Network Working Group K. Davidson
Request for Comments: 2802 Differential
Category: Informational Y. Kawatsura
Hitachi
April 2000
Network Working Group K. Davidson
Request for Comments: 2802 Differential
Category: Informational Y. Kawatsura
Hitachi
April 2000
Digital Signatures for the v1.0 Internet Open Trading Protocol (IOTP)
1.0版互联网开放交易协议(IOTP)的数字签名
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
A syntax and procedures are described for the computation and verification of digital signatures for use within Version 1.0 of the Internet Open Trading Protocol (IOTP).
描述了用于计算和验证互联网开放交易协议(IOTP)1.0版内使用的数字签名的语法和程序。
Acknowledgment
致谢
This document is based on work originally done on general XML digital signatures by:
本文档基于以下人员最初对通用XML数字签名所做的工作:
Richard Brown of GlobeSet, Inc. <rdbrown@GlobeSet.com>
Richard Brown of GlobeSet, Inc. <rdbrown@GlobeSet.com>
Other contributors to the design of the IOTP DSIG DTD include, in alphabetic order:
IOTP DSIG DTD设计的其他贡献者按字母顺序包括:
David Burdett, Commerce One Andrew Drapp, Hitachi Donald Eastlake 3rd, Motorola, Inc.
David Burdett,商务一号Andrew Drapp,日立Donald Eastlake 3rd,摩托罗拉公司。
Table of Contents
目录
1. Introduction............................................3
2. Objective and Requirements..............................3
3. Signature Basics........................................3
3.1 Signature Element......................................3
3.2 Digest Element.........................................4
3.3 Originator and Recipient Information Elements..........5
3.4 Algorithm Element......................................5
4. Detailed Signature Syntax...............................6
4.1 Uniform Resource Names.................................6
4.2 IotpSignatures.........................................6
4.3 Signature Component....................................6
4.3.1 Signature............................................6
4.3.2 Manifest.............................................7
4.3.3 Algorithm............................................9
4.3.4 Digest...............................................9
4.3.5 Attribute...........................................10
4.3.6 OriginatorInfo......................................11
4.3.7 RecipientInfo.......................................11
4.3.8 KeyIdentifier.......................................12
4.3.9 Parameter...........................................13
4.4 Certificate Component.................................13
4.4.1 Certificate.........................................13
4.4.2 IssuerAndSerialNumber...............................14
4.5 Common Components.....................................15
4.5.1 Value...............................................15
4.5.2 Locator.............................................15
5. Supported Algorithms...................................16
5.1 Digest Algorithms.....................................16
5.1.1 SHA1................................................16
5.1.2 DOM-HASH............................................17
5.2 Signature Algorithms..................................17
5.2.1 DSA.................................................17
5.2.2 HMAC................................................18
5.2.3 RSA.................................................20
5.2.4 ECDSA...............................................20
6. Examples...............................................21
7. Signature DTD..........................................23
8. Security Considerations................................25
References................................................26
Authors' Addresses........................................28
Full Copyright Statement..................................29
1. Introduction............................................3
2. Objective and Requirements..............................3
3. Signature Basics........................................3
3.1 Signature Element......................................3
3.2 Digest Element.........................................4
3.3 Originator and Recipient Information Elements..........5
3.4 Algorithm Element......................................5
4. Detailed Signature Syntax...............................6
4.1 Uniform Resource Names.................................6
4.2 IotpSignatures.........................................6
4.3 Signature Component....................................6
4.3.1 Signature............................................6
4.3.2 Manifest.............................................7
4.3.3 Algorithm............................................9
4.3.4 Digest...............................................9
4.3.5 Attribute...........................................10
4.3.6 OriginatorInfo......................................11
4.3.7 RecipientInfo.......................................11
4.3.8 KeyIdentifier.......................................12
4.3.9 Parameter...........................................13
4.4 Certificate Component.................................13
4.4.1 Certificate.........................................13
4.4.2 IssuerAndSerialNumber...............................14
4.5 Common Components.....................................15
4.5.1 Value...............................................15
4.5.2 Locator.............................................15
5. Supported Algorithms...................................16
5.1 Digest Algorithms.....................................16
5.1.1 SHA1................................................16
5.1.2 DOM-HASH............................................17
5.2 Signature Algorithms..................................17
5.2.1 DSA.................................................17
5.2.2 HMAC................................................18
5.2.3 RSA.................................................20
5.2.4 ECDSA...............................................20
6. Examples...............................................21
7. Signature DTD..........................................23
8. Security Considerations................................25
References................................................26
Authors' Addresses........................................28
Full Copyright Statement..................................29
The Internet Open Trading Protocol (IOTP) provides a payment system independent interoperable framework for Internet commerce as documented in [RFC 2801]. All IOTP messages are XML documents. XML, the Extensible Markup Language [XML], is a syntactical standard promulgated by the World Wide Web Consortium. XML is intended primarily for structuring data exchanged and served over the World Wide Web.
互联网开放交易协议(IOTP)为互联网商务提供了一个独立于支付系统的互操作框架,如[RFC 2801]所述。所有IOTP消息都是XML文档。XML,可扩展标记语言[XML],是万维网联盟颁布的一种语法标准。XML主要用于结构化通过万维网交换和服务的数据。
Although IOTP assumes that any payment system used with it provides its own security, there are numerous cases where IOTP requires authentication and integrity services for portions of the XML messages it specifies.
尽管IOTP假定任何与之配套使用的支付系统都能提供其自身的安全性,但在许多情况下,IOTP需要为其指定的部分XML消息提供身份验证和完整性服务。
This document covers how digital signatures may be used with XML documents to provide authentication and tamper-proof protocol messages specifically for Version 1.0 of the IOTP protocol. The reader should recognize that an effort towards general XML digital signatures exists but is unlikely to produce its final result in time for IOTP Version 1.0. Future versions of IOTP will probably adopt by reference the results of this general XML digital signature effort.
本文档介绍如何将数字签名与XML文档一起使用,以提供IOTP协议1.0版的身份验证和防篡改协议消息。读者应该认识到,虽然已经在努力实现通用XML数字签名,但不太可能在IOTP 1.0版中及时产生最终结果。IOTP的未来版本可能会通过引用采用这种通用XML数字签名工作的结果。
The objective of this document is to propose syntax and procedures for the computation and verification of digital signatures applicable to Version 1.0 IOTP protocol messages, providing for:
本文件的目的是提出适用于1.0版IOTP协议消息的数字签名计算和验证的语法和程序,规定:
-- Authentication of IOTP transactions
-- Provide a means by which an IOTP message may be made "tamper-
proof", or detection of tampering is made evident
-- Describe a set of available digest and signature algorithms at
least one of which is mandatory to implement for interoperability
-- Easily integrate within the IOTP 1.0 Specification
-- Provide lightweight signatures with minimal redundancy
-- Allow signed portions of IOTP message to be "forwarded" to another
trading roles with different signature algorithms than the
original recipient
-- Authentication of IOTP transactions
-- Provide a means by which an IOTP message may be made "tamper-
proof", or detection of tampering is made evident
-- Describe a set of available digest and signature algorithms at
least one of which is mandatory to implement for interoperability
-- Easily integrate within the IOTP 1.0 Specification
-- Provide lightweight signatures with minimal redundancy
-- Allow signed portions of IOTP message to be "forwarded" to another
trading roles with different signature algorithms than the
original recipient
This specification consists primarily of the definition of an XML element known as the Signature element. This element consists of two sub-elements. The first one is a set of authenticated attributes, known as the signature Manifest, which comprises such things as a
本规范主要包括XML元素(称为Signature元素)的定义。此元素由两个子元素组成。第一个是一组经过身份验证的属性,称为签名清单,它包括
unique reference to the resources being authenticated and an indication of the keying material and algorithms being used. The second sub-element consists of the digital signature value.
对正在验证的资源的唯一引用,以及对正在使用的密钥材料和算法的指示。第二个子元素由数字签名值组成。
<Signature>
<Manifest>
(resource information block)
(originator information block)
(recipient information block)
(other attributes)
(signature algorithms information block)
</Manifest>
<Value encoding 'encoding scheme'>
(encoded signature value)
<Value>
</Signature>
<Signature>
<Manifest>
(resource information block)
(originator information block)
(recipient information block)
(other attributes)
(signature algorithms information block)
</Manifest>
<Value encoding 'encoding scheme'>
(encoded signature value)
<Value>
</Signature>
The digital signature is not computed directly from the pieces of information to be authenticated. Instead, the digital signature is computed from a set of authenticated attributes (the Manifest), which include references to, and a digests of, those pieces of information.
