Cryptography standards

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

Encryption standards

Hash standards

Digital signature standards

Public-key infrastructure (PKI) standards

  • X.509 Public Key Certificates

Wireless Standards

U.S. Government Federal Information Processing Standards (FIPS)

  • FIPS PUB 31 Guidelines for Automatic Data Processing Physical Security and Risk Management 1974
  • FIPS PUB 46-3 Data Encryption Standard (DES) 1999
  • FIPS PUB 73 Guidelines for Security of Computer Applications 1980
  • FIPS PUB 74 Guidelines for Implementing and Using the NBS Data Encryption Standard 1981
  • FIPS PUB 81 DES Modes of Operation 1980
  • FIPS PUB 102 Guideline for Computer Security Certification and Accreditation 1983
  • FIPS PUB 112 Password Usage 1985, defines 10 factors to be considered in access control systems that are based on passwords
  • FIPS PUB 113 Computer Data Authentication 1985, specifies a Data Authentication Algorithm (DAA) based on DES, adopted by the Department of Treasury and the banking community to protect electronic fund transfers.
  • FIPS PUB 140-2 Security Requirements for Cryptographic Modules 2001, defines four increasing security levels
  • FIPS PUB 171 Key Management Using ANSI X9.17 (ANSI X9.17-1985) 1992, based on DES
  • FIPS PUB 180-2 Secure Hash Standard (SHS) 2002 defines the SHA family
  • FIPS PUB 181 Automated Password Generator (APG) 1993
  • FIPS PUB 185 Escrowed Encryption Standard (EES) 1994, a key escrow system that provides for decryption of telecommunications when lawfully authorized.
  • FIPS PUB 186-2 Digital Signature Standard (DSS) 2000
  • FIPS PUB 190 Guideline for the Use of Advanced Authentication Technology Alternatives 1994
  • FIPS PUB 191 Guideline for the Analysis of local area network Security 1994
  • FIPS PUB 196 Entity Authentication Using Public Key Cryptography 1997
  • FIPS PUB 197 Advanced Encryption Standard (AES) 2001
  • FIPS PUB 198 The Keyed-Hash Message Authentication Code (HMAC) 2002

Internet Requests for Comments (RFCs)

Below is a non-exhaustive overview of notable cryptography-related RFCs, grouped by topic.

Transport Security
  • RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 Defines secure web communication (HTTPS), introduces modern cipher suites and removes legacy cryptography.[1]
  • RFC 5246 The Transport Layer Security Protocol Version 1.2 Predecessor to TLS 1.3, still widely implemented.[2]
Public-Key Cryptography and Signatures
  • RFC 8017 RSA Cryptography Specifications Defines RSA encryption and signature schemes such as RSA-OAEP and RSASSA-PSS.[3]
  • RFC 6979 Specifies deterministic generation of the nonce in DSA/ECDSA to avoid catastrophic randomness failures.[4]
  • RFC 7748 Defines modern elliptic curves X25519 and X448 for Diffie–Hellman key exchange.[5]
Symmetric Cryptography and MACs
  • RFC 2104 Defines the HMAC construction, widely used with hash functions such as SHA-256.[6]
  • RFC 5869 A widely used key derivation function used in protocols like TLS 1.3.[7]
  • RFC 8439 Defines the ChaCha20 stream cipher and Poly1305 MAC AEAD construction used in TLS, SSH, and QUIC.[8]
Public-Key Infrastructure and Certificates
  • RFC 5280 Defines the Internet profile for X.509 certificates, used by TLS certificate authorities.[9]
  • RFC 6960 Defines a protocol for checking certificate revocation status.[10]
Secure Messaging and Data Formats
  • RFC 5652 Defines the message format used for secure email (S/MIME).[11]
  • RFC 4880 Specifies the OpenPGP encryption and signature format used in tools like GnuPG.[12]
Network Security (IPsec)
  • RFC 4301 Defines the overall IPsec security architecture.[13]
  • RFC 4303 Specifies encrypted IP packets for IPsec.[14]
  • RFC 7296 Defines key exchange and authentication for IPsec VPNs.[15]

Classified Standards

  • EKMS NSA's Electronic Key Management System
  • FNBDT NSA's secure narrow band voice standard
  • Fortezza encryption based on portable crypto token in PC Card format
  • STE secure telephone
  • STU-III older secure telephone
  • TEMPEST prevents compromising emanations

