没有合适的资源?快使用搜索试试~ 我知道了~
首页NIST.FIPS.186-4.pdf
NIST.FIPS.186-4.pdf
需积分: 50 29 下载量 145 浏览量
更新于2023-05-13
1
收藏 743KB PDF 举报
Digital Signature Standard;美国国家标准技术局数字签名标准;NIST.FIPS.186-4.pdf
资源详情
资源推荐
![](https://csdnimg.cn/release/download_crawler_static/12374426/bg1.jpg)
FIPS PUB 186-4
FEDERAL INFORMATION PROCESSING STANDARDS
PUBLICATION
Digital Signature Standard (DSS)
CATEGORY: COMPUTER SECURITY SUBCATEGORY: CRYPTOGRAPHY
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8900
Issued July 2013
U.S. Department of Commerce
Cameron F. Kerry, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary of Commerce for Standards and Technology and Director
http://dx.doi.org/10.6028/NIST.FIPS.186-4
![](https://csdnimg.cn/release/download_crawler_static/12374426/bg2.jpg)
FOREWORD
The Federal Information Processing Standards Publication Series of the National Institute
of Standards and Technology (NIST) is the official series of publications relating to
standards and guidelines adopted and promulgated under the provisions of the Federal
Information Security Management Act (FISMA) of 2002.
Comments concerning FIPS publications are welcomed and should be addressed to the
Director, Information Technology Laboratory, National Institute of Standards and
Technology, 100 Bureau Drive, Stop 8900, Gaithersburg, MD 20899-8900.
Charles Romine, Director
Information Technology Laboratory
Abstract
This Standard specifies a suite of algorithms that can be used to generate a digital signature.
Digital signatures are used to detect unauthorized modifications to data and to authenticate the
identity of the signatory. In addition, the recipient of signed data can use a digital signature as
evidence in demonstrating to a third party that the signature was, in fact, generated by the
claimed signatory. This is known as non-repudiation, since the signatory cannot easily repudiate
the signature at a later time.
Key words: computer security, cryptography, digital signatures, Federal Information Processing
Standards, public key cryptography.
![](https://csdnimg.cn/release/download_crawler_static/12374426/bg3.jpg)
i
Federal Information Processing Standards Publication 186-4
July 2013
Announcing the
DIGITAL SIGNATURE STANDARD (DSS)
Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National
Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce
pursuant to Section 5131 of the Information Technology Management Reform Act of 1996
(Public Law 104-106), and the Computer Security Act of 1987 (Public Law 100-235).
1. Name of Standard: Digital Signature Standard (DSS) (FIPS 186-4).
2. Category of Standard: Computer Security. Subcategory. Cryptography.
3. Explanation: This Standard specifies algorithms for applications requiring a digital
signature, rather than a written signature. A digital signature is represented in a computer as a
string of bits. A digital signature is computed using a set of rules and a set of parameters that
allow the identity of the signatory and the integrity of the data to be verified. Digital signatures
may be generated on both stored and transmitted data.
Signature generation uses a private key to generate a digital signature; signature verification uses
a public key that corresponds to, but is not the same as, the private key. Each signatory
possesses a private and public key pair. Public keys may be known by the public; private keys
are kept secret. Anyone can verify the signature by employing the signatory’s public key. Only
the user that possesses the private key can perform signature generation.
A hash function is used in the signature generation process to obtain a condensed version of the
data to be signed; the condensed version of the data is often called a message digest. The
message digest is input to the digital signature algorithm to generate the digital signature. The
hash functions to be used are specified in the Secure Hash Standard (SHS), FIPS 180. FIPS
approved digital signature algorithms shall be used with an appropriate hash function that is
specified in the SHS.
The digital signature is provided to the intended verifier along with the signed data. The
verifying entity verifies the signature by using the claimed signatory’s public key and the same
hash function that was used to generate the signature. Similar procedures may be used to
generate and verify signatures for both stored and transmitted data.
4. Approving Authority: Secretary of Commerce.
![](https://csdnimg.cn/release/download_crawler_static/12374426/bg4.jpg)
ii
5. Maintenance Agency: Department of Commerce, National Institute of Standards and
Technology, Information Technology Laboratory, Computer Security Division.
6. Applicability: This Standard is applicable to all Federal departments and agencies for the
protection of sensitive unclassified information that is not subject to section 2315 of Title 10,
United States Code, or section 3502 (2) of Title 44, United States Code. This Standard shall be
used in designing and implementing public key-based signature systems that Federal
departments and agencies operate or that are operated for them under contract. The adoption and
use of this Standard is available to private and commercial organizations.