数字签名不是直接从要认证的信息片段计算出来的。相反,数字签名是从一组经过身份验证的属性(清单)计算出来的,其中包括对这些信息的引用和摘要。
The authentication is therefore "indirect".
因此,身份验证是“间接的”。
The Digest element consists of a unique and unambiguous reference to the XML resources being authenticated. It is constructed of a locator and the digest value data itself. The Digest algorithm is referred to indirectly via a DigestAlgorithmRef, so that Digest algorithms may be shared by multiple resources.
摘要元素包含对正在验证的XML资源的唯一且明确的引用。它由定位器和摘要值数据本身构成。摘要算法通过DigestAlgorithmRef间接引用,因此摘要算法可由多个资源共享。
<Digest DigestAlgorithmRef='D.1'>
<Locator href='resource locator'/>
<Value>
(Digest value)
</Value>
</Digest>
<Digest DigestAlgorithmRef='D.1'>
<Locator href='resource locator'/>
<Value>
(Digest value)
</Value>
</Digest>
The resource locator is implemented as a simple XML Link [XLink]. This not only provides a unique addressing scheme for internal and external resources, but also facilitates authentication of composite documents.
资源定位器实现为一个简单的XML链接[XLink]。这不仅为内部和外部资源提供了一种独特的寻址方案,而且还促进了复合文档的身份验证。
The purpose of the Originator and Recipient information elements is to provide identification and keying material for these respective parties.
发起者和接收者信息元素的目的是为这些相关方提供识别和键入材料。
<OriginatorInfo> (identification information block) (keying material information block) </OriginatorInfo>
<OriginatorInfo>(标识信息块)(键入材料信息块)</OriginatorInfo>
<RecipientInfo> (identification information block) (keying material information block) </RecipientInfo>
<RecipientInfo>(标识信息块)(键入物料信息块)</RecipientInfo>
The actual content of these two elements depends on the authentication scheme being used and the existence or non-existence of a prior relationship between the parties. In some circumstances, it may be quite difficult to distinguish between identification and keying material information. A unique reference to a digital certificate provides for both. This may also stand true for an account number when a prior relationship exists between the parties.
这两个要素的实际内容取决于所使用的认证方案以及双方之间是否存在优先关系。在某些情况下,可能很难区分识别和键入材料信息。对数字证书的唯一引用提供了这两种证书。当双方之间存在优先关系时,这也适用于账号。
The Originator information element is mandatory. Depending on the existence or non-existence of a prior relationship with the recipient, this block either refers to a public credential such as a digital certificate or displays a unique identifier known by the recipient.
发起人信息元素是必需的。根据是否存在与接收者的先前关系,此块或者引用公共凭证(如数字证书),或者显示接收者已知的唯一标识符。
The Recipient information element may be used when a document contains multiple signature information blocks, each being intended for a particular recipient. A unique reference in the Recipient information block helps the recipients identify their respective Signature information block.
当文档包含多个签名信息块时,可以使用接收者信息元素,每个签名信息块都是针对特定接收者的。收件人信息块中的唯一引用有助于收件人识别各自的签名信息块。
The Recipient information element may also be used when determination of the authentication key consists of a combination of keying material provided by both parties. This would be the case, for example, when establishing a key by means of Diffie Hellman [Schneier] Key Exchange algorithm.
当认证密钥的确定由双方提供的密钥材料的组合组成时,还可以使用接收者信息元素。例如,当通过Diffie-Hellman[Schneier]密钥交换算法建立密钥时,就会出现这种情况。
The Algorithm element is a generalized place to put any type of algorithm used within the signed IOTP message. The Algorithm may be a Signature algorithm or a Digest algorithm. Each algorithm contains parameters specific to the algorithm used.
Algorithm元素是一个通用的位置,用于放置签名IOTP消息中使用的任何类型的算法。该算法可以是签名算法或摘要算法。每个算法都包含特定于所用算法的参数。
<Algorithm type='digest' ID='12'>
(algorithm information block)
</Algorithm>
<Algorithm type='digest' ID='12'>
(algorithm information block)
</Algorithm>
Algorithms are required to contain an ID which allows for indirect reference to them from other places in the XML signature.
算法需要包含一个ID,该ID允许从XML签名中的其他位置间接引用它们。
To prevent potential name conflicts in the definition of the numerous type qualifiers considered herein, this specification uses Uniform Resource Names [RFC 2141].
为了防止在本文考虑的众多类型限定符的定义中出现潜在的名称冲突,本规范使用统一的资源名称[RFC 2141]。
The IotpSignatures element is the top-level element in an IOTP signature block. It consists of a collection of Signature elements, and an optional set of Certificates.
IotpSignatures元素是IOTP签名块中的顶级元素。它由一组签名元素和一组可选的证书组成。
<!ELEMENT IotpSignatures (Signature+, Certificate*) >
<!ATTLIST IotpSignatures
ID ID #IMPLIED >
<!ELEMENT IotpSignatures (Signature+, Certificate*) >
<!ATTLIST IotpSignatures
ID ID #IMPLIED >
Content Description
内容描述
Signature: A collection of Signature elements.
签名:签名元素的集合。
Certificate: Zero or more certificates used for signing
证书:用于签名的零个或多个证书
Attributes Description
属性描述
ID: Element identifier that may be used to reference the entire Signature element from a Resource element when implementing endorsement.
ID:元素标识符,可用于在实现背书时从资源元素引用整个签名元素。
The Signature element constitutes the majority of this specification. It is comprised of two sub-elements. The first one is a set of attributes, known as the Manifest, which actually constitutes the authenticated part of the document. The second sub-element consists of the signature value or values.
签名元素构成本规范的主要部分。它由两个子元素组成。第一个是一组属性,称为Manifest,它实际上构成文档的已验证部分。第二个子元素由一个或多个签名值组成。
The Value element contained within the Signature element is the encoded form of the signature of the Manifest element, and thus provides the verification of the Manifest.
Signature元素中包含的Value元素是清单元素签名的编码形式,因此提供清单的验证。
The process for generating the signed value is a multi-step process, involving a canonicalization algorithm, a digest algorithm, and a signature algorithm.
生成签名值的过程是一个多步骤的过程,包括规范化算法、摘要算法和签名算法。
First, the Manifest is canonicalized with an algorithm specified within the Algorithm element of the Manifest. The canonicalized form removes any inconsistencies in white space introduced by XML parsing engines.
首先,使用清单的算法元素中指定的算法对清单进行规范化。规范化表单消除了XML解析引擎引入的空白中的任何不一致。
This canonicalized form is then converted into a digest form which uniquely identifies the canonicalized document. Any slight modification in the original document will result in a very different digest value.
然后将此规范化表单转换为摘要表单,该摘要表单唯一标识规范化文档。原始文档中的任何细微修改都将导致不同的摘要值。
Finally, the digest is then signed using a public/symmetric key algorithm which digitally stamps the digest (with the certificate of the signer if available). The final signed digest is the value which is stored within the Signature's Value element.
最后,使用公钥/对称密钥算法对摘要进行签名,该算法对摘要进行数字标记(如果可用,则使用签名者的证书)。最终的签名摘要是存储在签名的value元素中的值。
<!ELEMENT Signature (Manifest, Value+) >
<!ATTLIST Signature
ID ID #IMPLIED >
<!ELEMENT Signature (Manifest, Value+) >
<!ATTLIST Signature
ID ID #IMPLIED >
Content Description
内容描述
Manifest: A set of attributes that actually constitutes the authenticated part of the document.
清单:一组属性,实际上构成文档的已验证部分。
Value: One or more encodings of signature values. Multiple values allow for a multiple algorithms to be supported within a single signature component.
值:签名值的一个或多个编码。多个值允许在单个签名组件中支持多个算法。
Attributes Description
属性描述
ID: Element identifier that may be used to reference the Signature element from a Resource element when implementing endorsement.
ID:元素标识符,可用于在实现背书时从资源元素引用签名元素。
The Manifest element consists of a collection of attributes that specify such things as references to the resources being authenticated and an indication of the keying material and algorithms to be used.
