[画像:GNU Crypto B/W logo]

The GNU Crypto project

The GNU Keyring File Format


GNU Crypto Project C. Marshall
draft-marshall-gnu-keyring-00 September 2003
Expires: March 2004
 The GNU Keyring File Format
Status of this Memo
 This document is a ``rough draft,'' and should not be considered a
 fixed format. The values and structures described below are subject
 to change without notice.
 This is not an Internet-Draft, and is not associated with or endorsed
 by the Internet Engineering Task Force. We use the format of
 Internet-Drafts and RFCs for convenience and familiarity.
Abstract
 This is a proposal for a new keyring format, to be used by GNU Java
 implementations (Classpath, GCJ, GNU Crypto) as the official
 ``keystore'' format for those platforms. It need not be limited to
 Java platforms, however, as it is flexible enough a format to
 accommodate different applications.
Table of Contents
 1. Introduction . . . . . . . . . . . . . . . . . . . . . . XX
 1.1. Data Types . . . . . . . . . . . . . . . . . . . . . . . XX
 1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . XX
 2. Magic Bytes/Version Number . . . . . . . . . . . . . . . XX
 2.1. Ring Usage . . . . . . . . . . . . . . . . . . . . . . . XX
 3. Packets . . . . . . . . . . . . . . . . . . . . . . . . . XX
 3.1. Properties . . . . . . . . . . . . . . . . . . . . . . . XX
 3.1.1 Property Packets . . . . . . . . . . . . . . . . . . . . XX
 3.2. Envelope Types . . . . . . . . . . . . . . . . . . . . . XX
 3.2.1. Encrypted . . . . . . . . . . . . . . . . . . . . . . . . XX
 3.2.2. Password-Encrypted . . . . . . . . . . . . . . . . . . . XX
 3.2.3. Authenticated . . . . . . . . . . . . . . . . . . . . . . XX
 3.2.4. Password-Authenticated . . . . . . . . . . . . . . . . . XX
 3.2.5. Compressed . . . . . . . . . . . . . . . . . . . . . . . XX
 3.3. Extension Values . . . . . . . . . . . . . . . . . . . . XX
 3.4. Primitive Types . . . . . . . . . . . . . . . . . . . . . XX
 3.4.1. Trusted Certificates . . . . . . . . . . . . . . . . . . XX
 3.4.2. Public Keys . . . . . . . . . . . . . . . . . . . . . . . XX
 3.4.3. Private Keys . . . . . . . . . . . . . . . . . . . . . . XX
 3.4.4. X.509 Certificate Paths . . . . . . . . . . . . . . . . . XX
 3.4.5. Binary Data . . . . . . . . . . . . . . . . . . . . . . XX
 3.4. Properties . . . . . . . . . . . . . . . . . . . . . . . XX
draft-marshall-gnu-keyring-00 [Page 1]

Marshall The GNU Keyring File Format September 2003
 3.4.1. Property Set . . . . . . . . . . . . . . . . . . . . . . XX
 3.4.2. Property Type . . . . . . . . . . . . . . . . . . . . . . XX
 4. Required Layouts . . . . . . . . . . . . . . . . . . . . XX
 4.1. Read-only Layouts . . . . . . . . . . . . . . . . . . . . XX
 5. GNU Raw Codec . . . . . . . . . . . . . . . . . . . . . XX
 5.1. DSA . . . . . . . . . . . . . . . . . . . . . . . . . . . XX
 5.2. RSA . . . . . . . . . . . . . . . . . . . . . . . . . . XX
 5.3. Diffie-Hellman . . . . . . . . . . . . . . . . . . . . . XX
 6. Parsing Methodology . . . . . . . . . . . . . . . . . . XX
 7. Other Formats . . . . . . . . . . . . . . . . . . . . . . XX
 Security Considerations . . . . . . . . . . . . . . . . XX
 References . . . . . . . . . . . . . . . . . . . . . . . XX
 Authors' Addresses . . . . . . . . . . . . . . . . . . . XX
 Full Copyright Statement . . . . . . . . . . . . . . . . XX
1. Introduction.
 The GNU Keyring file format is a proposed standard file format for
 the long-term storage of cryptographic data, such as private keys and
 digital certificates. This format is being designed with the
 following goals:
 * Protection of trusted credentials, through the use of a password-
 based MAC (message authentication code) over these credentials.
 * Protection of secret credentials, through the use of a password-
 based MAC over the data, which is encrypted with a strong,
 password-based cipher.
 * Management of disparate types of cryptographic data, such as
 different types of digital certificate.
 * Extensibility. It should be possible to extend the file format
 when new requirements arise, without undo breakage of existing
 applications.
 * Compatibility with the JDK. This means that it should be possible
 to use this format as a keystore, so GNU implementations of the
 Java platform can provide the same functionality as the JDK.
 An implementation of this format is included in the Free Software
 Foundation's GNU Crypto project, a cryptographic library written in
 Java. The full copyright of GNU Crypto is included at the end of this
 document.
draft-marshall-gnu-keyring-00 [Page 2]

