FSS and X.509 certificates

At first we consider the use of FSS in X.509 certificates. It is shown how keys are represented and how this can be mapped to the requirements of FSS. X.509 certificates are specified in the abstract syntax notation version 1 (ASN.1)[96]. List- ing 6.1 shows the ASN.1 representation of an X.509 certificate. There are three fields, where signature algorithm and key information are stored in a certificate: the signatureAlgorithm field and the signature and subjectPublicKeyInfo fields within the tbsCertificate element. The first two fields are of type Algorithm- Identifier and contain the identifier for the cryptographic algorithm used by the CA to sign this certificate. Signature algorithms that are supported are listed in [80, 105, 99]. However, it is explicitly allowed to support additional signature algo- rithms.

C e r t i f i c a t e : : = SEQUENCE { t b s C e r t i f i c a t e T B S C e r t i f i c a t e , s i g n a t u r e A l g o r i t h m A l g o r i t h m I d e n t i f i e r , s i g n a t u r e V a l u e BIT STRING } T B S C e r t i f i c a t e : : = SEQUENCE { v e r s i o n [ 0 ] EXPLICIT V e r s i o n DEFAULT v1 , s e r i a l N u m b e r C e r t i f i c a t e S e r i a l N u m b e r , s i g n a t u r e A l g o r i t h m I d e n t i f i e r , i s s u e r Name , v a l i d i t y V a l i d i t y , s u b j e c t Name , s u b j e c t P u b l i c K e y I n f o S u b j e c t P u b l i c K e y I n f o , i s s u e r U n i q u e I D [ 1 ] IMPLICIT U n i q u e I d e n t i f i e r OPTIONAL, −− I f p r e s e n t , v e r s i o n MUST be v2 o r v3 s u b j e c t U n i q u e I D [ 2 ] IMPLICIT U n i q u e I d e n t i f i e r OPTIONAL, −− I f p r e s e n t , v e r s i o n MUST be v2 o r v3 e x t e n s i o n s [ 3 ] EXPLICIT E x t e n s i o n s OPTIONAL −− I f p r e s e n t , v e r s i o n MUST be v3 } S u b j e c t P u b l i c K e y I n f o : : = SEQUENCE { a l g o r i t h m A l g o r i t h m I d e n t i f i e r , s u b j e c t P u b l i c K e y BIT STRING } A l g o r i t h m I d e n t i f i e r : : = SEQUENCE { a l g o r i t h m OBJECT IDENTIFIER ,

p a r a m e t e r s ANY DEFINED BY a l g o r i t h m OPTIONAL }

Listing 6.1: X.509 certificate [83]

The subjectPublicKeyInfo field contains the public key, that is certified with this certificate and additionally the algorithm to be used with the certified key. The algorithm in the subjectPublicKeyInfo is as well of type AlgorithmIdentifier. Thus, whether the CA’s signing key or the certified key is to be used with a FSS, this is specified in the same way.

The algorithm identifier is used to identify a cryptographic algorithm using an OID and optionally allows to specify parameters. These parameters may vary depending on the algorithm.

There are two possibilities to specify parameters for an algorithm. Either they are encoded within the OID of the algorithm as proposed in [101], meaning there is a standard set of parameters for the given algorithm. Or, they are explicitly stated within the parameters field of an AlgorithmIdentifier [83].

Thus, the use of FSS is covered by the X.509 standard and does not require any changes. The FSS algorithm itself needs to be standardized and have an OID assigned. This OID needs to directly identify the required parameters or, this stan- dardization must include a definition of required parameters to be included in respec- tive AlgorithmIdentifier fields in the certificate. For examples of such parameter

sets please refer to [80]. Concerning FSS, the parameters might in particular include the maximum number of allowed intervals for the certified key.