Manifest元素由一组属性组成,这些属性指定了对正在验证的资源的引用以及要使用的键控材料和算法的指示。
<!ELEMENT Manifest ( Algorithm+, Digest+, Attribute*, OriginatorInfo, RecipientInfo+, ) <!ATTLIST Manifest LocatorHRefBase CDATA #IMPLIED >
<!元素清单(Algorithm+、Digest+、Attribute*、OriginatorInfo、RecipientInfo+,)<!ATTLIST清单定位器HREFBASE CDATA#隐含>
Content Description
内容描述
Algorithm: A list of algorithms used for signing, digest computation, and canonicalization.
算法:用于签名、摘要计算和规范化的算法列表。
Digest: A list of digests of resources to be authentication and signed.
摘要:要进行身份验证和签名的资源摘要列表。
Attribute: Optional element that consists of a collection of complementary attributes to be authenticated.
属性:可选元素,由要验证的补充属性集合组成。
OriginatorInfo: Element that provides identification and keying material information related to the originator.
发起人信息:提供与发起人相关的标识和键入材料信息的元素。
RecipientInfo: Optional element that provides identification and keying material information related to the recipient.
RecipientInfo:可选元素,提供与收件人相关的标识和键入材料信息。
Attributes Description
属性描述
LocatorHrefBase: The LocatorHrefBase provides a similar construct to the HTML HREFBASE attribute and implicitly sets all relative URL references within the Manifest to be relative to the HrefBase. For example, the IOTP Manifest may contain:
LocatorHrefBase:LocatorHrefBase提供了与HTML HREFBASE属性类似的构造,并隐式地将清单中的所有相对URL引用设置为相对于HREFBASE。例如,IOTP清单可能包含:
<Manifest LocatorHrefBase='iotp:<globally-unique-tid>'>
<Manifest LocatorHrefBase='iotp:<globally-unique-tid>'>
And subsequent Locators may be:
后续定位器可以是:
<Locator href='C.9'>
<Locator href='C.9'>
An implementation should concatenate the two locator references with "#" to create the entire URL. See definition of the Locator attribute on the Digest element for more detail.
实现应该将两个定位器引用与“#”连接起来以创建整个URL。有关详细信息,请参见摘要元素上定位器属性的定义。
This specification uses an Algorithm data type which indicates many different types of algoirithms. The Algorithm element allows for specification of sub-algorithms as parameters of the primary algorithm. This is performed via a parameter within the algorithm that provides a reference to another Algorithm. An example of this is shown in the Parameter section.
本规范使用一种算法数据类型,该类型指示许多不同类型的算法。算法元素允许指定子算法作为主算法的参数。这是通过算法中的一个参数执行的,该参数为另一个算法提供参考。参数部分给出了一个示例。
<!ELEMENT Algorithm (Parameter*) >
<!ATTLIST Algorithm
ID ID #REQUIRED
type (digest|signature) #IMPLIED
name NMTOKEN #REQUIRED >
<!ELEMENT Algorithm (Parameter*) >
<!ATTLIST Algorithm
ID ID #REQUIRED
type (digest|signature) #IMPLIED
name NMTOKEN #REQUIRED >
Content Description
内容描述
Parameter: The contents of an Algorithm element consists of an optional collection of Parameter elements which are specified on a per algorithm basis.
参数:算法元素的内容由可选的参数元素集合组成,这些参数元素是根据每个算法指定的。
Attributes Description
属性描述
ID: The ID of the algorithm is used by the Digest and RecipientInfo to refer to the signing or digest algorithm used.
ID:Digest和RecipientInfo使用算法的ID来引用所使用的签名或摘要算法。
type: The type of algorithm, either a digest or signature. This is implied by the element to which the algorithm is referred. That is, if the DigestAlgorithmRef refers to an algorithm, it is implicit by reference that the targeted algorithm is a digest.
类型:算法的类型,可以是摘要,也可以是签名。算法所引用的元素暗示了这一点。也就是说,如果DigestAlgorithmRef引用了一个算法,则通过引用可以隐式地表示目标算法是一个摘要。
name: The type of the algorithm expressed as a Uniform Resource Name.
名称:以统一资源名称表示的算法类型。
The Digest element consists of the fingerprint of a given resource. This element is constructed of two sub-elements. This first one indicates the algorithm to be used for computation of the fingerprint. The second element consists of the fingerprint value.
摘要元素由给定资源的指纹组成。此元素由两个子元素构成。第一个表示用于计算指纹的算法。第二个元素由指纹值组成。
<!ELEMENT Digest (Locator, Value) >
<!ATTLIST Digest
DigestAlgorithmRef IDREF #REQUIRED
>
<!ELEMENT Digest (Locator, Value) >
<!ATTLIST Digest
DigestAlgorithmRef IDREF #REQUIRED
>
Content Description
内容描述
Locator: Contains a "HREF" or URL Locator for the resources to be fingerprinted. For use within IOTP a "scheme" with the value "iotp" may be used with the following structure:
定位器:包含要提取指纹的资源的“HREF”或URL定位器。在IOTP内使用时,值为“IOTP”的“方案”可采用以下结构:
'iotp:<globally-unique-tid>#<id-value>'.
“iotp:<global unique tid>#<id value>”。
This should be interpreted as referring to an element with an ID attribute that matches <id-value> in any IOTP Message that has a TransRefBlk Block with an IotpTransId that matches <globally-unique-tid>.
这应解释为在任何IOTP消息中引用ID属性与<ID value>匹配的元素,该IOTP消息具有与<Global unique tid>匹配的IotpTransId的TransRefBlk块。
If the LocatorHrefBase attribute is set on the Manifest element of which this Digest element is a child, then concatenate the value of the LocatorHrefBase attribute with the value of the Locator attribute before identifying the element that is being referred to.
如果此摘要元素是其子元素的清单元素上设置了LocatorHrefBase属性,则在标识所引用的元素之前,将LocatorHrefBase属性的值与Locator属性的值连接起来。
If the LocatorHrefBase attribute is omitted, <globally-unique-tid> should be interpreted as the current IotpTransId, which is included in the IOTP message which contains the Manifest component.
如果省略LocatorHrefBase属性,<global unique tid>应解释为当前IotpTransId,它包含在包含清单组件的IOTP消息中。
Value: Encoding of the fingerprint value.
值:指纹值的编码。
Attributes Description
属性描述
DigestAlgorithmRef: ID Reference of algorithm used for computation of the digest.
DigestAlgorithmRef:用于计算摘要的算法的ID引用。
The Attribute element consists of a complementary piece of information, which shall be included in the authenticated part of the document. This element has been defined primarily for enabling some level of customization in the signature element. This is the area where a specific IOTP implementation may include custom attributes which must be authenticated directly. An Attribute element consists of a value, a type, and a criticality.
属性元素由补充信息组成,应包含在文件的认证部分。定义此元素主要是为了在signature元素中实现某种级别的自定义。这是特定IOTP实施可能包括必须直接验证的自定义属性的区域。属性元素由值、类型和关键性组成。
At this time, no IOTP specific attributes are specified.
此时,未指定IOTP特定属性。
<!ELEMENT Attribute ANY >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
<!ELEMENT Attribute ANY >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
Content Description
内容描述
ANY: The actual value of an attribute depends solely upon its type.
ANY:属性的实际值完全取决于其类型。
Attributes Description
属性描述
type: Type of the attribute.
类型:属性的类型。
critical: Boolean value that indicates if the attribute is critical (true) or not (false). A recipient shall reject a signature that contains a critical attribute that he does not recognize. However, an unrecognized non-critical attribute may be ignored.
临界:布尔值,指示属性是否为临界(true)或非临界(false)。收件人应拒绝接受包含他不认识的关键属性的签名。但是,可能会忽略无法识别的非关键属性。
The OriginatorInfo element is used for providing identification and keying material information for the originator.
OriginatorInfo元素用于为发起人提供标识和键入材料信息。
<!ELEMENT OriginatorInfo ANY >
<!ATTLIST OriginatorInfo
OriginatorRef NMTOKEN #IMPLIED
>
<!ELEMENT OriginatorInfo ANY >
<!ATTLIST OriginatorInfo
OriginatorRef NMTOKEN #IMPLIED
>
Content Description
内容描述
ANY: Identification and keying material information may consist of ANY construct. Such a definition allows the adoption of application-specific schemes.
