《ISO-14888-1-2008.pdf》由会员分享,可在线阅读,更多相关《ISO-14888-1-2008.pdf(18页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO/IEC 14888-1:2008(E) ISO/IEC 2008 INTERNATIONAL STANDARD ISO/IEC 14888-1 Second edition 2008-04-15 Information technology Security techniques Digital signatures with appendix Part 1: General Technologies de linformation Techniques de scurit Signatures numriques avec appendice Pa
2、rtie 1: Gnralits Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) PDF disclaimer This PDF
3、 file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein
4、the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PD
5、F-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT
6、ISO/IEC 2008 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body
7、in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2008 All rights reserved Copyright International Organization for Standardization Provided
8、by IHS under license with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) ISO/IEC 2008 All rights reserved iii Contents Page Foreword iv Introduction v 1 Scope 1 2 Normative refere
9、nces1 3 Terms and definitions .1 4 Symbols, conventions, and legend for figures.3 4.1 Symbols3 4.2 Coding convention 4 4.3 Legend for figures .4 5 General4 6 General model5 7 Options for binding signature mechanism and hash-function.6 8 Key generation.6 9 Signature process7 9.1 General7 9.2 Computin
10、g the signature 7 9.3 Constructing the appendix .7 9.4 Constructing the signed message.7 10 Verification process 8 Annex A (informative) On hash-function identifiers10 Bibliography11 Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boeing Co/59
11、10770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) iv ISO/IEC 2008 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission)
12、 form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and I
13、EC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC J
14、TC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodi
15、es for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identi
16、fying any or all such patent rights. ISO/IEC 14888-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This second edition cancels and replaces the first edition (ISO/IEC 14888-1:1998), which has been technically revised. ISO
17、/IEC 14888 consists of the following parts, under the general title Information technology Security techniques Digital signatures with appendix: Part 1: General Part 2: Integer factorization based mechanisms Part 3: Discrete logarithm based mechanisms Copyright International Organization for Standar
18、dization Provided by IHS under license with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) ISO/IEC 2008 All rights reserved v Introduction Digital signature mechanisms are asymmet
19、ric cryptographic techniques which can be used to provide entity authentication, data origin authentication, data integrity and non-repudiation services. There are two types of digital signature mechanisms: When the verification process needs the message as part of the input, the mechanism is called
20、 a “signature mechanism with appendix”. A hash-function is used in the calculation of the appendix. When the verification process reveals all or part of the message, the mechanism is called a “signature mechanism giving message recovery”. A hash-function is also used in the generation and verificati
21、on of these signatures. Signature mechanisms with appendix are specified in ISO/IEC 14888. Signature mechanisms giving message recovery are specified in ISO/IEC 9796. Hash-functions are specified in ISO/IEC 10118. Copyright International Organization for Standardization Provided by IHS under license
22、 with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/20
23、08 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- INTERNATIONAL STANDARD ISO/IEC 14888-1:2008(E) ISO/IEC 2008 All rights reserved 1 Information technology Security techniques Digital signatures with appendix Part 1: General 1 Scope ISO/IEC 14888 specifies several
24、digital signature mechanisms with appendix for messages of arbitrary length. This part of ISO/IEC 14888 contains general principles and requirements for digital signatures with appendix. It also contains definitions and symbols which are used in all parts of ISO/IEC 14888. Various means are availabl
25、e to obtain a reliable copy of the public verification key, e.g., a public key certificate. Techniques for managing keys and certificates are outside the scope of ISO/IEC 14888. For further information, see ISO/IEC 9594-8 4, ISO/IEC 11770-3 3 and ISO/IEC 15945 5. 2 Normative references The following
26、 referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. None. 3 Terms and definitions For the purposes of this documen
27、t, the following terms and definitions apply. 3.1 appendix string of bits formed by the signature and an optional text field 3.2 collision-resistant hash-function hash-function satisfying the following property: it is computationally infeasible to find any two distinct inputs which map to the same o
28、utput NOTE Computational feasibility depends on the specific security requirements and environment. ISO/IEC 10118-1 3.3 data element integer, bit string, set of integers or set of bit strings Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boe
29、ing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) 2 ISO/IEC 2008 All rights reserved 3.4 domain set of entities operating under a single security policy EXAMPLES public key certificates created by a
