《ANSI-X9.30-1-1997.pdf》由会员分享,可在线阅读,更多相关《ANSI-X9.30-1-1997.pdf(29页珍藏版)》请在三一文库上搜索。
1、Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright American National Standards Institute
2、Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National Standard for Financial Services X9.30: 1-1997, Public Key Cryptography For The
3、 Financial Services Industry: Part 1: The Digital Signature Algorithm SA) (Revision of X9.3O:l-1995) Secretariat American Bankers Association Approved: January 30,1997 American National Standards Institute Copyright American National Standards Institute Provided by IHS under license with ANSI Licens
4、ee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National Standard Approval of an American National Standard requires verification by ANSI that the requirements for due process, cons
5、ensus, and other criteria for approval have been met by the standards developer. Consensus is established when, in the judgment of the ANSI Board of Standards Review, substantial agreement has been reached by directly and materially affected interests. Substantial agreement means much more than a si
6、mple majority, but not necessarily unanimity. Consensus requires that all views and objections be considered, and that a concerted effort be made toward their resolution. The use of American National Standards is completely voluntary; their existence does not in any respect preclude anyone, whether
7、he has approved the standards or not from manufacturing, marketing, purchasing, or using products, processes, or procedures not conforming to the standards. The American National Standards Institute does not develop standards and will in no circumstances give an interpretation of any American Nation
8、al Standard. Moreover, no person shall have the right or authority to issue an interpretation of an American National Standard in the name of the American National Standards Institute. Requests for interpretations should be addressed to the secretariat or sponsor whose name appears on the title page
9、 of this standard. CAUTION NOTICE This American National Standard may be revised or withdrawn at any time. The procedures of the American National Standards Institute require that action be taken to reaffm, revise, or withdraw this standard no later than five years from the date of approval. Publish
10、ed by American Bankers Association 1120 Connecticut Avenue, N W Washington, DC 20036 USA Customer Service Center 1 (800) 33 the two keys have the property that, given the public key, it is computationaily infeasible to derive the private key. The public key and identity of an entity together with so
11、me other information, rendered unforgeable by signing it with the private key of the certiQing authority which issued it. A Center trusted by one or more entities to create and assign certifcates. The discipline which embodies principles, means and methods for the transformation of data in order to
12、hide its information content, prevent its undetected modification, prevent its unauthorized use or a combination thereof. The time span during which a specific key is authorized for use or in which the keys for a given system may remain in effect. A parameter that determines the operation of a crypt
13、ographic function such as: 1. 2. 3. the transformation from plain text to cipher text and vice versa, the synchronized generation of keying material, a digital signature computation or validation. A cryptographic transformation of data which, when appended to a data unit, provides the services of 1.
14、 origin authentication, -1- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National St
15、andard x930.1-1997 2. data integrity, and 3. signer non-repudiation Hash A (mathematical) function which maps values from a large ossibly very large) domain into a smaller range. It may be used to reduce a potentially long message into a “hash value” or “message digest” which is sufficiently compact
16、 to be input into a digital signature algorithm. A good hash is such that the results of applying the function to a (large) set of values in the domain will be evenly (and randomly) distributed over the range. Key See Cryptographic Key. Keying Material The data (e.g., keys, certificates and initiali