任何:标识和键入材料信息可能由任何结构组成。这样的定义允许采用特定于应用程序的方案。
Attributes Description
属性描述
OriginatorRef: A reference to the IOTP Org ID of the originating signer.
发起人REF:对发起签名人的IOTP组织ID的引用。
The RecipientInfo element is used for providing identification and keying material information for the recipient. This element is used either for enabling recognition of a Signature element by a given recipient or when determination of the authentication key consists of the combination of keying material provided by both the recipient and the originator.
RecipientInfo元素用于为收件人提供标识和键入材料信息。该元素用于使给定接收者能够识别签名元素,或者当认证密钥的确定由接收者和发起人提供的密钥材料的组合组成时。
The RecipientInfo attributes provide a centralized location where signatures, algorithms, and certificates intended for a particular recipient are specified.
RecipientInfo属性提供了一个集中的位置,用于指定特定收件人的签名、算法和证书。
The signature certificate reference ID MUST point to a certificate object.
签名证书引用ID必须指向证书对象。
<!ELEMENT RecipientInfo ANY >
<!ATTLIST RecipientInfo
SignatureAlgorithmRef IDREF #REQUIRED
SignatureValueRef IDREF #IMPLIED
SignatureCertRef IDREF #IMPLIED
RecipientRefs NMTOKENS #IMPLIED
>
<!ELEMENT RecipientInfo ANY >
<!ATTLIST RecipientInfo
SignatureAlgorithmRef IDREF #REQUIRED
SignatureValueRef IDREF #IMPLIED
SignatureCertRef IDREF #IMPLIED
RecipientRefs NMTOKENS #IMPLIED
>
Content Description
内容描述
ANY: Identification and keying material information may consist of ANY construct.
任何:标识和键入材料信息可能由任何结构组成。
Attributes Description
属性描述
SignatureAlgorithmRef: A reference to the signature algorithm used to sign the SignatureValueRef intended for this recipient. The signature algorithm reference ID MUST point to a signature algorithm within the Manifest.
SignatureAlgorithmRef:对签名算法的引用,该算法用于为此收件人签名SignatureValueRef。签名算法引用ID必须指向清单中的签名算法。
SignatureValueRef: A reference to the signature value for this recipient. The signature value reference ID MUST point to a value structure directly included within a Manifest. This reference can be omitted if the application can specify the digest value.
SignatureValueRef:对此收件人的签名值的引用。签名值引用ID必须指向清单中直接包含的值结构。如果应用程序可以指定摘要值,则可以省略此引用。
SignatureCertRef: A reference to the certificate used to sign the Value pointed to by the SignatureValueRef. This reference can be omitted if the application can identify the certificate.
SignatureCertRef:对证书的引用,用于对SignatureValueRef指向的值进行签名。如果应用程序可以识别证书,则可以省略此引用。
RecipientRefs: A list of references to the IOTP Org ID of the recipients this signature is intended for.
RecipientRefs:指向此签名的收件人的IOTP组织ID的引用列表。
The key identifier element can identify the shared public/symmetric key identification between parties that benefit from a prior relationship. This element can be included in the ReceipientInfo Element.
密钥标识符元素可以标识受益于先前关系的各方之间的共享公共/对称密钥标识。此元素可以包含在ReceipEntInfo元素中。
<!ELEMENT KeyIdentifier EMPTY>
<!ATTLIST KeyIdentifier
value CDATA #REQUIRED
>
<!ELEMENT KeyIdentifier EMPTY>
<!ATTLIST KeyIdentifier
value CDATA #REQUIRED
>
A Parameter element provides the value of a particular algorithm parameter, whose name and format have been specified for the algorithm considered.
Parameter元素提供特定算法参数的值,该参数的名称和格式已为所考虑的算法指定。
<!ELEMENT Parameter ANY >
<!ATTLIST Parameter
type CDATA #REQUIRED
>
<!ELEMENT Parameter ANY >
<!ATTLIST Parameter
type CDATA #REQUIRED
>
For IOTP 1.0, the following parameter type is standardized: "AlgorithmRef".
对于IOTP 1.0,以下参数类型是标准化的:“AlgorithmRef”。
An AlgorithmRef contains an ID of a "sub-Algorithm" used when computing a sequence of algorithms. For example, a signature algorithm actually signs a digest algorithm. To specify a chain of algorithms used to compute a signature, AlgorithmRef parameter types are used in the following manner:
AlgorithmRef包含计算算法序列时使用的“子算法”的ID。例如,签名算法实际上对摘要算法进行签名。要指定用于计算签名的算法链,AlgorithmRef参数类型按以下方式使用:
<Algorithm ID='A1' type='digest' name='urn:ibm-com:dom-hash'>
<Parameter type='AlgorithmRef'>A2</Parameter>
</Algorithm>
<Algorithm ID='A2' type='digest' name='urn:nist-gov:sha1'>
</Algorithm>
<Algorithm ID='A3' type='signature' name='urn:rsasdi-com:rsa-encryption'>
<Parameter type='AlgorithmRef'>A1</Parameter>
</Algorithm>
<Algorithm ID='A1' type='digest' name='urn:ibm-com:dom-hash'>
<Parameter type='AlgorithmRef'>A2</Parameter>
</Algorithm>
<Algorithm ID='A2' type='digest' name='urn:nist-gov:sha1'>
</Algorithm>
<Algorithm ID='A3' type='signature' name='urn:rsasdi-com:rsa-encryption'>
<Parameter type='AlgorithmRef'>A1</Parameter>
</Algorithm>
Content Description
内容描述
ANY: The contents of a Parameter element consists of ANY valid construct, which is specified on a per algorithm per parameter basis.
ANY:参数元素的内容由任何有效的构造组成,该构造是基于每个算法每个参数指定的。
Attributes Description
属性描述
type: The type of the parameter expressed as a free form string, whose value is specified on a per algorithm basis.
类型:以自由格式字符串表示的参数类型,其值是根据每个算法指定的。
The Certificate element may be used for either providing the value of a digital certificate or specifying a location from where it may be retrieved.
证书元素可用于提供数字证书的值或指定可从中检索数字证书的位置。
<!ELEMENT Certificate
( IssuerAndSerialNumber,
( Value | Locator ) )
>
<!ATTLIST Certificate
ID ID #IMPLIED
type NMTOKEN #REQUIRED >
<!ELEMENT Certificate
( IssuerAndSerialNumber,
( Value | Locator ) )
>
<!ATTLIST Certificate
ID ID #IMPLIED
type NMTOKEN #REQUIRED >
Content Description
内容描述
IssuerAndSerialNumber: Unique identifier of this certificate. This element has been made mandatory is order to prevent unnecessary decoding during validation of a certificate chain. This feature also helps certificates caching, especially when the value is not directly provided.
IssuerAndSerialNumber:此证书的唯一标识符。为了防止在证书链验证期间进行不必要的解码,此元素已被强制设置。此功能还有助于证书缓存,尤其是在未直接提供值的情况下。
Value: Encoding of the certificate value. The actual value to be encoded depends upon the type of the certificate.
值:证书值的编码。要编码的实际值取决于证书的类型。
Locator: XML link element that could be used for retrieving a copy of the digital certificate. The actual value being returned by means of this locator depends upon the security protocol being used.
定位器:可用于检索数字证书副本的XML链接元素。通过该定位器返回的实际值取决于所使用的安全协议。
Attributes Description
属性描述
ID: Element identifier that may be used to reference the Certificate element from a RecipientInfo element.
ID:元素标识符,可用于从RecipientInfo元素引用证书元素。
type: Type of the digital certificate. This attribute is specified as a Universal Resource Name. Support for the X.509 version 3 certificate [X.509] is mandatory in this specification if the Certificate element is used. The URN for such certificates is "urn:X500:X509v3".
类型:数字证书的类型。此属性指定为通用资源名称。如果使用了certificate元素,则在本规范中必须支持X.509版本3证书[X.509]。此类证书的URN为“URN:X500:X509v3”。
The IssuerAndSerialNumber element identifies a certificate, and thereby an entity and a public key, by the name of the certificate issuer and an issuer-specific certificate identification.
