Using GOST R 34.10-2012 and GOST R 34.11-2012 Algorithms with the Internet X.509 Public Key Infrastructure

Stream: Independent Submission

RFC: 9215

Category: Informational

Published: March 2022

ISSN: 2070-1721

Authors: D.Baryshkov, Ed. V. Nikolaev A. Chelpanov
Linaro Ltd. CryptoPro InfoTeCS JSC

RFC 9215

Using GOST R 34.10-2012 and GOST R 34.11-2012
Algorithms with the Internet X.509 Public Key
Infrastructure

Abstract

This document describes encoding formats, identifiers, and parameter formats for the GOSTR
34.10-2012 and GOST R 34.11-2012 algorithms for use in the Internet X.509 Public Key
Infrastructure (РКІ).

This specification is developed to facilitate implementations that wish to support the GOST
algorithms. This document does not imply IETF endorsement of the cryptographic algorithms
used in this document.

Status of This Memo

This document is not an Internet Standards Track specification; it is published for informational
purposes.

This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor
has chosen to publish this document at its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by the RFC Editor are not
candidates for any level of Internet Standard; see Section 2 of RFC 7841.

Information about the current status of this document, any errata, and howto provide feedback
on it may be obtained at https://www.rfc-editor.org/info/rfc9215.

Copyright Notice

Copyright (c) 2022 ТЕТЕ Trust and the persons identified as the document authors. АП rights
reserved.

Baryshkov, et al. Informational Page1

КЕС9215

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF
Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this

PKIX: GOST R 34.10-2012, 34.11-2012

March 2022

document. Please review these documents carefully, as they describe your rights and restrictions
with respect to this document.

Table of Contents

1.

© o N Oo

Introduction

1.1. Requirements Language

. Signature Algorithm Support
. Hash Function Support

. Subject Public Keys Information Fields

4.1. Public Key Identifiers
4.2. Public Key Parameters
4.3. Public Key Encoding
4.4. Key Usage Extension

. Qualified Certificate Extensions

5.1. Distinguished Name Additions
5.2. Certificate Policies
5.3. Subject Sign Tool

5.4. Issuer Sign Tool

. Historical Considerations
. IANA Considerations
. Security Considerations

. References

9.1. Normative References

9.2. Informative References

Appendix A. GostR3410-2012-PKISyntax

Appendix B. GostR3410-2012-RuStrongCertsSyntax

Appendix C. Public Key Parameters

Baryshkov, et al. Informational

Page 2

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

Appendix D. Test Examples
D.1. GOST R 34.10-2001 Test Parameters (256-Bit Private Key Length)
D.1.1. Certificate Request
D.1.2. Certificate

D.1.3. Certificate Revocation List

D.2. GOST R 34.10-2012 TC26-256-A Parameters (256-Bit Private Key Length)
D.2.1. Certificate Request
D.2.2. Certificate

D.2.3. Certificate Revocation List

D.3. GOST R 34.10-2012 Test Parameters (512-Bit Private Key Length)
D.3.1. Certificate Request
D.3.2. Certificate

D.3.3. Certificate Revocation List

Appendix E. GOST R 34.10-2012 Test Parameters (Curve Definition)
E.1. Elliptic Curve Modulus
E.2. Elliptic Curve Coefficients
E.3. Elliptic Curve Points Group Order
E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group

E.5. Elliptic Curve Point Coordinates

Contributors

Authors' Addresses

1. Introduction

This document describes the conventions for using the GOST R 34.10-2012 signature algorithm
[GOSTR3410-2012] [RFC7091] and the GOST R 34.11-2012 hash function [GOSTR3411-2012]
[RFC6986] in the Internet X.509 Public Key Infrastructure (PKI) [RFC5280].

This specification defines the contents of the signatureAlgorithm, signatureValue, signature, and
subjectPublicKeyInfo fields within X.509 Certificates and Certificate Revocation Lists (CRLs). For
each algorithm, the appropriate alternatives for the keyUsage certificate extension are provided.

Baryshkov, et al. Informational Page3

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

This specification is developed to facilitate implementations that wish to support the GOST
algorithms. This document does not imply IETF endorsement of the cryptographic algorithms
used in this document.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.