Marshall The GNU Keyring File Format September 2003
1.1. Data Types.
 Data read and written to keyrings will be one of the following types:
 uint8 An unsigned byte.
 uint16 An unsigned two-byte integer, in big-endian byte order.
 unit32 An unsigned four-byte integer.
 uint64 An unsigned eight-byte integer.
 octet sequence (os)
 An arbitrary byte array, stored as
 1. the length of the byte array, encoded in a uint32.
 2. the bytes themselves.
 u8string A sequence of UTF-8 bytes, stored as the a uint16 length
 field, then that many bytes. (see java.io.DataOutput.writeUTF)
 bigint An arbitrary-precision signed integer, stored as
 1. the length of the byte array, encoded in a uint32.
 2. the minimum number of bytes in two's complement notation.
 byte[l] A fixed-length byte array, stored without length.
draft-marshall-gnu-keyring-00 [Page 3]

Marshall The GNU Keyring File Format September 2003
1.2. Notation.
 When defining constants in this document, we shall use the following
 style, similar to the C preprossesor:
 #define CONSTANT_NAME VALUE
 When showing the format of packets, we use the following form,
 assuming that fields are concatenated from top to bottom:
 type1 Description of field 1.
 type2 Description of field 2.
 ...
 To show the intended structure of compound types, we will use the
 following Lisp-like notation:
 (level-1
 (level-2
 (level-3)
 )
 )
 By this we mean that the entity named `level-1' contains the entity
 named `level-2', which in turn contains the entity named `level-3',
 which is a primitive type and contains no other sub-types.
 Numbers are written in base 10, unless they are prefixed by `0x',
 when they will be written in base 16. Thus, the value `0x0123457'
 would mean the decimal value `1193047'.
 The key words ``MUST'', ``MUST NOT'', ``REQUIRED'', ``SHALL'',
 ``SHALL NOT'', ``SHOULD'', ``SHOULD NOT'', ``RECOMMENDED'', ``MAY'',
 and ``OPTIONAL'' in this document are to be interpreted as described
 in [RFC2119].
draft-marshall-gnu-keyring-00 [Page 4]

Marshall The GNU Keyring File Format September 2003
2. Magic Bytes/Version Number.
 To identify keyrings by content, and to protect against
 incompatibilities when the format evolves, all keyrings will begin
 with the following bytes:
 byte[3] The bytes ``GKR''.
 uint8 Version number.
 The current version number shall be 1. Thus keyrings described in
 this document shall begin with the value 0x474b5201.
 In magic(5) parlance, this would be:
 0 string GKR GNU keyring file
 >3 byte x version %d
2.1. Ring Usage.
 Immediately following the four-byte magic and version data will be a
 one-byte ``ring usage'' field. The presence of set bits in this byte
 shall declare what may be stored in this keyring.
 The currently defined bits, from least-significant up, are:
 Bit Meaning
 --- -------
 0 Private keys may be stored in this keyring.
 1 Personal certificate chains and public keys may be
 stored in this keyring.
 2 Trusted certificates may be stored in this keyring.
 The remaining bits are undefined for this version of GNU keyrings,
 and MUST be ignored.
 The layout for particular keyring types are described in section 4,
 Required Layouts.
 Conformant implementations MUST be able to read keyrings with the
 following usage fields:
 * With only trusted certificates (bit 2).
 * With only private keys and personal certificate chains or public
 keys (bits 0 and 1).
 These two types correspond to ``trusted credentials'' and ``personal
 credentials'', respectfully. Since these two are the most common uses
draft-marshall-gnu-keyring-00 [Page 5]