IssuerAndSerialNumber元素通过证书颁发者的名称和特定于颁发者的证书标识来标识证书,从而标识实体和公钥。
<!ELEMENT IssuerAndSerialNumber EMPTY >
<!ATTLIST IssuerAndSerialNumber
issuer CDATA #REQUIRED
number CDATA #REQUIRED >
<!ELEMENT IssuerAndSerialNumber EMPTY >
<!ATTLIST IssuerAndSerialNumber
issuer CDATA #REQUIRED
number CDATA #REQUIRED >
Attributes Description
属性描述
issuer: Name of the issuing certification authority. See [RFC 2253] for RECOMMENDED syntax.
颁发者:颁发证书的机构的名称。有关建议的语法,请参见[RFC 2253]。
number: Issuer-specific certificate identification.
编号:颁发者特定的证书标识。
A value contains the "raw" data of a signature or digest algorithm, usually in a base-64 encoded form. See [RFC 2045] for algorithm used to base-64 encode data.
值包含签名或摘要算法的“原始”数据,通常采用base-64编码形式。有关用于base-64编码数据的算法,请参见[RFC 2045]。
<!ELEMENT Value ( #PCDATA ) >
<!ATTLIST Value
ID ID #IMPLIED
encoding (base64|none) 'base64'
>
<!ELEMENT Value ( #PCDATA ) >
<!ATTLIST Value
ID ID #IMPLIED
encoding (base64|none) 'base64'
>
Content Description
内容描述
PCDATA: Content value after adequate encoding.
PCDATA:经过适当编码后的内容值。
Attributes Description
属性描述
encoding: This attribute specifies the decoding scheme to be employed for recovering the original byte stream from the content of the element. This document recognizes the following two schemes:
编码:该属性指定用于从元素内容恢复原始字节流的解码方案。本文件确认了以下两种方案:
none: the content has not been subject to any particular encoding. This does not preclude however the use of native XML encoding such as CDATA section or XML escaping.
无:内容未经过任何特定编码。但是,这并不排除使用本机XML编码,如CDATA节或XML转义。
base64: The content has been encoded by means of the base64 encoding scheme.
base64:内容已通过base64编码方案进行编码。
The Locator element consists of simple XML link [XLink]. This element allows unambiguous reference to a resource or fragment of a resource.
Locator元素由简单的XML链接[XLink]组成。此元素允许明确引用资源或资源片段。
<!ELEMENT Locator EMPTY>
<!ATTLIST Locator
xml:link CDATA #FIXED 'simple'
href CDATA #REQUIRED >
<!ELEMENT Locator EMPTY>
<!ATTLIST Locator
xml:link CDATA #FIXED 'simple'
href CDATA #REQUIRED >
Attributes Description
属性描述
xml:link: Required XML link attribute that specifies the nature of the link (simple in this case).
xml:link:指定链接性质的必需xml链接属性(在本例中很简单)。
href: Locator value that may contains either a URI [RFC 2396], a fragment identifier, or both.
href:Locator值,该值可能包含URI[RFC 2396]、片段标识符或两者。
The IOTP specification 1.0 requires the implementation of the DSA, DOM-HASH, SHA1, HMAC algorithms. Implementation of RSA is also recommended.
IOTP规范1.0要求实现DSA、DOM-HASH、SHA1、HMAC算法。还建议实施RSA。
This specification contemplates two types of digest algorithms, both of which provide a digest string as a result:
本规范考虑了两种类型的摘要算法,它们都提供了摘要字符串:
Surface string digest algorithms
表面字符串摘要算法
These algorithms do not have any particular knowledge about the content being digested and operate on the raw content value. Any changes in the surface string of a given content affect directly the value of the digest being produced.
这些算法没有关于被消化内容的任何特定知识,并且对原始内容值进行操作。给定内容的表面字符串中的任何更改都会直接影响正在生成的摘要的值。
Canonical digest algorithms
规范摘要算法
These algorithms have been tailored for a particular content type and produce a digest value that depends upon the core semantics of such content. Changes limited to the surface string of a given content do not affect the value of the digest being produced unless they affect the core semantic.
这些算法针对特定的内容类型进行了定制,并生成一个摘要值,该值取决于此类内容的核心语义。仅限于给定内容的表面字符串的更改不会影响正在生成的摘要的值,除非它们影响核心语义。
Surface string digest algorithm designed by NIST and NSA for use with the Digital Signature Standard. This algorithm produces a 160-bit hash value. This algorithm is documented in NIST FIPS Publication 180-1 [SHA1].
NIST和NSA设计的用于数字签名标准的表面字符串摘要算法。此算法生成160位哈希值。该算法记录在NIST FIPS出版物180-1[SHA1]中。
This algorithm does not require any parameter.
该算法不需要任何参数。
The SHA1 URN used for this specification is "urn:nist-gov:sha1".
本规范中使用的SHA1 URN为“URN:nist gov:SHA1”。
XML canonical digest algorithm proposed by IBM Tokyo Research Laboratory. This algorithm operates on the DOM representation of the document and provides an unambiguous means for recursive computation of the hash value of the nodes that constitute the DOM tree [RFC 2803]. This algorithm has many applications such as computation of digital signature and synchronization of DOM trees. However, because the hash value of an element is computed from the hash values of the inner elements, this algorithm is better adapted to small documents that do not require one-pass processing.
IBM东京研究实验室提出的XML规范摘要算法。该算法对文档的DOM表示进行操作,并为构成DOM树的节点的哈希值的递归计算提供了明确的方法[RFC 2803]。该算法在数字签名计算、DOM树同步等方面有着广泛的应用。然而,由于元素的散列值是根据内部元素的散列值计算的,因此该算法更适合于不需要一次处理的小文档。
As of today, this algorithm is limited to the contents of an XML document and, therefore, does not provide for authentication of the internal or external subset of the DTD.
到目前为止,该算法仅限于XML文档的内容,因此不提供DTD内部或外部子集的身份验证。
The DOM-HASH algorithm requires a single parameter, which shall include a surface string digest algorithm such as SHA1.
DOM-HASH算法需要一个参数,该参数应包括一个表面字符串摘要算法,如SHA1。
The DOM-HASH URN used for this specification is "urn:ibm-com:dom-hash".
本规范中使用的DOM-HASH URN是“URN:ibm com:DOM HASH”。
The DOM-HASH uses a surface-string digest algorithm for computation of a fingerprint. The SHA1 is recommended in this specification.
DOM-HASH使用表面字符串摘要算法计算指纹。本规范中推荐使用SHA1。
Example
<Algorithm name='urn:fips:sha1' type='digest' ID='P.3'>
</Algorithm>
Example
<Algorithm name='urn:fips:sha1' type='digest' ID='P.3'>
</Algorithm>
<Algorithm name='urn:ibm:dom-hash' type='digest' ID='P.5'>
<Parameter type='AlgorithmRef'>P.3</Parameter>
</Algorithm>
<Algorithm name='urn:ibm:dom-hash' type='digest' ID='P.5'>
<Parameter type='AlgorithmRef'>P.3</Parameter>
</Algorithm>
This specification uses the terminology of 'digital signature' for qualifying indifferently digital signature and message authentication codes. Thus, the signature algorithms contemplated herein include public key digital signature algorithms such as ECDSA and message authentication codes such as HMAC [RFC 2104].
本规范使用“数字签名”术语来限定不同的数字签名和消息认证码。因此,本文设想的签名算法包括诸如ECDSA的公钥数字签名算法和诸如HMAC[RFC 2104]的消息认证码。
Public-key signature algorithm proposed by NIST for use with the Digital Signature Standard. This standard is documented in NIST FIPS Publication 186 [DSS] and ANSI X9.30 [X9.30].
NIST提出的用于数字签名标准的公钥签名算法。本标准记录在NIST FIPS出版物186[DSS]和ANSI X9.30[X9.30]中。
The DSA algorithm requires a single parameter, which includes the canonical digest algorithm to be used for computing the fingerprint of the signature Manifest.
DSA算法需要一个参数,其中包括用于计算签名清单指纹的规范摘要算法。
The DSA URN used in this specification is "urn:nist-gov:dsa".
本规范中使用的DSA URN为“URN:nist gov:DSA”。
The DSA uses a canonical or surface-string digest algorithm for computation of the Manifest fingerprint. The DOM-HASH is recommended in this specification.
