Document



RFC 3279               Algorithms and Identifiers             April 2002


   2.3.4  KEA Public Keys . . . . . . . . . . . . . . . . . . .  11
   2.3.5  ECDSA and ECDH Public Keys  . . . . . . . . . . . . .  13
   3  ASN.1 Module  . . . . . . . . . . . . . . . . . . . . . .  18
   4  References  . . . . . . . . . . . . . . . . . . . . . . .  24
   5  Security Considerations . . . . . . . . . . . . . . . . .  25
   6  Intellectual Property Rights  . . . . . . . . . . . . . .  26
   7  Author Addresses  . . . . . . . . . . . . . . . . . . . .  26
   8  Full Copyright Statement  . . . . . . . . . . . . . . . .  27

1  Introduction

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC 2119].

   This document specifies algorithm identifiers and ASN.1 [X.660]
   encoding formats for digital signatures and subject public keys used
   in the Internet X.509 Public Key Infrastructure (PKI).  This
   specification supplements [RFC 3280], "Internet X.509 Public Key
   Infrastructure:  Certificate and Certificate Revocation List (CRL)
   Profile."  Implementations of this specification MUST also conform to
   RFC 3280.

   This specification defines the contents of the signatureAlgorithm,
   signatureValue, signature, and subjectPublicKeyInfo fields within
   Internet X.509 certificates and CRLs.

   This document identifies one-way hash functions for use in the
   generation of digital signatures.  These algorithms are used in
   conjunction with digital signature algorithms.

   This specification describes the encoding of digital signatures
   generated with the following cryptographic algorithms:

      * Rivest-Shamir-Adelman (RSA);
      * Digital Signature Algorithm (DSA); and
      * Elliptic Curve Digital Signature Algorithm (ECDSA).

   This document specifies the contents of the subjectPublicKeyInfo
   field in Internet X.509 certificates.  For each algorithm, the
   appropriate alternatives for the the keyUsage extension are provided.
   This specification describes encoding formats for public keys used
   with the following cryptographic algorithms:

      * Rivest-Shamir-Adelman (RSA);
      * Digital Signature Algorithm (DSA);
      * Diffie-Hellman (DH);
      * Key Encryption Algorithm (KEA);



Polk, et al.                Standards Track