Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
cryptographic operations, then the same key shall not be used for both the MAC and encryption<br />
operations.<br />
4.2.3.2 MACs Using Hash Functions<br />
[FIPS198] specifies the computation of a MAC using an Approved hash function. The algorithm<br />
requires a single pass through the entire data. A variety of key sizes are allowed for HMAC; the<br />
choice of key size depends on the amount of security to be provided to the data and the hash<br />
function used. See Section 5.6 for guidance in the selection of key sizes.<br />
4.2.4 Digital Signature Algorithms<br />
Digital signatures are used to provide authentication, integrity and non-repudiation. Digital<br />
signatures are used in conjunction with hash algorithms and are computed on data of any length<br />
(up to a limit that is determined by the hash algorithm). [FIPS186-3] specifies algorithms that are<br />
Approved for the computation of digital signatures. It defines the Digital Signature Algorithm<br />
(DSA) and adopts the RSA algorithm as specified in [ANSX9.31] and [PKCS#1] (version 1.5<br />
and higher), and the ECDSA algorithm as specified in [ANSX9.62].<br />
4.2.4.1 DSA<br />
The Digital Signature Algorithm (DSA) is specified in [FIPS186-3] for specific key sizes 3 : 1024,<br />
2048, and 3072 bits. The DSA will produce digital signatures 4 of 320, 448, or 512 bits. Older<br />
systems (legacy systems) used smaller key sizes. While it may be appropriate to continue to<br />
verify and honor signatures created using these smaller key sizes 5 , new signatures shall not be<br />
created using these key sizes.<br />
4.2.4.2 RSA<br />
The RSA algorithm, as specified in [ANSX9.31] and [PKCS#1] (version 1.5 and higher) is<br />
adopted for the computation of digital signatures in [FIPS186-3]. [FIPS186-3] specifies methods<br />
for generating RSA key pairs for several key sizes for [ANSX9.31] and [PKCS#1]<br />
implementations. Older systems (legacy systems) used smaller key sizes. While it may be<br />
appropriate to continue to verify and honor signatures created using these smaller key sizes 6 , new<br />
signatures shall not be created using these key sizes.<br />
4.2.4.3 ECDSA<br />
The Elliptic Curve Digital Signature Algorithm (ECDSA), as specified in [ANSX9.62], is<br />
adopted for the computation of digital signatures in [FIPS186-3]. [ANSX9.62] specifies a<br />
3<br />
For DSA, the key size is considered to be the size of the modulus p. Another value, q, is also important when<br />
defining the security afforded by DSA.<br />
4 The length of the digital signature is twice the size of q (see the previous footnote).<br />
5 This may be appropriate if it is possible to determine when the digital signature was created (e.g., by the use of a<br />
trusted time stamping process). The decision should not depend solely on the cryptography used.<br />
6 This may be appropriate if it is possible to determine when the digital signature was created (e.g., by the use of a<br />
trusted time stamping process). The decision should not depend solely on the cryptography used.<br />
37