Skip to content
Permalink
Browse files

Update ASiC_sikkerhet.textile

Tatt vekk to TODO
  • Loading branch information...
ogrinde committed May 16, 2014
1 parent a6303d2 commit 432cdaa98bbcfb566627c1a1f8a8a0045b2aeb6c
Showing with 5 additions and 7 deletions.
  1. +5 −7 Dokumentpakke/ASiC_sikkerhet.textile
@@ -20,10 +20,10 @@ table(table table-striped table-condensed).
| ETSI, ETSI TS 103 174 | "Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile":etsi2 | ETSI, 2013-06. |
| ETSI, ETSI TS 101 903 | "Electronic Signatures and Infrastructures (ESI); XML Advanced Electronic Signatures (XAdES)":etsi3 | ETSI, 2010-12. |
| ETSI, ETSI TS 103 171 | "Electronic Signatures and Infrastructures (ESI); XAdES Baseline Profile":etsi4 | ETSI, 2012-03. |
| IETF, RFC 5652 | "Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf5 | 2009-09. |
| IETF, RFC 3560 | "Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf6 | 2003-07. |
| IETF, RFC 3565 | "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf7 | 2003-07. |
| IETF, RFC 5084 | "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf8 | 2007-11. |
| IETF, RFC 5652 | "Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf5 | IETF, 2009-09. |
| IETF, RFC 3560 | "Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf6 | IETF, 2003-07. |
| IETF, RFC 3565 | "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf7 | IETF, 2003-07. |
| IETF, RFC 5084 | "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax <notexttile>(CMS)</notexttile>":ietf8 | IETF, 2007-11. |

h3. Integritet

@@ -60,8 +60,6 @@ table(table table-striped table-condensed).

h3. Konfidensialitet

TODO: Formatering i ASN.1 med for eksempel [0] skal ikke være en referanse

Dokumentpakken krypteres til mottakers sertifikat som leveres fra oppslagstjenesten. Krypteringen skal gjøres i henhold til "CMS (Cryptographic Message Syntax)":ietf5 med begrensninger angitt nedenfor.

CMS starter med en sekvens av ContentInfo
@@ -126,7 +124,7 @@ EncryptedContentInfo ::= SEQUENCE {

Her skal følgende begrensninger gjelde:

* contentType = 1.2.840.113549.1.7.1 (data) TODO: sjekk støtte for s/mime og mulighet for å angi ASiC.
* contentType = 1.2.840.113549.1.7.1 (data)
* contentEncryptionAlgorithm = 2.16.840.1.101.3.4.1.46 (aes256-GCM) i henhold til "Using AES-CCM and AES-GCM Authenticated Encryption":ietf8 som anbefalt, men kan også bruke "2.16.840.1.101.3.4.1.42 (aes256-CBC)":ietf7.

Ved bruk av aes256-CBC skal padding gjøres i henhold til "kapittel 6.3 i CMS spesifikasjonen":ietf5_6_3

0 comments on commit 432cdaa

Please sign in to comment.
You can’t perform that action at this time.