Marshall The GNU Keyring File Format September 2003
 of key storage -- one way to securely store trusted credentials such
 as CA certificates, and one way to securely store public and private
 keys -- these types of keyrings are the ones REQUIRED by this format.
draft-marshall-gnu-keyring-00 [Page 6]

Marshall The GNU Keyring File Format September 2003
3. Packets.
 The keyring shall then contain one or more packets, all of which,
 aside from a few exceptions, have the following form:
 uint8 Content-type.
 os Properties.
 os Packet data.
 At the top level, following the magic bytes, there must be only a
 single packet. As such, the packet appearing first in the file is
 typically an envelope type, which contains some number of primitive
 types.
 Unknown or unsupported content types do not necessarily mean that
 parsing should stop, especially in the case of packets marked
 OPTIONAL in this
3.1. Properties.
 Every packet begins with a set of ``properties'' -- a series of name-
 value pairs. These properties have a variety of uses, from naming
 packets to defining the algorithms used in encoding packets.
 Property packets are the only exception to the packet encoding rule
 above.
3.1.1. Property packets.
 The data of the ``properties'' field in packets is a sequence of one
 or more of the following packets:
 u8string Property name.
 u8string Property value.
 Property names are treated case-insensitively, while property values
 are not, unless specified otherwise.
 Different types of packets require certain properties to be defined
 in the packet. These properties will be described along with the
 description of that packet.
draft-marshall-gnu-keyring-00 [Page 7]

Marshall The GNU Keyring File Format September 2003
3.2. Envelope Types.
 Envelope types contain other types, usually to transform their
 contents. The types are encoded by merely concatenating multiple
 types together, with the end of the sequence corresponding to the end
 of the octet sequence.
 All envelope types MUST contain a property "alias-list", the value of
 which will be composed of the concatenation of the following for each
 of the contained types, separated by a single semicolon (';', Unicode
 value 0x003B):
 1) The value of the "alias" property if the entry is a primitive
 type (primitive types are described in section 3.2).
 2) The value of the "alias-list" property if the entry is an
 envelope type.
 That is, the recursive list of contained aliases will be flattened
 into a single, top-level list.
draft-marshall-gnu-keyring-00 [Page 8]

Marshall The GNU Keyring File Format September 2003
3.2.1. Encrypted.
 #define GKR_TYPE_ENCRYPTED 0
 Encrypted enveloped types transform their enclosed types with a
 strong block cipher and an external key (for encipherment based on a
 password, see Section 3.2.2). The form of the key and the IV is not
 handled in this document; it is imagined as coming from a device that
 ensures secure production of a given array of bytes.
 The encrypted data field is the encoded contained packets encrypted
 with the cipher.
 Encrypted packets require the following properties, whose values are
 treated case-insensitively:
 cipher -- This is the name of the cipher algorithm. At minimum,
 implementations must recognize the value "AES", which means the
 Advanced Encryption Standard cipher, described in [AES]. The
 key length for this cipher is 128 bits.
 mode -- This is the name of the mode that the cipher is used in.
 Implementations must be able to support the "OFB" and "CBC"
 modes, which correspond to the Output Feedback mode and the
 Cipher Block Chaining mode.
 keylen -- The length of the key passed to the cipher, in bytes.
 The padding for these ciphers shall be the same as that in [PKCS7].
 That is, if the plaintext is L bytes long, the padding will be
 01 if (L % bs) == 1
 02 02 if (L % bs) == 2
 ...
 16 16 ... 16 if (L % bs) == 0
 The AES is described in [AES].
 This type of envelope is OPTIONAL in conformant applications. It is
 included for completeness in the specification, and MAY be used in
 applications where password-based encryption is not appropriate.
 Implementations that cannot or do not want to use this type of
 ``raw'' encryption MUST still be able to parse these packets, but
 their contents may be discarded or ignored.
draft-marshall-gnu-keyring-00 [Page 9]