DSA使用规范或表面字符串摘要算法来计算清单指纹。本规范中建议使用DOM-HASH。
Signature Value Encoding:
签名值编码:
The output of this algorithm consists of a pair of integers usually referred by the pair (r, s). The signature value shall consist of the concatenation of two octet-streams that respectively result from the octet-encoding of the values r and s. Integer to octet-stream conversion shall be done according to PKCS#1 [RFC 2437] specification with a k parameter equals to 20.
该算法的输出由一对整数组成,通常由该对(r,s)引用。签名值应包括两个八位字节流的串联,这两个八位字节流分别由值r和s的八位字节编码产生。整数到八位字节流的转换应根据PKCS#1[RFC 2437]规范进行,k参数等于20。
Example
<Algorithm name='urn:nist-gov:dsa' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Example
<Algorithm name='urn:nist-gov:dsa' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Message Authentication Code proposed by H. Krawczyk et al., and documented in [RFC 2104].
由H.Krawczyk等人提出并记录在[RFC 2104]中的消息认证码。
This specification adopts a scheme that differs a bit from the common usage of this algorithm -- computation of the MAC is performed on the hash of the contents being authenticated instead of the actual contents. Thence, the actual signature value output by the algorithm might be depicted as follows:
该规范采用了一种与该算法的常见用法稍有不同的方案——MAC的计算是在被认证内容的哈希上执行的,而不是在实际内容上。因此,算法输出的实际签名值可以描述如下:
SignatureValue = HMAC( SecretKey, H(Manifest))
SignatureValue = HMAC( SecretKey, H(Manifest))
This specification also considered HMAC output truncation such as proposed by Preneel and van Oorschot. In their paper [PV] these two researchers have shown some analytical advantages of truncating the output of hash-based MAC functions. Such output truncation is also considered in the RFC document.
本规范还考虑了Preneel和van Oorschot提出的HMAC输出截断。在他们的论文[PV]中,这两位研究人员展示了截断基于散列的MAC函数输出的一些分析优势。RFC文档中也考虑了这种输出截断。
HMAC requires three parameters. The first one consists of a canonical digest algorithm. The second one consists of a hash function. The last one is optional and specifies the length in bit of the truncated output. If this last parameter is absent, no truncation shall occur.
HMAC需要三个参数。第一个由一个规范摘要算法组成。第二个由哈希函数组成。最后一个选项是可选的,以位为单位指定截断输出的长度。如果缺少最后一个参数,则不会发生截断。
The HMAC URN used in this specification is "urn:ietf-org:hmac".
本规范中使用的HMAC URN是“URN:ietf org:HMAC”。
Canonical digest algorithm: Canonical or surface-string digest algorithm is to be used for computation of the Manifest fingerprint. The type of this parameter is set to "AlgorithmRef". The recommended value of this Parameter should be the ID reference for the Algorithm element DOM-HASH.
规范摘要算法:规范或表面字符串摘要算法用于计算清单指纹。此参数的类型设置为“AlgorithmRef”。此参数的建议值应为算法元素DOM-HASH的ID引用。
Hash-function: Hash function is to be used to compute the MAC value from the secret key and the fingerprint of the signature Manifest. The type of this parameter is set to "HashAlgorithmRef" and the value of this parameter should be set to the ID reference for the Algorithm element of SHA1.
哈希函数:哈希函数用于根据密钥和签名清单的指纹计算MAC值。该参数的类型设置为“HashAlgorithmRef”,该参数的值应设置为SHA1算法元素的ID引用。
Output-length: Length in bits of the truncated MAC value. The type of this parameter is set to "KeyLength" and the value of this parameter is set the length in bits of the truncated MAC value.
输出长度:截断MAC值的长度(以位为单位)。此参数的类型设置为“KeyLength”,此参数的值设置为截断MAC值的位长度。
Signature Value Encoding:
签名值编码:
The output of this algorithm can be assumed as a large integer value. The signature value shall consist of the octet-encoded value of this integer. Integer to octet-stream conversion shall be done according to PKCS#1 [RFC 2437] specification with a k parameter equals to ((Hlen +7) mod8), Mlen being the length in bits of the MAC value.
该算法的输出可以假设为一个大的整数值。签名值应由该整数的八位编码值组成。整数到八位字节流的转换应根据PKCS#1[RFC 2437]规范进行,k参数等于((Hlen+7)mod8),Mlen是MAC值的位长度。
Example
<Algorithm name='urn:ietf-org:hmac' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
<Parameter type='HashAlgorithmRef'>P.5</Parameter>
<Parameter type='KeyLength'>128</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Example
<Algorithm name='urn:ietf-org:hmac' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
<Parameter type='HashAlgorithmRef'>P.5</Parameter>
<Parameter type='KeyLength'>128</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Public-key signature algorithm proposed by RSA Laboratories and documented in PKCS#1 [RFC 2437].
RSA实验室提出并记录在PKCS#1[RFC 2437]中的公钥签名算法。
This specification adopts the RSA encryption algorithm with padding block type 01. For computing the signature value, the signer shall first digest the signature Manifest and then encrypt the resulting digest with his private key.
本规范采用01型填充块的RSA加密算法。为了计算签名值,签名者应首先对签名清单进行摘要处理,然后使用其私钥对结果摘要进行加密。
This signature algorithm requires a single parameter, which consists of the canonical digest algorithm to be used for computing the fingerprint of the signature Manifest.
此签名算法需要一个参数,该参数由用于计算签名清单指纹的规范摘要算法组成。
Specifications
规格
The RSA URN used in this specification is "urn:rsasdi-com:rsa-encription".
本规范中使用的RSA URN是“URN:rsasdi com:RSA encription”。
The RSA uses a canonical or surface-string digest algorithm for computation of the Manifest fingerprint. The DOM-HASH is recommended in this specification.
RSA使用规范或表面字符串摘要算法来计算清单指纹。本规范中建议使用DOM-HASH。
Signature Value Encoding:
签名值编码:
The output of this algorithm consists of single octet-stream. No further encoding is required.
该算法的输出由单个八位元流组成。不需要进一步编码。
Example
<Algorithm name='urn:rsasdi-com:rsa-encription'
type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Example
<Algorithm name='urn:rsasdi-com:rsa-encription'
type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Public-key signature algorithm proposed independently by Neil Koblitz and Victor Miller. This algorithm is being proposed as an ANSI standard and is documented in ANSI X9.62 standard proposal [X9.62] and IEEE/P1363 standard draft proposal [IEEE P1363].
由Neil Koblitz和Victor Miller独立提出的公钥签名算法。该算法作为ANSI标准提出,并记录在ANSI X9.62标准提案[X9.62]和IEEE/P1363标准提案草案[IEEE P1363]中。
The ECDSA algorithm requires a single parameter, which consists of the canonical digest algorithm to be used for computing the fingerprint of the signature Manifest.
ECDSA算法需要一个参数,该参数由用于计算签名清单指纹的规范摘要算法组成。
Specifications
规格
The ECDSA URN used in this specification is "urn:ansi-org:ecdsa".
本规范中使用的ECDSA URN是“URN:ansi org:ECDSA”。
The ECDSA uses a canonical or surface-string digest algorithm for computation of the Manifest fingerprint. The DOM-HASH [RFC 2803] is recommended in this specification.
ECDSA使用规范或表面字符串摘要算法来计算清单指纹。本规范中建议使用DOM-HASH[RFC 2803]。
Signature Value Encoding:
签名值编码:
The output of this algorithm consists of a pair of integers usually referred by the pair (r, s). The signature value shall consist of the concatenation of two octet-streams that respectively result from the octet-encoding of the values r and s. Integer to octet-stream conversion shall be done according to PKCS#1 [RFC 2437] specification with a k parameter equals to 20.
