TS 102 176-1-2005 Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms (V1.2.1)
"The present document is targeted to support advanced electronic signatures and the related infrastructure. The present document defines a list of hash functions and a list of signature schemes@ as well as the recommended combinations of hash functions and signatures schemes in the form of ""signature suites"". The primary criteria for inclusion of an algorithm in the present document are: ? the algorithm is considered as secure; ? the algorithm is commonly used; and ? the algorithm can easily be referenced (for example by means of an OID). This does not mean that other hash functions and signature suites cannot be used@ but either they do not correspond to the above criteria or their security have not been assessed. The document also provides guidance on the hash functions@ signature schemes and signature suites to be used with the data structures used in the context of electronic signatures. For each data structure@ the set of algorithms to be used are specified. Each set is identified by an identifier which is either an OID (Object IDentifier) or a URI /URN. The use of such identifiers is necessary so that interoperability can be achieved. In order to allow for data interchange@ the document references algorithms in terms of OIDs and URIs / URNs together with algorithm parameters. Different requirements apply to the issuers and to the users of the data structures in order to allow for interoperability. RFCs documents use the terms SHALL@ SHOULD@ MAY@ RECOMMENDED in order to allow for interoperability. The same terminology is used in the present document (see RFC 2119 [25]). Issuers of the data structures (e.g. CSPs@ CRL Issuers@ OCSP responders@ TSUs) need to know the algorithms and key sizes they SHOULD or MAY support. There SHOULD be at least one algorithm recommended to support@ but may be more than one. Users of the data structures (i.e. signers or verifiers of electronic signatures) need to know the algorithms and key sizes they SHALL@ SHOULD or MAY support. For users and for each data structure@ there must be at least one algorithm to support@ but may be more than one. These requirements are listed in annex A. Annex B provides historical information on the recommended hash functions@ algorithms and key sizes for the generation and verification of electronic signatures. This annex will be periodically updated. Annex C provides more information on the generation of RSA modulus. Annex D provides more information on the generation of elliptic curve domain parameters. Annex E addresses the generation of random data. Annex F lists the algorithm identifiers defined in various documents. Annex G provides a short abstract of ISO/IEC 10118-3 [3] and ISO/IEC 9796-2 [17]. Annex H provides some guidance on signature maintenance. Annex I lists the major changes from the previous versions. The present document defines a set of algorithms (i.e. hash functions@ signature schemes and signature suites) and the corresponding parameters that are recommended to be used. If such algorithms are used according to the context where they are expected to be used@ then a reasonable security level can be assumed. The algorithms defined in the present document are usable in particular with the following documents: ? TS 101 733 [18]: ""Electronic Signatures and Infrastructures (ESI); Electronic Signature Formats""; ? TS 101 903 [19]: ""XML Advanced Electronic Signatures (XAdES)""; NOTE: XML language is defined in RFC 3275 [10]. ? TS 101 861 [20]: ""Time stamping profile""; ? TS 101 456 [33]: ""Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates""; ? TS 102 042 [34]: ""Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing public key certificates""; ? CWA 14169 [35]: ""Secure Signature-Creation Devices ""EAL 4+""""; ? CWA 14170 [36]: ""Security requirements for signature creation applications""; ? CWA 14171 [37]: ""Procedures for electronic signature verification""; ? CWA 14167-1 [38]: ""Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 1: System Security Requirements""; ? CWA 14167-2 [39]: ""Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 2: Cryptographic module for CSP Signing Operations with Backup - Protection Profile""; ? CWA 14167-3 [40]: ""Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 3: Cryptographic module for CSP key generation services - Protection profile (CMCKG-PP)""; ? CWA 14167-4 [41]: ""Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signatures - Part 4: Cryptographic module for CSP signing operations - Protection profile - CMCSO PP""; ? RFC 3280 [2]: ""Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile""; ? RFC 3281 [21]: ""An Internet Attribute Certificate profile for authorization""; ? RFC 3161 [9]: (2001): ""Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)""; ? RFC 2560 [22]: ""X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP"". Patent related issues are out of the scope of the present document."
TS 102 176-1-2005 history
2011TS 102 176-1-2011 Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms (V2.1.1)
2007TS 102 176-1-2007 Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms (V2.0.0)
2005TS 102 176-1-2005 Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms (V1.2.1)