Marshall The GNU Keyring File Format September 2003
3.2.2. Password-Encrypted.
 #define GKR_TYPE_PBE 1
 Password-encrypted enveloped types use a combination of a password
 key-derivation function and a block cipher.
 The key derivation function is always KDF2 as described in [RFC2898]
 with HMAC-SHA-1 as the PRF, and the iteration count will fixed at
 1000.
 The required properties are the same as in `GKR_TYPE_ENCRYPTED', with
 the following additional properties:
 salt -- This is a random eight-byte value, encoded as a
 hexadecimal string. That is, the string "0123456789ABCDEF" is a
 valid value. This property is case-insensitive.
 Conformant applications MUST be able to parse password encrypted
 envelopes, and it is the default mode of protection.
 Two values are derived from the password, a key for the cipher, and
 an initialization vector. The length of the derived key is the value
 of the "keylen" property, and the IV length is the cipher's block
 size.
 (dk,iv) = PBKDF2 (UTF8(password), salt, 1000, dkLen + bs)
draft-marshall-gnu-keyring-00 [Page 10]

Marshall The GNU Keyring File Format September 2003
3.2.3. Authenticated.
 #define GKR_TYPE_MAC 2
 Authenticated enveloped types run a keyed message authentication code
 over their enclosed types, appending the hash to the end of the
 packet. As with the encryption types described earlier, this form is
 meant to be of generic use, and applications will likely use the
 password-based alternative described in the next section.
 The required properties for authenticated envelopes are:
 mac -- The name of the MAC algorithm to use. Required values for
 this property are "HMAC-MD5" and "HMAC-SHA-1". The HMAC is
 described in [RFC2104], MD5 is described in [RFC1321], and
 SHA-1 in [RFC3174].
 maclen -- The length of the MAC.
 The authenticated data field is structured as follows:
 byte[n-maclen] The to-be-authenticated data.
 byte[maclen] The MAC of the preceding.
 The value `n' is equal to the length of the packet data octet
 sequence.
 This type, like the `GKR_ENCRYPTED' type, is OPTIONAL, and the same
 rules apply to this packet type.
draft-marshall-gnu-keyring-00 [Page 11]

Marshall The GNU Keyring File Format September 2003
3.2.4. Password-Authenticated.
 #define GKR_TYPE_PBMAC 3
 Password-authenticated enveloped types use a password KDF in similar
 fashion as password-encrypted enveloped types, but with a keyed
 message authentication code. Like that packet type, there is an
 additional required property "salt".
 The format of the authenticated data field and the supported
 algorithms is the same as `GKR_TYPE_MAC'.
 Conformant applications MUST be able to parse password authenticated
 envelopes, and it is the default mode of authentication.
 The MAC key is derived from the password in the same fashion as with
 password-encrypted types, and the length of the derived key shall be
 equal to the untruncated length of the HMAC's hash function, so:
 HMAC dkLen
 ================ =====
 HMAC-MD5 16
 HMAC-SHA-1 20
3.2.5. Compressed.
 #define GKR_TYPE_COMPRESSED 4
 Compressed envelope types compress their contents with a standard
 compression algorithm.
 Compressed envelopes require the following property:
 algorithm -- The name of the compression algorithm to use. The
 only required value for this property is "DEFLATE", which is
 described in [RFC1951].
 Conforming implementations MUST be able to decompress DEFLATE-
 compressed envelopes.
3.3. Extension values.
 Packet types not defined in this document are reserved for future
 use. They MUST NOT appear in version 1 keyrings.
draft-marshall-gnu-keyring-00 [Page 12]

Marshall The GNU Keyring File Format September 2003
3.4. Primitive Types.
 Primitive types contain a single cryptographic entity. All primitive
 types require the following properties:
 alias -- A non-empty string that uniquely identifies the entry.
 Alias names need only be unique across a single type, e.g. a
 private key entry and a certificate path entry can share the
 same alias.
 creation-date -- The date that this entry was created, measured in
 milliseconds since 00:00:00 GMT, January 1, 1970. The value is
 written as a decimal string.
 Conforming implementations MUST be able to parse all primitive types
 described in this section.
3.4.1. Trusted Certificates.
 #define GKR_TYPE_CERT 5
 This value denotes a ``trusted certificate entry''. The packet data
 is the encoded form of the certificate. These packets require the
 following property:
 type -- The type of certificate that is encoded. This can be, for
 example, "X.509", which will denote X.509 certificates encoded
 as a DER-encoded ASN.1 sequence, as described in [RFC3280].
3.4.2. Public Keys.
 #define GKR_TYPE_PUBLIC_KEY 6
 This value denotes an asymmetric public key. The required property
 for these packets is:
 type -- The type of key, and its encoding method. Required values
 include "RAW-DSA", "RAW-RSA", "RAW-DH", and "X.509". The "RAW"
 encodings are described in section 5. The "X.509" encoding
 denotes a DER-encoded SubjectPublicKeyInfo ASN.1 structure, as
 described in [RFC3280].
3.4.3. Private and Secret Keys.
 #define GKR_TYPE_PRIVATE_KEY 7
 This value denotes an asymmetric private key, or a symmetric secret
 key. The required property for these packets is:
draft-marshall-gnu-keyring-00 [Page 13]