该算法的输出由一对整数组成,通常由该对(r,s)引用。签名值应包括两个八位字节流的串联,这两个八位字节流分别由值r和s的八位字节编码产生。整数到八位字节流的转换应根据PKCS#1[RFC 2437]规范进行,k参数等于20。
Example
<Algorithm name='urn:ansi-org:ecdsa' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
Example
<Algorithm name='urn:ansi-org:ecdsa' type='signature' ID='P.3'>
<Parameter type='AlgorithmRef'>P.4</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash' type='digest' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:nist-gov:sha1' type='digest' ID='P.5'>
</Algorithm>
The following is an example signed IOTP message:
以下是一个签名IOTP消息示例:
<IotpMessage>
<TransRefBlk ID='M.1'>
<TransId
ID='M.2'
version='1.0'
IotpTransID='19990809215923@www.iotp.org'
IotpTransType='BaselinePurchase'
TransTimeStamp='1999-08-09T12:58:40.000Z+9'>
</TransId>
<MsgId xml:lang='en' SoftwareID='Iotp wallet version 1.0'>
</MsgId>
</TransRefBlk>
<IotpSignatures>
<IotpMessage>
<TransRefBlk ID='M.1'>
<TransId
ID='M.2'
version='1.0'
IotpTransID='19990809215923@www.iotp.org'
IotpTransType='BaselinePurchase'
TransTimeStamp='1999-08-09T12:58:40.000Z+9'>
</TransId>
<MsgId xml:lang='en' SoftwareID='Iotp wallet version 1.0'>
</MsgId>
</TransRefBlk>
<IotpSignatures>
<Signature>
<Manifest>
<Algorithm name='urn:nist-gov:sha1'
type='digest' ID='P.3'>
</Algorithm>
<Algorithm name='urn:nist-gov:dsa'
type='signature' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash'
type='digest' ID='P.5'>
<Parameter type='AlgorithmRef'>P.3</Parameter>
</Algorithm>
<Digest DigestAlgorithmRef='P.6'>
<Locator href='P.1'/>
<Value>
xsqsfasDys2h44u4ehJDe54he5j4dJYTJ
</Value>
</Digest>
<OriginatorInfo
<IssuerAndSerialNumber
issuer='o=Iotp Ltd., c=US'
number='12345678987654'/>
</OriginatorInfo>
<RecipientInfo
SignatureAlgorithmRef='P.4'
</RecipientInfo>
</Manifest>
<Value>
9dj28fjakA9sked0Ks01k2d7a0kgmf9dk19lf63kkDSs0
</Value>
</Signature>
<Certificate type='urn:X500:X509v3'>
<IssuerAndSerialNumber
issuer='o=GlobeSet Inc., c=US'
number='123456789102356'/>
<Value>
xsqsfasDys2h44u4ehJDe54he5j4dJYTJ=
</Value>
</Certificate>
</IotpSignatures>
<PayExchBlk ID='P.1'>
<PaySchemeData
ID='P.2'
PaymentRef='M.5'
ContentSoftwareId='abcdefg'>
<PackagedContent Name='FirstPiece'>
snroasdfnas934k
<Signature>
<Manifest>
<Algorithm name='urn:nist-gov:sha1'
type='digest' ID='P.3'>
</Algorithm>
<Algorithm name='urn:nist-gov:dsa'
type='signature' ID='P.4'>
<Parameter type='AlgorithmRef'>P.5</Parameter>
</Algorithm>
<Algorithm name='urn:ibm-com:dom-hash'
type='digest' ID='P.5'>
<Parameter type='AlgorithmRef'>P.3</Parameter>
</Algorithm>
<Digest DigestAlgorithmRef='P.6'>
<Locator href='P.1'/>
<Value>
xsqsfasDys2h44u4ehJDe54he5j4dJYTJ
</Value>
</Digest>
<OriginatorInfo
<IssuerAndSerialNumber
issuer='o=Iotp Ltd., c=US'
number='12345678987654'/>
</OriginatorInfo>
<RecipientInfo
SignatureAlgorithmRef='P.4'
</RecipientInfo>
</Manifest>
<Value>
9dj28fjakA9sked0Ks01k2d7a0kgmf9dk19lf63kkDSs0
</Value>
</Signature>
<Certificate type='urn:X500:X509v3'>
<IssuerAndSerialNumber
issuer='o=GlobeSet Inc., c=US'
number='123456789102356'/>
<Value>
xsqsfasDys2h44u4ehJDe54he5j4dJYTJ=
</Value>
</Certificate>
</IotpSignatures>
<PayExchBlk ID='P.1'>
<PaySchemeData
ID='P.2'
PaymentRef='M.5'
ContentSoftwareId='abcdefg'>
<PackagedContent Name='FirstPiece'>
snroasdfnas934k
</PackagedContent>
</PaySchemeData>
</PayExchBlk>
</IotpMessage>
</PackagedContent>
</PaySchemeData>
</PayExchBlk>
</IotpMessage>
<!--
******************************************************
* IOTP SIGNATURES BLOCK DEFINITION *
******************************************************
-->
<!--
******************************************************
* IOTP SIGNATURES BLOCK DEFINITION *
******************************************************
-->
<!ELEMENT IotpSignatures (Signature+ ,Certificate*) >
<!ATTLIST IotpSignatures
ID ID #IMPLIED
>
<!ELEMENT IotpSignatures (Signature+ ,Certificate*) >
<!ATTLIST IotpSignatures
ID ID #IMPLIED
>
<!--
******************************************************
* IOTP SIGNATURE COMPONENT DEFINITION *
******************************************************
-->
<!--
******************************************************
* IOTP SIGNATURE COMPONENT DEFINITION *
******************************************************
-->
<!ELEMENT Signature (Manifest, Value+) >
<!ATTLIST Signature
ID ID #IMPLIED
>
<!ELEMENT Signature (Manifest, Value+) >
<!ATTLIST Signature
ID ID #IMPLIED
>
<!ELEMENT Manifest ( Algorithm+, Digest+, Attribute*, OriginatorInfo, RecipientInfo+ ) >
<!元素清单(算法+、摘要+、属性*、原始信息、接收方信息+)>
<!ATTLIST Manifest LocatorHRefBase CDATA #IMPLIED >
<!ATTLIST清单定位器HREFBASE CDATA#隐含>
<!ELEMENT Algorithm (Parameter*) >
<!ATTLIST Algorithm
ID ID #REQUIRED
type (digest|signature) #IMPLIED
name NMTOKEN #REQUIRED
>
<!ELEMENT Algorithm (Parameter*) >
<!ATTLIST Algorithm
ID ID #REQUIRED
type (digest|signature) #IMPLIED
name NMTOKEN #REQUIRED
>
<!ELEMENT Digest (Locator, Value) >
<!ATTLIST Digest
DigestAlgorithmRef IDREF #REQUIRED
>
<!ELEMENT Digest (Locator, Value) >
<!ATTLIST Digest
DigestAlgorithmRef IDREF #REQUIRED
>
<!ELEMENT Attribute ANY >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
<!ELEMENT Attribute ANY >
<!ATTLIST Attribute
type NMTOKEN #REQUIRED
critical ( true | false ) #REQUIRED
>
<!ELEMENT OriginatorInfo ANY >
<!ATTLIST OriginatorInfo
OriginatorRef NMTOKEN #IMPLIED
>
<!ELEMENT OriginatorInfo ANY >
<!ATTLIST OriginatorInfo
OriginatorRef NMTOKEN #IMPLIED
>
<!ELEMENT RecipientInfo ANY >
<!ATTLIST RecipientInfo
SignatureAlgorithmRef IDREF #REQUIRED
SignatureValueRef IDREF #IMPLIED
SignatureCertRef IDREF #IMPLIED
RecipientRefs NMTOKENS #IMPLIED
>
<!ELEMENT RecipientInfo ANY >
<!ATTLIST RecipientInfo
SignatureAlgorithmRef IDREF #REQUIRED
SignatureValueRef IDREF #IMPLIED
SignatureCertRef IDREF #IMPLIED
RecipientRefs NMTOKENS #IMPLIED
>
<!ELEMENT KeyIdentifier EMPTY>
<!ATTLIST KeyIdentifier
value CDATA #REQUIRED
>
<!ELEMENT KeyIdentifier EMPTY>
<!ATTLIST KeyIdentifier
value CDATA #REQUIRED
>
<!ELEMENT Parameter ANY >
<!ATTLIST Parameter
type CDATA #REQUIRED
>
<!ELEMENT Parameter ANY >
<!ATTLIST Parameter
type CDATA #REQUIRED
>
<!--
******************************************************
* IOTP CERTIFICATE COMPONENT DEFINITION *
******************************************************
-->
<!--
******************************************************
* IOTP CERTIFICATE COMPONENT DEFINITION *
******************************************************
-->
<!ELEMENT Certificate ( IssuerAndSerialNumber, ( Value | Locator ) ) >
<!元素证书(颁发者序列号,(值|定位器))>
<!ATTLIST Certificate ID ID #IMPLIED type NMTOKEN #REQUIRED >
<!ATTLIST证书ID#隐含类型NMTOKEN#必需>
<!ELEMENT IssuerAndSerialNumber EMPTY >
<!ATTLIST IssuerAndSerialNumber
issuer CDATA #REQUIRED
number CDATA #REQUIRED
>
<!ELEMENT IssuerAndSerialNumber EMPTY >
<!ATTLIST IssuerAndSerialNumber
issuer CDATA #REQUIRED
number CDATA #REQUIRED
>
<!--
******************************************************
* IOTP SHARED COMPONENT DEFINITION *
******************************************************
-->
<!ELEMENT Value ( #PCDATA ) >
<!ATTLIST Value
ID ID #IMPLIED
encoding (base64|none 'base64'
>
<!--
******************************************************
* IOTP SHARED COMPONENT DEFINITION *
******************************************************
-->
<!ELEMENT Value ( #PCDATA ) >
<!ATTLIST Value
ID ID #IMPLIED
encoding (base64|none 'base64'
>
<!ELEMENT Locator EMPTY>
<!ATTLIST Locator
xml:link CDATA #FIXED 'simple'
href CDATA #REQUIRED
>
<!ELEMENT Locator EMPTY>
<!ATTLIST Locator
xml:link CDATA #FIXED 'simple'
href CDATA #REQUIRED
>
This entire document concerns the IOTP v1 protocol signature element which is used for authentication. See the Security Considerations section of [RFC 2801] "Internet Open Trading Protocol - IOTP, Version 1.0".