17、zation vectors) necessary to establish and maintain cryptographic keying relationships. A communication containing one or more transactions or related information. A field which may be used to identifj a message or transaction. Typically, this field is a sequence number. Message Message identifier (
18、MID) Non-repudiation Owner Private key Public Key This service provides proof of the integrity and origin of data which can be verified by a third party. The party whose identity is associated with a private/public key pair. In an asymmetric (public) key cryptosystem, that key of an entitys key pair
19、 which is known only by that entity. In an asymmetric key system, that key of an entitys key pair which is publicly known. Signatory The entity that generates a digital signature on data. Verifier The entity that verifies the authenticity of a digital signature. 2.2. Common Abbreviations and Acronym
20、s This section contains abbreviations and acronyms commonly used in this standard. ABBREVIATION M E A ” G MID Message Identifier mod modulo -2- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale
21、, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National Standard x930:1-1997 mod n V e II SHA-l(m) arihmetic modulo n bitwise logical “inclusive-or” bitwise logical “exclusive-or” concatenation the result of a hash computation (message digest
22、) on message rn using the SHA-1 as defined in ANSI X9.30- 1997, Part 2: The Secure Hash Algorithm (SIL4-1) (Revised) 3 . Application 3.1. General When information is transmitted from one party to another, the recipient may desire to know that the information has not been altered in transit. Furtherm
23、ore, the recipient may wish to be certain of the originators identity. Both of these services can be provided by the DSA. A digital signature is an electronic analog to a written signature, in that the digital signature may be used in proving to a third party that the information was, in fact, signe
24、d by the claimed originator. Unlike their written counterparts, digital signatures also verify the integrity of information. Digital signatures may also be generated for stored data and programs so that the integrity of the data and programs may be verified at any later time. 3 . 2 . The Use of the
25、DSA Algorithm The DSA is used by a signatory to generate a digital signature on data and by a ver$er to veri the authenticity of the signature. Each signatory has a public and private key. The private key is used in the signature generation process, and the public key is used in the signature verifi
26、cation process. For both signature generation and verification, the data which is referred to as a message, M, is compressed by means of the Secure Hash Algorithm (SHA-1) specified in ANSI X9.30-1993, Part 2, Secure Hash Algorithm (SHA-1) (Revised) prior to the signature generation and verification
27、process. An adversary, who does not know the private key of the signatory, cannot generate the correct signature of the signatory. In other words, signatures cannot be forged. However, by using the signatorys public key, anyone can verify a validly signed message. The user of the public key of a pri
28、vate/public key pair requires assurance that the public key represents the owner of that key pair. That is, there must be a binding of a users identity and the users public key. This binding may be certified by a mutually trusted party. This may be accomplished by using a Certification Authority whi
29、ch generates a certificate in accordance with ANSI X9.57, Public Key Cryptography for the Financial Services Industry, Certijkate Management. -3- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resa
30、le, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National Standard x9301-1997 B C D This Standard provides the capability to detect duplicate messages and prevent the replay of messages when the signed message includes: Random Number Generati
31、on for the DSA3 Normative A Roof that v = r Informative Generation of Other Quantities Normative 1. 2. a MID. the identity of the intended recipient, and The MID shall not repeat during the cryptoperiod of the underlying private/public key pair. Annex A of ANSI X9.9-1986 provides information on the
32、use of unique MIDs. 4. The Digital Signature Algorithm (DSA) Normative annexes are a part of this Standard and define requirements of this Standard. Informative annexes provide additional information or computational examples and are not a part of this Standard. The Annexes listed below define addit