Marshall The GNU Keyring File Format September 2003
 type -- The type of key, and its encoding method. Required values
 include "RAW-DSA", "RAW-RSA", "RAW-DH", and "PKCS8". The "RAW"
 encodings are described in section 5. The "PKCS8" encoding
 denotes a DER-encoded PrivateKeyInfo ASN.1 structure, as
 described in [PKCS8].
3.4.4. X.509 Certificate Paths.
 #define GKR_TYPE_X509_PATH 8
 This value denotes an X.509 certificate path, which typically
 compliments a private key with the same alias name. Each private key
 should have a corresponding certificate chain, but this is not
 required by the format.
 There are no additional properties required for this type. The packet
 data is simply the concatenation of one or more DER-encoded X.509
 certificates, which are described in [RFC3280].
3.4.5. Binary Data.
 #define GKR_TYPE_BINARY_DATA 9
 This value denotes a generic way to encode arbitrary binary data in
 the keyring. No processing of these packets is required by
 implementations, and their data may be discarded if not needed by the
 implementation.
 There are no additional required properties, but the following
 property MAY be included in the packet:
 content-type -- A valid content type descriptor (e.g.
 "text/plain") that defines the type of data encoded in the
 packet data field.
draft-marshall-gnu-keyring-00 [Page 14]

Marshall The GNU Keyring File Format September 2003
4. Required Layouts.
 The layout for keyrings that contain trusted certificates (ring usage
 bit 2) is as follows:
 (GKR_TYPE_PBMAC
 (GKR_TYPE_COMPRESSED
 (... zero or more certificates and public keys.)
 )
 )
 The layout for keyrings that contain private keys and personal public
 credentials (ring usage bits 0 and 1) is as follows:
 (GKR_TYPE_PBMAC
 (GKR_TYPE_COMPRESSED
 (... zero or more private keys, public keys, or certificate
 chains.)
 )
 )
 Furthermore, entries of type `GKR_TYPE_PRIVATE_KEY' must be encoded
 as follows:
 (GKR_TYPE_PBMAC
 (GKR_TYPE_PBE
 (GKR_TYPE_PRIVATE_KEY)
 )
 )
 Above, we usually assume that the MAC and encipherment use the same
 password, but different salts. Implementations are not required to
 handle encrypted and MAC'd packets with different passwords or keys,
 but they are not forbidden.
 In these constructions the password-based entries may be replaced by
 their raw-key variants.
4.1. Read-only Layouts.
 Constrained clients that need to be able to read trusted certificates
 (such as, for example, a `cacerts' keyring for keeping a static set
 of certificate authority certificates), but do not necessarily need
 to read personal keyrings or add new certificates. In this case, it
 is sufficient to be able to read only keyrings with usage bit 2 set.
draft-marshall-gnu-keyring-00 [Page 15]

Marshall The GNU Keyring File Format September 2003
5. GNU Raw Codec
 The primary encoding format of public and private keys in GNU
 Keyrings is the ``RAW'' codec used by GNU Crypto.
5.1. DSA
 DSA public keys are encoded as:
 uint32 The value 0x47014450.
 uint8 Version, currently 1.
 bigint p
 bigint q
 bigint g
 bigint y
 And private keys as:
 uint32 The value 0x47014470.
 uint8 Version, currently 1.
 bigint p
 bigint q
 bigint g
 bigint x
5.2. RSA
 RSA public keys are encoded as:
 uint32 The value 0x47015250.
 uint8 Version, currently 1.
 bigint Modulus.
 bigint Public exponent.
 And private keys as:
 uint32 The value 0x47015270.
 uint8 Version, currently 1.
 bigint The prime p.
 bigint The prime q.
 bigint The public exponent e.
 bigint The private exponent d.
draft-marshall-gnu-keyring-00 [Page 16]

