e-İmza Teknolojileri Test Suit e-Signature Technologies Test Suite

User Tools

Site Tools

Trace: Cryptographic Suite

Sidebar

  1. INTRODUCTION
  2. ABBREVIATIONS AND DEFINITIONS
  3. PREPARATION
  4. SIGNATURE CREATION
  5. SIGNATURE VALIDATION
  6. SIGNATURE ARCHIVAL
  7. E-CORRESPONDENCE PACKAGE
  8. CRYPTOGRAPHIC SUITE
  9. APPLICATIONS
en:kriptografik_suit

Table of Contents

Cryptographic Suite

General Information

Cryptographic algorithms are weakening day by day and there is a need to transition to new algorithms. RSA algorithm is used for signature creation in the current structure. The RSA algorithm was one of the first public key cryptography algorithms developed by Ron Rivest, Adi Shamir and Leonard Adleman in 1977. Although the RSA algorithm is still secure, the use of elliptic curves in cryptography is increasing and the elliptic curves play an important role in many public key cryptosystems.

Elliptic Curve Cryptography (ECC) was first proposed by Neal Koblitz and Victor Miller in 1985. While the reliability of the RSA algorithm is based on the difficulty of solving the factorization problem, the reliability of the ECC algorithm is based on the difficulty of solving the discrete logarithm problem. Elliptic curve encryption can provide security equivalent to the security provided by classical encryption algorithms with much shorter keys. It can also encrypt faster than RSA algorithm for the same key size. The elliptic curve encryption with a small key size means less processing costs and less memory consumption. With these features, ECC is the candidate to replace the RSA algorithm.

In order for the Elliptic Curve Signature Algorithm (ECDSA) to be used without any problems, hardware, software and libraries that create and validate electronic signatures must be compatible with this algorithm. In this context, a cryptographic suite was created to test the interoperability of the verification mechanisms of e-signature applications with different signature and hash algorithms.

Procedure

The following table provides the names and properties of the signature files created within the cryptographic suite:

Signed Document Name Signed Document Property Signature Algorithm
EC256 Valid signature created by using certificate with EC256 signing key ECDSA_SHA256
EC384 Valid signature created by using certificate with EC384 signing key ECDSA_SHA384
EC521 Valid signature created by using certificate with EC521 signing key ECDSA_SHA512
RSA2048_PSS_SHA256 Valid signature created by using certificate with RSA2048 signing key RSA_PSS_SHA256
RSA2048_PSS_SHA384 Valid signature created by using certificate with RSA2048 signing key RSA_PSS_SHA384
RSA2048_PSS_SHA512 Valid signature created by using certificate with RSA2048 signing key RSA_PSS_SHA512
RSA2048_SHA256 Valid signature created by using certificate with RSA2048 signing key RSA_SHA256
RSA2048_SHA384 Valid signature created by using certificate with RSA2048 signing key RSA_SHA384
RSA2048_SHA512 Valid signature created by using certificate with RSA2048 signing key RSA_SHA512
RSA3072_PSS_SHA256 Valid signature created by using certificate with RSA3072 signing key RSA_PSS_SHA256
RSA3072_PSS_SHA384 Valid signature created by using certificate with RSA3072 signing key RSA_PSS_SHA384
RSA3072_PSS_SHA512 Valid signature created by using certificate with RSA3072 signing key RSA_PSS_SHA512
RSA3072_SHA256 Valid signature created by using certificate with RSA3072 signing key RSA_SHA256
RSA3072_SHA384 Valid signature created by using certificate with RSA3072 signing key RSA_SHA384
RSA3072_SHA512 Valid signature created by using certificate with RSA3072 signing key RSA_SHA512

Cryptographic Suite Packages

Cryptographic suite packages for selected signature types are given in the table below.

Cryptographic Suite Package
e-Correspondence Package
CAdES-X Long Detached
CAdES-X Long Attached
CAdES-A Detached
CAdES-A Attached
P4 CAdES-X Long Detached
P4 CAdES-X Long Attached
P4 CAdES-A Detached
P4 CAdES-A Attached
XAdES-X Long Type 1 Detached
XAdES-X Long Type 1 Enveloping
XAdES-A Detached
XAdES-A Enveloping
P4 XAdES-X Long Type 1 Detached
P4 XAdES-X Long Type 1 Enveloping
P4 XAdES-A Detached
P4 XAdES-A Enveloping
PAdES LT-Level
PAdES LTA-Level
P4 PAdES LT-Level
P4 PAdES LTA-Level

Hash Algorithm for Elliptic Curve Keys

While there is no cryptographic restriction on the selection of the hash algorithm according to the key size in the RSA algorithm, a hash algorithm suitable for the key length should be used in order for the signatures created using the Elliptic Curve key to be considered cryptographically secure. Accordingly, signature creation applications should consider the key and hash algorithm combinations given in the table below. In addition, e-signature applications should determine the key of the signer certificate and should not leave the choice of signature algorithm for Elliptic Curve keys to user preference.

EC Key Hash Algorithm Signature Algorithm
NIST P-256 (OID: 1.2.840.10045.3.1.7)SHA-256ECDSA_SHA256
NIST P-384 (OID: 1.3.132.0.34)SHA-384ECDSA_SHA384
NIST P-521 (OID: 1.3.132.0.35)SHA-512ECDSA_SHA512
en/kriptografik_suit.txt · Last modified: 2023/07/14 12:55

Page Tools

This wiki has been created by TÜBİTAK BİLGEM KAMU SM. All Rights Reserved. Kamu Sertifikasyon Merkezi
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki