Skip to main content

Appendix A. ASN.1 Syntax (ASN.1语法)

本附录总结了本文档中使用的ASN.1语法. 附录C包含完整的ASN.1模块.

A.1. RSA Key Representation (RSA密钥表示)

本节定义RSA公钥和私钥的ASN.1语法.

A.1.1. RSA Public Key Syntax (RSA公钥语法)

RSA公钥应表示为ASN.1类型RSAPublicKey:

RSAPublicKey ::= SEQUENCE {
    modulus           INTEGER,  -- n
    publicExponent    INTEGER   -- e
}

字段说明:

  • modulus: RSA模数n
  • publicExponent: RSA公钥指数e

在有效的RSA公钥中,模数n的值应该是u个不同奇素数r_i (i = 1, 2, ..., u)的乘积,其中u >= 2,公钥指数e应该是介于3和n - 1之间的整数,满足GCD(e, λ(n)) = 1.

A.1.2. RSA Private Key Syntax (RSA私钥语法)

RSA私钥应表示为ASN.1类型RSAPrivateKey:

RSAPrivateKey ::= SEQUENCE {
    version           Version,
    modulus           INTEGER,  -- n
    publicExponent    INTEGER,  -- e
    privateExponent   INTEGER,  -- d
    prime1            INTEGER,  -- p
    prime2            INTEGER,  -- q
    exponent1         INTEGER,  -- d mod (p-1)
    exponent2         INTEGER,  -- d mod (q-1)
    coefficient       INTEGER,  -- (inverse of q) mod p
    otherPrimeInfos   OtherPrimeInfos OPTIONAL
}

Version ::= INTEGER { two-prime(0), multi(1) }
    (CONSTRAINED BY {
        -- version must be multi if otherPrimeInfos present --
    })

OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo

OtherPrimeInfo ::= SEQUENCE {
    prime             INTEGER,  -- r_i
    exponent          INTEGER,  -- d_i
    coefficient       INTEGER   -- t_i
}

字段说明:

  • version: 版本号 (two-prime表示两素数RSA,multi表示多素数RSA)
  • modulus: RSA模数n
  • publicExponent: RSA公钥指数e
  • privateExponent: RSA私钥指数d
  • prime1: 第一个素因子p
  • prime2: 第二个素因子q
  • exponent1: d mod (p-1)
  • exponent2: d mod (q-1)
  • coefficient: CRT系数qInv, (q^-1) mod p
  • otherPrimeInfos: 可选,用于多素数RSA的额外素因子信息

A.2. Scheme Identification (方案标识)

本节定义本文档中定义的各种方案的对象标识符 (Object Identifiers).

A.2.1. RSAES-OAEP

RSAES-OAEP加密方案的对象标识符为:

id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 }

RSAES-OAEP的算法参数类型为:

RSAES-OAEP-params ::= SEQUENCE {
    hashFunc          [0] AlgorithmIdentifier DEFAULT sha1,
    maskGenFunc       [1] AlgorithmIdentifier DEFAULT mgf1SHA1,
    pSourceFunc       [2] AlgorithmIdentifier DEFAULT pSpecifiedEmpty
}

A.2.2. RSAES-PKCS1-v1_5

RSAES-PKCS1-v1_5加密方案的对象标识符为:

id-RSAES-PKCS1-v1_5 OBJECT IDENTIFIER ::= { pkcs-1 1 }

该方案没有关联的参数.

A.2.3. RSASSA-PSS

RSASSA-PSS签名方案的对象标识符为:

id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 }

RSASSA-PSS的算法参数类型为:

RSASSA-PSS-params ::= SEQUENCE {
    hashAlgorithm      [0] AlgorithmIdentifier DEFAULT sha1,
    maskGenAlgorithm   [1] AlgorithmIdentifier DEFAULT mgf1SHA1,
    saltLength         [2] INTEGER DEFAULT 20,
    trailerField       [3] INTEGER DEFAULT 1
}

A.2.4. RSASSA-PKCS1-v1_5

RSASSA-PKCS1-v1_5签名方案使用以下对象标识符用于不同的哈希函数:

sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }

这些对象标识符与特定的哈希函数关联.

Last updated on