- From: Magnus Nyström <magnus@rsa.com>
- Date: Fri, 20 Mar 2009 15:44:02 +0100 (W. Europe Standard Time)
- To: public-xmlsec@w3.org
This is in response to ACTION-233 that I got at this week's call.
Here's a proposal that combines the previously suggested schema with some
descriptive text. I will also update the 1.1 draft with this text once we
agree on the wording (that is ACTION-232).
-- Magnus
--
4.4.2.3.1 Explicit Curve Parameters
The ECParameters element consists of the following subelements. Note these
definitions are based on the those described in [RFC3279].
- The FieldID element identifies the finite field over which the elliptic
curve is defined. Additional details on the structures for defining prime
and characteristic two fields is provided below.
- The Curve element specifies the coefficients a and b of the elliptic
curve E. Each coefficient is first converted from a field element to an
octet string as specified in section 2.3.5 of [SEC 1], then the resultant
octet string is encoded in base64.
Seed is an optional parameter used to
derive the coefficients of a randomly generated elliptic curve and is
represented as a base64 encoded bit string.
- The Base element specifies the base point P on the elliptic curve. The
base point is represented as a value of type ECPointType.
- The Order element specifies the order n of the base point and is encoded
as a positiveInteger.
- The Cofactor element is an optional element that specifies the integer h
= #E(Fq)/n. The cofactor is not required to support ECDSA, except in
parameter validation. The cofactor MAY be included to support parameter
validation for ECDSA keys. Parameter validation is not required by this
specification. The cofactor is required in ECDH public key parameters.
- The ValidationData element is an optional element that specifies the
hash algorithm used to generate the elliptic curve E and the base point G
verifiably at random. It also specifies the seed that was used to generate
the curve and the base point. When verifiably random curves and base
points are used, they shall be generated (and verified) as described in
Section A.3.3 of [ANSI X9.62].
[Note: ANSI X9.62 needs to be added to listed references. Since SEC-1
refers to ANSI X9.62 for this functionality, one cannot just reference
SEC-1.]
<complexType name="ECParametersType">
<sequence>
<element name="FieldID" type="dsig11:FieldIDType"/>
<element name="Curve" type="dsig11:CurveType"/>
<element name="Base" type="dsig11:ECPointType"/>
<element name="Order" type="ds:CryptoBinary"/>
<element name="CoFactor" type="integer" minOccurs="0"/>
<element name="ValidationData"
type="dsig11:ECValidationDataType" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="FieldIDType">
<choice>
<element ref="dsig11:Prime"/>
<element ref="dsig11:TnB"/>
<element ref="dsig11:PnB"/>
<element ref="dsig11:GnB"/>
<any namespace="##other" processContents="lax"/>
</choice>
</complexType>
<complexType name="CurveType">
<sequence>
<element name="A" type="ds:CryptoBinary"/>
<element name="B" type="ds:CryptoBinary"/>
<element name="Seed" type="ds:CryptoBinary" minOccurs="0"/>
</sequence>
</complexType>
<complexType name="ECValidationDataType">
<sequence>
<element name="seed" type="ds:CryptoBinary"/>
</sequence>
<attribute name="hashAlgorithm" type="anyURI" use="required"/>
</complexType>
--
Received on Friday, 20 March 2009 14:45:27 UTC