Other

See also

References

  1. ^ E. Rescorla (August 2018). The Transport Layer Security (TLS) Protocol Version 1.3. Internet Engineering Task Force TLS workgroup. doi:10.17487/RFC8446. RFC 8446. Proposed Standard. Obsoletes RFC 5077, 5246 and 6961. Updates RFC 5705 and 6066.
  2. ^ T. Dierks; E. Rescorla (August 2008). The Transport Layer Security (TLS) Protocol Version 1.2. IETF TLS workgroup. doi:10.17487/RFC5246. RFC 5246. Obsolete. Obsoleted by RFC 8446. Obsoletes RFC 3268, 4346 and 4366; updates RFC 4492.
  3. ^ B. Kaliski; A. Rusch; J. Johnsson; A. Rusch (November 2016). K. Moriarty (ed.). PKCS #1: RSA Cryptography Specifications Version 2.2. Internet Engineering Task Force. doi:10.17487/RFC8017. ISSN 2070-1721. RFC 8017. Informational. Obsoletes RFC 3447.
  4. ^ T. Pornin (August 2013). Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). Independent Submission. doi:10.17487/RFC6979. ISSN 2070-1721. RFC 6979. Informational.
  5. ^ A. Langley; M. Hamburg; S. Turner (January 2016). Elliptic Curves for Security. Internet Engineering Task Force. doi:10.17487/RFC7748. ISSN 2070-1721. RFC 7748. Informational.
  6. ^ H. Krawczyk; M. Bellare; R. Canetti (February 1997). HMAC: Keyed-Hashing for Message Authentication. IETF Network Working Group. doi:10.17487/RFC2104. RFC 2104. Informational. Updated by RFC 6151.
  7. ^ Krawczyk, Hugo; Eronen, Pasi (May 2010). HMAC-based Extract-and-Expand Key Derivation Function (HKDF). Internet Engineering Task Force (IETF). doi:10.17487/RFC5869. RFC 5869. Informational.
  8. ^ Y. Nir; A. Langley (June 2018). ChaCha20 and Poly1305 for IETF Protocols. Internet Research Task Force. doi:10.17487/RFC8439. ISSN 2070-1721. RFC 8439. Informational. Obsoletes RFC 7539.
  9. ^ Cooper, D.; Santesson, S.; Farrell, S.; Boeyen, S.; Housley, R.; Polk, W. (May 2008). Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. doi:10.17487/RFC5280. RFC 5280. Proposed Standard. Updated by RFC 9549, 9598, 8398, 8399 and 6818. Obsoletes RFC 4630, 4325 and 3280.
  10. ^ S. Santesson; M. Myers; R. Ankey; S. Galperin; C. Adams (June 2013). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. Internet Engineering Task Force. doi:10.17487/RFC6960. RFC 6960. Proposed Standard. Updated by RFC 8954. Obsoletes RFC 6277 and 2560. Updates RFC 5912.
  11. ^ Housley, Russ (September 2009). Cryptographic Message Syntax (CMS). Internet Engineering Task Force (IETF). doi:10.17487/RFC5652. RFC 5652. Internet Standard. Obsoletes RFC 3852.
  12. ^ J. Callas; L. Donnerhacke; H. Finney; D. Shaw; R. Thayer (November 2007). OpenPGP Message Format. Network Working Group. doi:10.17487/RFC4880. RFC 4880. Proposed Standard. Obsoletes RFC 1991 and RFC 2440. Obsoleted by RFC 9580.
  13. ^ S. Kent; K. Seo (December 2005). Security Architecture for the Internet Protocol. Network Working Group. doi:10.17487/RFC4301. RFC 4301. Proposed Standard. Obsoletes RFC 2401. Updated by RFC 6040 and 7619.
  14. ^ S. Kent (December 2005). IP Encapsulating Security Payload. Network Working Group. doi:10.17487/RFC4303. RFC 4303. Proposed Standard. Obsoletes RFC 2406.
  15. ^ Kaufman, Charlie; Hoffman, Paul; Nir, Yoav; Eronen, Pasi; Kivinen, Tero (October 2014). Internet Key Exchange Protocol Version 2 (IKEv2). Internet Engineering Task Force (IETF). doi:10.17487/RFC7296. RFC 7296. Internet Standard. Obsoletes RFC 5996.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.