7. Applications: A digital signature algorithm allows an entity to authenticate the integrity of
signed data and the identity of the signatory. The recipient of a signed message can use a digital
signature as evidence in demonstrating to a third party that the signature was, in fact, generated
by the claimed signatory. This is known as non-repudiation, since the signatory cannot easily
repudiate the signature at a later time. A digital signature algorithm is intended for use in
electronic mail, electronic funds transfer, electronic data interchange, software distribution, data
storage, and other applications that require data integrity assurance and data origin
authentication.
8. Implementations: A digital signature algorithm may be implemented in software, firmware,
hardware or any combination thereof. NIST has developed a validation program to test
implementations for conformance to the algorithms in this Standard. Information about the
validation program is available at http://csrc.nist.gov/cryptval. Examples for each digital
signature algorithm are available at http://csrc.nist.gov/groups/ST/toolkit/examples.html.
Agencies are advised that digital signature key pairs shall not be used for other purposes.
9. Other Approved Security Functions: Digital signature implementations that comply with
this Standard shall employ cryptographic algorithms, cryptographic key generation algorithms,
and key establishment techniques that have been approved for protecting Federal government
sensitive information. Approved cryptographic algorithms and techniques include those that are
either:
a. specified in a Federal Information Processing Standard (FIPS),
b. adopted in a FIPS or a NIST Recommendation, or
c. specified in the list of approved security functions for FIPS 140.
10. Export Control: Certain cryptographic devices and technical data regarding them are
subject to Federal export controls. Exports of cryptographic modules implementing this Standard
and technical data regarding them must comply with these Federal regulations and be licensed by
the Bureau of Industry and Security of the U.S. Department of Commerce. Information about
export regulations is available at: http://www.bis.doc.gov.
11. Patents: The algorithms in this Standard may be covered by U.S. or foreign patents.
![](https://csdnimg.cn/release/download_crawler_static/12374426/bg5.jpg)
iii
12. Implementation Schedule: This Standard becomes effective immediately upon
approval by the Secretary of Commerce. A transition strategy for validating algorithms
and cryptographic modules will be posted on NIST’s Web page at
http://csrc.nist.gov/groups/STM/cmvp/index.html under Notices. The transition plan
addresses the transition by Federal agencies from modules tested and validated for
compliance to previous versions of this Standard to modules tested and validated for
compliance to FIPS 186-4 under the Cryptographic Module Validation Program. The
transition plan allows Federal agencies and vendors to make a smooth transition to FIPS
186-4.
13. Specifications: Federal Information Processing Standard (FIPS) 186-4 Digital Signature
Standard (affixed).
14. Cross Index: The following documents are referenced in this Standard. Unless a specific
version or date is indicated with the document number, the latest version of the given document
is intended as the reference.
a. FIPS PUB 140, Security Requirements for Cryptographic Modules.
b. FIPS PUB 180 Secure Hash Standard.
c. ANS X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the
Financial Services Industry (rDSA).
d. ANS X9.62-2005, Public Key Cryptography for the Financial Services Industry: The
Elliptic Curve Digital Signature Algorithm (ECDSA).
e. ANS X9.80, Prime Number Generation, Primality Testing and Primality Certificates.
f. Public Key Cryptography Standard (PKCS) #1, RSA Encryption Standard.
g. Special Publication (SP) 800-57, Recommendation for Key Management.
h. Special Publication (SP) 800-89, Recommendation for Obtaining Assurances for Digital
Signature Applications.
i. Special Publication (SP) 800-90A, Recommendation for Random Number Generation
Using Deterministic Random Bit Generators.
j. Special Publication (SP) 800-102, Recommendation for Digital Signature Timeliness.
k. Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the
Use of Cryptographic Algorithms and Key Lengths.
l. IEEE Std. 1363-2000, Standard Specifications for Public Key Cryptography.
15. Qualifications: The security of a digital signature system is dependent on maintaining the
secrecy of the signatory’s private keys. Signatories shall, therefore, guard against the disclosure
of their private keys. While it is the intent of this Standard to specify general security
requirements for generating digital signatures, conformance to this Standard does not assure that
剩余129页未读,继续阅读
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
![](https://csdnimg.cn/download_wenku/file_type_ask_c1.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![](https://csdnimg.cn/release/wenkucmsfe/public/img/green-success.6a4acb44.png)