33、ional requirements and provide information on the DSA and its implementation. I Annex Contents Application I I A I Generation of Primes for the DSA I Normative I I E I Example of the DSA I Informative 4.1. DSA Parameters The DSA makes use of the following parameters: 1. 2. 3. p = a prime modulus, wh
34、ere 2L1 c p c 2L for 512 1 L 11024, and L is a multiple of 64 q = a prime divisor ofp - 1, where 2159 c q 1 (i.e., g has order q modp) 4 . x = a randomly or pseudorandomly generated integer with O c x c q 5. 6. y = gx mod p k = a randomly or pseudorandomly generated integer with O c k O andz = I , g
35、o to step 8. Step 7: j = j + 1. I f j e a, setz = 22 mod w and go to step 5. Step 8: w is not prime. Stop. Step 9: If i e n, set i = i + I and go to step 3. Otherwise, w is probably prime. A.3. Generation Of Primes The DSS requires two primes,p and 4, that shall satisfy the following three condition
36、s: a. b. c. q dividesp - 1. This prime generation scheme starts by using the SHA-1 and a user supplied SEED to construct a prime, 4, in the range 259 e 4 e 2160. Once this is accomplished, the same 2159 O, go to step 2. Step 10: Let ,-I= v mod 4. Note that in step 10, v may be negative. The v mod q
37、operation should yield a value between 1 and q - 1 inclusive. - 16- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without lic
38、ense from IHS -,-,- American National Standard X930:1-1997 Annex E: Example of the DSA (Informative) Let L = 512 (size of p). The values in this example are expressed in hexadecimal notation. The p and q given here were generated by the prime generation standard described in Annex A using the 160-bi
39、t SEED: d5014e4b 60ef2ba8 b621 lb40 62ba3224 e0427dd3 With this SEED, the algorithm foundp and q when the counter was at 105. x was generated by the algorithm described in Annex B, Section B.2.1, using the SHA-1 to construct G (as defined in Annex B, Section B.2.3) and a 160-bit XSEED: XSEED = bd029
40、bbe7f51960b cf9edb2b61f06fOf eb5a38b6 t = 67452301 efcdab89 98badcfe 10325476 c3d2elf0 X = G(t,XSEED) mod q k was generated by the algorithm described in Annex B, Section B.2.2, using the SHA-1 to construct G (as defined in Annex B, Section B.2.3) and a 160-bit KSEED: ZCSEED = 687a66d9 0648f993 867e
41、121f 4ddf9ddb 01205584 t = efcdab89 98badcfe 10325476 c3d2elf0 67452301 k = G(t,KSEED) mod q Finally: h = 2 p = 8df2a494 492276aa 3d25759b b06869cb eacOd83a fbSdOcf7 cbb8324f Od7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac 49693dfb f83724c2 ec0736ee 3180291 q = c773218c 737ec8ee 993b4f2d ed30f48e dace9
42、15f g = 626d0278 39eaOa13 413163a5 5b4cb500 2996522 956cefcb 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 219259 c42e9f6f 464b088c c572af53 e6d78802 x = 2070b322 3dba372f delc0ffc 7b2e3b49 8b260614 k = 358dad57 1462710f 50e254cf la376b2b deaadfbf k- =0d516729 8202e49b 41 16ac10 4fc3f415 ae52f917 -17
43、- Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- American National Standard x93O:l-1997 M = ASC
44、II form of “abc”6 SHA-l(M) = a9993e36 47068 16a bde257 1 785026 9cdOd89d y = 19131871 d75b1612 a819f29d 78dlbOd7 346flaa7 7bb62a85 9bfd6c56 75da9d21 2d3a36ef 1672ef66 Ob8c7c25 5ccOec74 858fba33 f44c0669 9630a76b 030ee333 r = 8baclab6 6410435 b7181f95 b16ab97c 92b341c0 s = 41e2345f lf56df24 58f426dl
45、55b4ba2d b6dcd8c8 w = 9df4ece5 826be95f ed406d41 b43edcOb lc18841b ul= bf655bd0 46fOb35e c791b004 804afcbb 8efld69d u2= 821a9263 12e97ade abcc8dO8 2b527897 8a2df4b0 su1 modp = 51blbf86 7888e5f3 af6fb476 9ddO16bc fe667a65 aafc2753 9063bd3d 2b138b4c e02ccOc0 2ec62bb6 7306c63e 4db95bbf 6f96662a 1987a21
46、b e4ec1071 010b6069 yu2 modp = 8b510071 2957e950 50d6b8fd 376a668e 4bOd633c le46e665 5c61 la72 e2b28483 be52c74d 4b3Ode61 a668966e dc307a67 c19441f4 22bf3c34 08aebalf Oa4dbec7 v = 8baclab6 6410435 b7181f95 b16ab97c 92b341c0 See ANSI X3.4-1977, Code for Information Interchange. -18- Copyright America
47、n National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,- Accredited Standards Committee X9 - Financial Services AMERICAN B
48、ANKERS ASSOCIATION 1120 Connecticut Avenue, N W Washington, D.C. 20036 (800) 3380626 (202) 663-5087 (I Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 22:01:57 MDTNo reproduction or networking permitted without license from IHS -,-,-