跳到主要内容

5. Subject Public Key 字段 (Subject Public Key Fields)

中文导读: 本节对应 RFC 9909 的 5. Subject Public Key 字段 (Subject Public Key Fields) 部分, 对应文档标题为 RFC 9909 - Internet X.509 公钥基础设施: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) 的算法标识符. 下方若包含英文 RFC 原文, 注册表名称, 字段名, 算法名, 对象标识符, 媒体类型, 邮箱地址, URL, 代码, ABNF, ASN.1, YANG, JSON, XML, 测试向量或参考文献条目, 均按规范原样保留, 因为这些内容需要与 RFC 文本, IANA 注册表, 实现代码或验证工具逐字一致. 中文段落用于说明本节的作用, 阅读重点和实现含义, 不改变任何协议语义或注册值.

本页包含机器可读或接近机器可读的规范材料. 对 ASN.1, YANG, JSON Schema, XML Schema, 伪代码, 注册模板, 常量表和算法标识符, 翻译时必须保留关键字, 类型名, OID, namespace, 枚举值, 字段名和语法结构. 实现者应把这些块视为生成代码, 配置模型, 验证输入或一致性测试的依据.

在 X.509 证书中, subjectPublicKeyInfo 字段具有 SubjectPublicKeyInfo 类型, 其 ASN.1 语法如下:

  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE {
algorithm AlgorithmIdentifier {PUBLIC-KEY, {IOSet}},
subjectPublicKey BIT STRING }

NOTE: 上述语法来自 [RFC5912], 并且与 2021 ASN.1 语法 [X680] 兼容. 关于 1988 ASN.1 语法, 见 [RFC5280].

SubjectPublicKeyInfo 中的字段具有以下含义:

  • algorithm 是公钥的算法标识符和参数, 见上文.

  • subjectPublicKey 包含公钥的字节流.

[RFC9814] 为 Pure SLH-DSA 定义了以下公钥标识符:

   pk-slh-dsa-sha2-128s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-128s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-sha2-128f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-128f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-sha2-192s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-192s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-sha2-192f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-192f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-sha2-256s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-256s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-sha2-256f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-sha2-256f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-128s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-128s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-128f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-128f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-192s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-192s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-192f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-192f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-256s PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-256s
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-slh-dsa-shake-256f PUBLIC-KEY ::= {
IDENTIFIER id-slh-dsa-shake-256f
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

SLH-DSA-PublicKey ::= OCTET STRING

SLH-DSA-PrivateKey ::= OCTET STRING

HashSLH-DSA 的公钥标识符在此定义:

   pk-hash-slh-dsa-sha2-128s-with-sha256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-128s-with-sha256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-sha2-128f-with-sha256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-128f-with-sha256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-sha2-192s-with-sha512 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-192s-with-sha512
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-sha2-192f-with-sha512 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-192f-with-sha512
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-sha2-256s-with-sha512 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-256s-with-sha512
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-sha2-256f-with-sha512 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-sha2-256f-with-sha512
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-128s-with-shake128 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-128s-with-shake128
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-128f-with-shake128 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-128f-with-shake128
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-192s-with-shake256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-192s-with-shake256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-192f-with-shake256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-192f-with-shake256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-256s-with-shake256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-256s-with-shake256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

pk-hash-slh-dsa-shake-256f-with-shake256 PUBLIC-KEY ::= {
IDENTIFIER id-hash-slh-dsa-shake-256f-with-shake256
-- KEY no ASN.1 wrapping --
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign }
-- PRIVATE-KEY no ASN.1 wrapping -- }

[FIPS205] 第 9.1 节将 SLH-DSA 公钥定义为两个 n 字节元素: PK.seed 和 PK.root. SLH-DSA 公钥的原始八位字节串编码是这两个元素的拼接, 即 PK.seed || PK.root. 八位字节串长度为 2*n 字节, 其中 n 为 16, 24 或 32, 取决于 SLH-DSA 参数集. 在 SubjectPublicKeyInfo 类型中使用时, subjectPublicKey BIT STRING 包含公钥的原始八位字节串编码.

[RFC9814] 定义了 SLH-DSA-PublicKey 和 SLH-DSA-PrivateKey ASN.1 OCTET STRING 类型, 用于在使用 ASN.1 编码但未自行定义 SLH-DSA 原始八位字节串到 ASN.1 映射的环境中, 提供编码 Pure SLH-DSA 公钥或私钥的选项. HashSLH-DSA 公钥和私钥可以以相同方式使用 SLH-DSA-PublicKey 和 SLH-DSA-PrivateKey. 要将 SLH-DSA-PublicKey OCTET STRING 映射到 SubjectPublicKeyInfo, OCTET STRING 会按如下方式映射到 subjectPublicKey 字段 (BIT STRING 类型的值): OCTET STRING 值的最高有效位成为 BIT STRING 值的最高有效位, 依此类推; OCTET STRING 的最低有效位成为 BIT STRING 的最低有效位.

SLH-DSA 公钥的 AlgorithmIdentifier 必须使用第 3 节中的 id-slh-dsa-* 或 id-hash-slh-dsa-* 对象标识符之一. SLH-DSA 公钥的 AlgorithmIdentifier 的 parameters 字段必须不存在.

附录 C.1 包含一个使用 [RFC7468] 中定义的文本编码进行编码的 id-slh-dsa-sha2-128s 公钥示例.