2. Signature Algorithm Support

Conforming Certificate Authorities (CAs) MAY use the GOST R 34.10-2012 signature algorithm to
sign certificates and CRLs. This signature algorithm MUST always be used with the GOSTR
34.11-2012 hash function. It may use a key length of either 256 bits or 512 bits.

The ASN.1 object identifier (OID) used to identify the GOST R 34.10-2012 signature algorithm with a
256-bit key length and the GOST R 34.11-2012 hash function with a 256-bit hash code is:

id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) signwithdigest(3) gost3410-12-256(2) }

The GOST R 34.10-2012 signature algorithm with a 256-bit key length generates a digital signature
in the form of two 256-bit integers: г and s. Its octet string representation consists of 64 octets,
where the first 32 octets contain the big-endian representation of s and the second 32 octets
contain the big-endian representation ofr.

The ASN.1 OID used to identify the GOST R 34.10-2012 signature algorithm with a 512-bit key length
and the GOST R 34.11-2012 hash function with a 512-bit hash code is:

id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) signwithdigest(3) gost3410-12-512(3) }

The GOST R 34.10-2012 signature algorithm with a 512-bit key length generates a digital signature
in the form of two 512-bit integers: r and s. Its octet string representation consists of 128 octets,
where the first 64 octets contain the big-endian representation of s and the second 64 octets
contain the big-endian representation ofr.

When either of these OIDs is used as the algorithm field іп an AlgorithmIdentifier structure, the
encoding MUST omit the parameters field.

Baryshkov, et al. Informational Page4

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

The described definition of a signature value is directly usable in the Cryptographic Message
Syntax (CMS) [RFC5652], where such values are represented as octet strings. However, signature
values in certificates and CRLs [RFC5280] are represented as bit strings, and thus the octet string
representation must be converted.

To convert an octet string signature value to a bit string, the most significant bit of the first octet
ofthe signature value SHALL become the first bit of the bit string, and so on through the least
significant bit of the last octet of the signature value, which SHALL become the last bit of the bit
string.

3. Hash Function Support

The ASN.1 OID used to identify the GOST R 34.11-2012 hash function with a 256-bit hash code is:

id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) digest(2) 90513411-12-256(2))

The ASN.1 OID used to identify the GOST R 34.11-2012 hash function with a 512-bit hash code is:

id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) digest(2) 90513411-12-512(3))

When either of these OIDs is used as the algorithm field іп an AlgorithmIdentifier structure, the
encoding MUST omit the parameters field.

4. Subject Public Keys Information Fields

4.1. Public Key Identifiers
GOST R 34.10-2012 public keys with a 256-bit private key length are identified by the following OID:

id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) sign(1) gost3410-12-256(1))

GOST R 34.10-2012 public keys with a 512-bit private key length are identified by the following OID:

id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
algorithms(1) sign(1) gost3410-12-512(2))

Baryshkov, et al. Informational Page 5

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

4.2. Public Key Parameters

When either of these identifiers appears as the algorithm field in the
SubjectPublicKeyInfo.algorithm.algorithm field, the parameters field MUST have the following
structure:

GostR3410-2012-PublicKeyParameters ::- SEQUENCE

publicKeyParamSet OBJECT IDENTIFIER,
digestParamSet OBJECT IDENTIFIER OPTIONAL

where:

* publicKeyParamSet is the public key parameters identifier for GOST R 34.10-2012
parameters (see Sections 5.1.1 and 5.2.1 of [RFC7836] or Appendix C) or GOST R 34.10-2001
parameters (see Section 8.4 of [RFC4357]).

* digestParamSet is the parameters identifier for the corresponding GOST R 34.11-2012
parameters (see Section 3).