Marshall The GNU Keyring File Format September 2003
5.3. Diffie-Hellman
 Diffie-Hellman public keys are encoded as:
 uint32 The value 0x47014850.
 uint8 Version, currently 1.
 bigint The prime modulus p.
 bigint The generator g.
 bigint The public value y.
 And private keys as:
 uint32 The value 0x47014870.
 uint8 Version, currently 1.
 bigint The prime divisor of p-1.
 bigint The prime modulus p.
 bigint The generator g.
 bigint The private exponent x.
draft-marshall-gnu-keyring-00 [Page 17]

Marshall The GNU Keyring File Format September 2003
6. Parsing Methodology.
 This format has been structured such that it is almost able to be
 parsed in one-pass; the only limit on this is for private keys that
 are contained in an MAC-then-encrypted envelope, when the key needed
 to decrypt and authenticate the packet may not be immediately
 available. Keyrings that only contain trusted certificates do not
 have this restriction, and can be parsed in a single pass.
 This limitation is imposed by the API of the java.security.KeyStore
 class, where a password is supplied to load the keystore from its
 external representation, and a password is supplied to retrieve a
 private key. Applications that do not need to adhere to this API can,
 of course, obtain both required passwords and therefore parse
 personal keyrings in one pass.
 While the KeyStore API allows access to both trusted and personal
 credentials, the separation of these two in GNU keyrings (via the two
 REQUIRED ring usage types) obviates this; that is, one can access
 trusted credentials, or one can access personal credentials, but not
 both, at least not from the same file. There are few, if any,
 standard Java APIs that require the access of both types of data from
 a single file, so this requirement should not break any applications.
 When and if an unsupported packet is encountered, such as an
 unrecognized encoding scheme, the parser SHOULD continue to parse the
 rest of the keyring, but not decode the packet data. This goes for
 OPTIONAL envelopes described above.
 Packet types not defined in this document should raise a fatal error.
draft-marshall-gnu-keyring-00 [Page 18]

Marshall The GNU Keyring File Format September 2003
7. Other Formats.
 The need for a new file format for the storage of cryptographic data
 is not immediately apparent; there are, for example, a number of
 formats already being used as ``keystores'' in Java environments.
 Common formats include the JKS (Java Key Store), PKCS #12, and JCEKS
 (Java Cryptography Extension Key Store).
 JKS and JCEKS are proprietary, and should be avoided in favor of open
 standards.
 PKCS #12 [PKCS12] is an open standard, but is rather too complicated
 and badly designed. The format is basically the BER (basic encoding
 rules) of a group of ASN.1 (abstract syntax notation one) structures.
 BER as a transport format makes little sense; if the data types are
 well-defined enough (as the ones in this document are) then the
 simple rules of reading and writing such as described in this
 document should suffice.
 A compelling argument against PKCS #12 is found in [DESIGN].
Security Concerns.
 As the primary goal of this format is to preserve the integrity of
 sensitive cryptographic data, the methods with which these data are
 protected must be cryptographically secure, and the way in which they
 are used in this format must not weaken or undermine the security of
 the algorithms used.
 The recommended encryption/MAC scheme is the ``encrypt then MAC''
 scheme, which is believed to be secure and has not shown the
 weaknesses found in alternative schemes, as [ORDER] points out.
 The AES, MACs based on MD5 and SHA, and KDF2 are currently accepted
 as secure, and as such we also assume that the most efficient way to
 forge or steal data from a GNU Keyring is a brute-force search of
 possible passwords, since we see no reason to believe that our usage
 of these algorithms here weakens them unduly. It is possible, though
 unlikely, that our introduction of unenciphered data before
 enciphered data in the encrypt-then-MAC structure (such as that
 defined in section 4) can weaken the MAC, we believe that there is no
 evidence that this enables an attack.
 It is HIGHLY RECOMMENDED that applications enforce restrictions on
 the length and content of passwords, and recommend that passwords be
 at least eight characters long and contain at least one digit and one
 non-alphanumeric character.
draft-marshall-gnu-keyring-00 [Page 19]