整个文档涉及用于身份验证的IOTP v1协议签名元素。参见[RFC 2801]“互联网开放交易协议-IOTP,1.0版”的安全注意事项部分。
References
工具书类
[DSA] Federal Information Processing Standards Publication
FIPS PUB 186, "Digital Signature Standard(DSS)", 1994,
<http://csrc.nist.gov>
[DSA] Federal Information Processing Standards Publication
FIPS PUB 186, "Digital Signature Standard(DSS)", 1994,
<http://csrc.nist.gov>
[IEEE P1363] IEEE P1363, "Standard Specifications for Public-Key
Cryptography", Work in Progress, 1997,
<http://stdsbbs.ieee.org/>
[IEEE P1363] IEEE P1363, "Standard Specifications for Public-Key
Cryptography", Work in Progress, 1997,
<http://stdsbbs.ieee.org/>
[PV] Preneel, B. and P. van Oorschot, "Building fast MACs from hash functions", Advances in Cryptology -- CRYPTO'95 Proceedings, Lecture Notes in Computer Science, Springer-Verlag Vol.963, 1995, pp. 1-14.
[PV]Preneel,B.和P.van Oorschot,“从散列函数构建快速MAC”,密码学进展——加密'95会议录,计算机科学讲稿,Springer Verlag Vol.963,1995,第1-14页。
[RFC 1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.
[RFC 1321]Rivest,R.,“MD5消息摘要算法”,RFC 1321,1992年4月。
[RFC 2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996.
[RFC 2045]Freed,N.和N.Borenstein,“多用途Internet邮件扩展(MIME)第一部分:Internet邮件正文格式”,RFC 20451996年11月。
[RFC 2046] Freed N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996.
[RFC 2046]Freed N.和N.Borenstein,“多用途Internet邮件扩展(MIME)第二部分:媒体类型”,RFC 2046,1996年11月。
[RFC 2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[RFC 2104]Krawczyk,H.,Bellare,M.和R.Canetti,“HMAC:用于消息认证的键控哈希”,RFC 2104,1997年2月。
[RFC 2141] Moats, R., "URN Syntax", RFC 2141, May 1997.
[RFC 2141]护城河,R.,“瓮语法”,RFC 21411997年5月。
[RFC 2253] Wahl, W., Kille, S. and T. Howes, "Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names", RFC 2253, December 1997.
[RFC 2253]Wahl,W.,Kille,S.和T.Howes,“轻量级目录访问协议(v3):可分辨名称的UTF-8字符串表示”,RFC 2253,1997年12月。
[RFC 2396] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998.
[RFC 2396]Berners Lee,T.,Fielding,R.和L.Masinter,“统一资源标识符(URI):通用语法”,RFC 2396,1998年8月。
[RFC 2437] Kaliski, B. and J. Staddon, "PKCS #1: RSA Cryptography Specifications, Version 2.0", RFC 2437, October 1998.
[RFC 2437]Kaliski,B.和J.Staddon,“PKCS#1:RSA加密规范,版本2.0”,RFC 2437,1998年10月。
[RFC 2801] Burdett, D., "Internet Open Trading Protocol - IOTP, Version 1.0", RFC 2801, April 2000.
[RFC 2801]Burdett,D.,“互联网开放交易协议-IOTP,1.0版”,RFC 2801,2000年4月。
[RFC 2803] Maruyama, H., Tamura, K. and N. Uramot, "Digest Values for DOM (DOMHASH)", RFC 2803, April 2000.
[RFC 2803]Maruyama,H.,Tamura,K.和N.Uramot,“DOM的摘要值(DOMHASH)”,RFC 2803,2000年4月。
[Schneier] Bruce Schneier, "Applied Cryptography: Protocols, Algorithms, and Source Code in C", 1996, John Wiley and Sons
Bruce Schneier,“应用密码学:C语言中的协议、算法和源代码”,1996年,John Wiley和Sons
[SHA1] NIST FIPS PUB 180-1, "Secure Hash Standard," National Institute of Standards and Technology, U.S. Department of Commerce, April 1995.
[SHA1]NIST FIPS PUB 180-1,“安全哈希标准”,美国商务部国家标准与技术研究所,1995年4月。
[X.509] ITU-T Recommendation X.509 (1997 E), "Information Technology - Open Systems Interconnection - The Directory: Authentication Framework", June 1997.
[X.509]ITU-T建议X.509(1997 E),“信息技术-开放系统互连-目录:认证框架”,1997年6月。
[X9.30] ASC X9 Secretariat: American Bankers Association, "American National Standard for Financial Services - Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry - Part 1: The Digital Signature Algorithm(DSA)", 1995.
[X9.30]ASC X9秘书处:美国银行家协会,“美国金融服务国家标准-金融服务业使用不可逆算法的公钥加密-第1部分:数字签名算法(DSA)”,1995年。
[X9.62] ASC X9 Secretariat: American Bankers Association,"American National Standard for Financial Services - Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry - The Elliptic Curve Digital Signature Algorithm (ECDSA)", Work in Progress, 1997.
[X9.62]ASC X9秘书处:美国银行家协会,“美国金融服务国家标准-金融服务行业使用不可逆算法的公钥加密-椭圆曲线数字签名算法(ECDSA)”,正在进行的工作,1997年。
[XLink] Eve Maler, Steve DeRose, "XML Linking Language (XLink)",
<http://www.w3.org/TR/1998/WD-xlink-19980303>
[XLink] Eve Maler, Steve DeRose, "XML Linking Language (XLink)",
<http://www.w3.org/TR/1998/WD-xlink-19980303>
[XML] Tim Bray, Jean Paoli, C. M. Sperber-McQueen, "Extensible
Markup Language (XML) 1.0",
<http://www.w3.org/TR/1998/REC-xml-19980210>
[XML] Tim Bray, Jean Paoli, C. M. Sperber-McQueen, "Extensible
Markup Language (XML) 1.0",
<http://www.w3.org/TR/1998/REC-xml-19980210>
Authors' Addresses
作者地址
The authors of this document are:
本文件的作者是:
Kent M. Davidson Differential, Inc. 440 Clyde Ave. Mountain View, CA 94043 USA
肯特M.戴维森差速器公司,美国加利福尼亚州山景城克莱德大道440号,邮编94043
EMail: kent@differential.com
EMail: kent@differential.com
Yoshiaki Kawatsura Hitachi, Ltd. 890-12 Kashimada Saiwai Kawasaki, Kanagawa 2128567 Japan
日本神奈川Kashimada Saiwai Kawasaki 890-12 Kashiaki Kawatsura Hitachi有限公司2128567
EMail: kawatura@bisd.hitachi.co.jp
EMail: kawatura@bisd.hitachi.co.jp
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。