The following values, when used as publicKeyParamSet, define test public key parameter sets
and MUST NOT be used outside of testing scenarios:

e id-GostR3410-2001-TestParamSet
*id-tc26-gost-3410-2012-512-paramSetTest

The digestParamSet field:

* SHOULD be omitted if the GOST R 34.10-2012 signature algorithm is used with a 512-bit key
length

• MUST be present and must ре equal to id-tc26-digest-gost3411-12-256 if one of the
following values is used as publicKeyParamSet:
id-GostR3410-2001-TestParamSet

id-GostR3410-2001-CryptoPro-A-ParamSet
id-GostR3410-2001-CryptoPro-B-ParamSet
id-GostR3410-2001-CryptoPro-C-ParamSet
id-GostR3410-2001-CryptoPro-XchA-ParamSet
id-GostR3410-2001-CryptoPro-XchB-ParamSet

о

о

о

о

о

о

* SHOULD be omitted if publicKeyParamSet is equal to:
о id-tc26-gost-3410-2012-256-paramSetA

* MUST be omitted if one of the following values is used as publicKeyParamSet:
o id-tc26-gost-3410-2012-256-paramSetB

о id-tc26-gost-3410-2012-256-paramSetC

Baryshkov, et al. Informational Page 6

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

o id-tc26-gost-3410-2012-256-paramSetD

4.3. Public Key Encoding

The GOST R 34.10-2012 public key MUST be ASN.1 DER encoded as an OCTET STRING. This encoding
SHALL be used as the content (i.e., the value) of the subjectPublicKey field (а BIT STRING) of the
SubjectPublicKeyInfo structure.

GostR3410-2012-256-PublicKey
GostR3410-2012-512-PublicKey

OCTET STRING (SIZE(64))
OCTET STRING (SIZE (128))

GostR3410-2012-256-PublicKey MUST contain 64 octets, where the first 32 octets contain the
little-endian representation of the x coordinate of the public key and the second 32 octets contain
the little-endian representation of the y coordinate of the public key.

GostR3410-2012-512-PublicKey MUST contain 128 octets, where the first 64 octets contain the
little-endian representation of the x coordinate of the public key and the second 64 octets contain
the little-endian representation of the y coordinate of the public key.

4.4. Key Usage Extension

If the KeyUsage extension is present in a certificate with the GOST R 34.10-2012 public key, the
following values MAY be present:

e digitalSignature (0)
* contentCommitment (1)
* keyEncipherment (2)

* dataEncipherment (3)
* keyAgreement (4)

* keyCertSign (5)

e cRLSign (6)

* encipherOnly (7)

e decipherOnly (8)

Note that contentCommitment was named nonRepudiation in previous versions of X.509.

Ifthe key is going to be used for key agreement, the keyAgreement flag MUST be present in the
KeyUsage extension, with the encipherOnly and decipherOnly flags being optional. However,
the encipherOnly and decipherOnly flags MUST NOT be present simultaneously.

5. Qualified Certificate Extensions

This section defines additional OIDs for use in qualified certificates for checking digital
signatures.

Baryshkov, et al. Informational Page 7

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

5.1. Distinguished Name Additions

OGRN is the main state registration number of juridical entities.
OGRN ::= NUMERIC STRING (SIZE(13))

The corresponding ОШ is 1.2.643.100.1.

SNILS is the individual insurance account number.
SNILS ::- NUMERIC STRING (SIZE(11))

The corresponding ОШ 15 1.2.643.100.3.

INNLE is the individual taxpayer number (ITN) of the legal entity.
INNLE ::= NUMERIC STRING (SIZE(10))

The corresponding ОШ is 1.2.643.100.4.

OGRNIP is the main state registration number of individual entrepreneurs (sole traders).
OGRNIP ::- NUMERIC STRING (SIZE(15))

The corresponding ОШ 15 1.2.643.100. 5.

IdentificationKind represents the way the receiver of the certificate was identified by the CA.

IdentificationKind ::- INTEGER 4 personal(0), remote-cert(1),
remote-passport(2), remote-system(3) )

The corresponding ОШ is1.2.643.100.114.

INN is the individualtaxpayer number (ITN).
INN ::- NUMERIC STRING (SIZE(12))

The corresponding ОШ 15 1.2.643.3.131.1.1.