Marshall The GNU Keyring File Format September 2003
References.
 [AES] Federal Information Processing Standards (FIPS) 197:
 Specification for the Advanced Encryption Standard (AES),
 November 2001.
 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
 [DESIGN] P. Gutmann, ``PFX - How Not to Design a Crypto
 Protocol/Standard''.
 http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html
 [ORDER] H. Krawczyk, ``The order of encryption and authentication
 for protecting communications (Or: how secure is SSL?)'',
 June 2001. http://eprint.iacr.org/2001/045/
 [PKCS8] RSA Laboratories, PKCS #8: Private-Key Information Syntax
 Standard, Version 1.2. November 1993.
 ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-8.asc
 [PKCS12] RSA Laboratories, PKCS #12: Personal Information Exchange
 Syntax, June 1999.
 ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf
 [RFC1321] R. Rivest, RFC 1321: The MD5 Message-Digest Algorithm,
 April 1992. http://www.ietf.org/rfc/rfc1321.txt
 [RFC1951] P. Deutsch, RFC 1951: DEFLATE Compressed Data Format
 Specification version 1.3, May 1996.
 http://www.ietf.org/rfc/rfc1951.txt
 [RFC2104] H. Krawczyk, M. Bellare and R. Canetti, RFC 2104: Keyed-
 Hashing for Message Authentication, February 1997.
 http://www.ietf.org/rfc/rfc2104.txt
 [RFC2119] S. Bradner, RFC 2119: Key words for use in RFCs to Indicate
 Requirement Levels, March 1997.
 http://www.ietf.org/rfc/rfc2119.txt
 [RFC2315] B. Kaliski, RFC 2315: PKCS #7: Cryptographic Message
 Syntax, Version 1.5. March 1998.
 http://www.ietf.org/rfc/rfc2315.txt
 [RFC2898] B. Kaliski, RFC 2898: PKCS #5: Password-Based Cryptography
 Specification, Version 2.0. September 2000.
 http://www.ietf.org/rfc/rfc2898.txt
draft-marshall-gnu-keyring-00 [Page 20]

Marshall The GNU Keyring File Format September 2003
 [RFC3174] D. Eastlake 3rd and P. Jones, RFC 3174: US Secure Hash
 Algorithm 1 (SHA1), September 2001.
 http://www.ietf.org/rfc/rfc3174.txt
 [RFC3280] W. Ford, R. Housley, W. Polk and D. Solo. RFC 3280:
 Internet X.509 Public Key Infrastructure Certificate and
 Certificate Revocation List (CRL) Profile. April 2002.
 http://www.ietf.org/rfc/rfc3280.txt
Authors' Addresses
 Casey Marshall
 email: rsdio@metastatic.org
draft-marshall-gnu-keyring-00 [Page 21]

Marshall The GNU Keyring File Format September 2003
Full Copyright Statement.
 Copyright (C) 2003 Casey Marshall.
 Verbatim copying and distribution of this entire document is
 permitted in any medium, provided that this notice is preserved.
 GNU Crypto copyright (C) 2001,2002,2003 The Free Software
 Foundation, Inc.
 GNU Crypto is free software; you can redistribute it and/or modify it
 under the terms of the GNU General Public License as published by the
 Free Software Foundation; either version 2, or (at your option) any
 later version.
 GNU Crypto is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with this program; see the file COPYING. If not, write to the
 Free Software Foundation Inc.,
 59 Temple Place - Suite 330,
 Boston, MA 02111-1307
 USA
 Linking this library statically or dynamically with other modules is
 making a combined work based on this library. Thus, the terms and
 conditions of the GNU General Public License cover the whole
 combination.
 As a special exception, the copyright holders of this library give
 you permission to link this library with independent modules to
 produce an executable, regardless of the license terms of these
 independent modules, and to copy and distribute the resulting
 executable under terms of your choice, provided that you also meet
 for each linked independent module, the terms and conditions of the
 license of that module. An independent module is a module which is
 not derived from or based on this library. If you modify this
 library, you may extend this exception to your version of the
 library, but you are not obligated to do so. If you do not wish to
 do so, delete this exception statement from your version.
draft-marshall-gnu-keyring-00 [Page 22]


Return to GNU's home page.

Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.

Please send comments on these web pages to webmasters@gnu.org, send other questions to gnu@gnu.org.

Copyright © 2001, 2002, 2003 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Updated: $Date: 2006年11月25日 10:32:10 $ $Author: ramprasadb $


AltStyle によって変換されたページ (->オリジナル) /