30、 single authority or by a set of authorities using the same security policy 3.5 domain parameter data element which is common to and known by or accessible to all entities within the domain 3.6 hash-code string of bits which is the output of a hash-function ISO/IEC 10118-1 3.7 hash-function function
31、 which maps strings of bits to fixed-length strings of bits, satisfying the following two properties: for a given output, it is computationally infeasible to find an input which maps to this output; for a given input, it is computationally infeasible to find a second input which maps to the same out
32、put NOTE 1 Computational feasibility depends on the specific security requirements and environment. NOTE 2 This definition of hash-function is referred to as one-way hash-function. ISO/IEC 10118-1 3.8 identification data sequence of data elements, including the distinguishing identifier for an entit
33、y, assigned to an entity and used to identify it NOTE The identification data may additionally contain data elements such as identifier of the signature process, identifier of the signature key, validity period of the signature key, restrictions on key usage, associated security policy parameters, k
34、ey serial number, or domain parameters. 3.9 key pair pair consisting of a signature key and a verification key, i.e., a set of data elements that shall be totally or partially kept secret, to be used only by the signer; a set of data elements that can be totally made public, to be used by any verifi
35、er 3.10 message string of bits of any length 3.11 parameter integer, bit string or hash-function 3.12 signature one or more data elements resulting from the signature process Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boeing Co/5910770001
36、 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) ISO/IEC 2008 All rights reserved 3 3.13 signature key set of private data elements specific to an entity and usable only by this entity in the signature process NOTE
37、 Sometimes called a private signature key in other standards, e.g. ISO/IEC 9796-2, ISO/IEC 9796-3 and ISO/IEC 9798-3. 3.14 signature process process which takes as inputs the message, the signature key and the domain parameters, and which gives as output the signature 3.15 signed message set of data
38、 elements consisting of the signature, the part of the message which cannot be recovered from the signature, and an optional text field NOTE In the context of this part of ISO/IEC 14888, the entire message is included in the signed message and no part of the message is recovered from the signature.
39、3.16 verification key set of public data elements which is mathematically related to an entitys signature key and which is used by the verifier in the verification process NOTE Sometimes called a public verification key in other standards, e.g. ISO/IEC 9796-2, ISO/IEC 9796-3 and ISO/IEC 9798-3. 3.17
40、 verification process process which takes as input the signed message, the verification key and the domain parameters, and which gives as output the result of the signature verification: valid or invalid 4 Symbols, conventions, and legend for figures 4.1 Symbols Throughout all parts of ISO/IEC 14888
41、 the following symbols are used. H hash-code K randomizer M message R first part of a signature NOTE First part of a signature R is alternatively called a witness. R recomputed first part of a signature S second part of a signature X signature key Y verification key Copyright International Organizat
42、ion for Standardization Provided by IHS under license with ISO Licensee=Boeing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) 4 ISO/IEC 2008 All rights reserved Z set of domain parameters signature A
43、 mod N the unique integer B from 0 to N 1 so that N divides A B A B (mod N) Integer A is congruent to integer B modulo N, i.e. (A B) mod N = 0. 4.2 Coding convention All integers in all parts of ISO/IEC 14888 are written with the most significant digit (or bit, or byte) in the leftmost position. 4.3
44、 Legend for figures The following legend for figures is used in all parts of ISO/IEC 14888. 5 General The mechanisms specified in ISO/IEC 14888 are based upon asymmetric cryptographic techniques. Every asymmetric digital signature mechanism involves three basic operations. A process for generating p
45、airs of keys, where each pair consists of a signature key and the corresponding verification key. A process using the signature key called the signature process. When, for a given message and signature key, the probability of obtaining the same signature twice is negligible, the operation is probabi
46、listic. procedure principal procedure optional principal procedure data flow optional data flow two data flows of which at least one is mandatory optional data data another optional data flow Copyright International Organization for Standardization Provided by IHS under license with ISO Licensee=Boe
47、ing Co/5910770001 Not for Resale, 07/25/2008 02:01:29 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC 14888-1:2008(E) ISO/IEC 2008 All rights reserved 5 When, for a given message and signature key, all the signatures are identical, the operation is deterministic. A
48、process using the verification key called the verification process. The verification of a digital signature requires the signers verification key. It is thus essential for a verifier to be able to associate the correct verification key with the signer, or more precisely, with (parts of) the signers identificat