Baryshkov, et al. Informational Page 8

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

5.2. Certificate Policies

The Russian national regulation body for cryptography defines several security levels of
cryptographic tools. Depending on the class of cryptographic token used by the certificate owner,
the following OIDs must be included in certificate policies. Certificates should include OIDs,
starting from the lowest (KC1) up to the strongest applicable.

*1.2.643.100.113.1- class KC1
*1.2.643.100.113.2-class KC2
*1.2.643.100.113.3- class KC3
*1.2.643.100.113.4- class KB1
*1.2.643.100.113.5-class KB2
*1.2.643.100.113.6- class КАТ

5.3. Subject Sign Tool

To denote the token or software type used by the certificate owner, the following non-critical
SubjectSignTool extension with OID 1.2.643.100.111 should be included. It is defined as

SubjectSignTool ::= UTF8String(SIZE(1..200))

5.4. Issuer Sign Tool

To denote the tools used to generate key pairs and tools used by the CA to sign certificates, the
following non-critical IssuerSignTool extension with OID 1.2.643.100.112 should be
included. It is defined as

IssuerSignTool ::= SEQUENCE 4
signTool UTF8String(SIZE(1..200)),
cATool UTF8String(SIZE(1..200)),

signToolCert UTF8String(SIZE(1..100)),
cAToolCert UTF8String(SIZE(1..100)) }

where:

e signTool identifies tools used to create key pairs.
e cATool identifies tools used by the CA.

*signToolCert and cAToolCert contain the notice of the conformance of respective tools to
Russian federal law on digital signatures.

Baryshkov, et al. Informational Page 9

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

6. Historical Considerations

Note that, for a significant period of time, there were no documents describing GostR3410-2012-
PublicKeyParameters.Several old implementations have used GostR3410-2001-
PublicKeyParameters instead. These implementations will return an error if the
digestParamSet field is not included in public key parameters. Thus, an implementation
wishing to collaborate with old implementations might want to include digestParamSet equal
toid-tc26-digest-gost3411-12-512 if one ofthe following values is used as
publicKeyParamSet:

*id-tc26-gost-3410-12-512-paramSetA
*id-tc26-gost-3410-12-512-paramSetB

Note that the usage of keyEncipherment and dataEncipherment values for the KeyUsage
extension is not fully defined for the GOST R 34.10-2012 public keys, so they SHOULD be used with
additional care.

7. IANA Considerations

This document has no IANA actions.

8. Security Considerations

It is RECOMMENDED that applications verify signature values and subject public keys to conform
to the GOST R 34.10-2012 standard [GOSTR3410-2012] [RFC7091] prior to their use.

It is RECOMMENDED that CAs and applications make sure that the private key for creating
signatures is not used for more than its allowed validity period (typically 15 months for the GOST
R 34.10-2012 algorithm).

Test parameter sets (id-GostR3410-2001-TestParamSet and id-tc26-
gost-3410-2012-512-paramSetTest) MUST NOT be used outside of testing scenarios. The use of
parameter sets not described herein is NOT RECOMMENDED. When different parameters are used,
itis RECOMMENDED that they be subjected to examination by an authorized agency with
approved methods of cryptographic analysis.

For security discussions concerning the use of algorithm parameters, see [ANS17] and the Security
Considerations sections in [RFC4357] and [RFC7836].

9. References

9.1. Normative References

[RFC2119]

Baryshkov, et al. Informational Page 10

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14,
RFC 2119, DOI 10.17487/RFC2119, March 1997, «https://www.rfc-editor.org/info/
rfc2119>.

[RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional Cryptographic Algorithms for
Use with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
Algorithms", RFC 4357, DOI 10.17487/RFC4357, January 2006, <https://www.rfc-
editor.org/info/rfc4357>.

[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet
X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL)
Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, <https://www.rfc-editor.org/
info/rfc5280>.

[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, RFC 5652, DOI
10.17487/RFC5652, September 2009, <https://www.rfc-editor.org/info/rfc5652>.

[RFC6986] Dolmatov, У., Ed. and A. Degtyarev, "GOST R 34.11-2012: Hash Function", RFC 6986,
DOI 10.17487/RFC6986, August 2013, <https://www.rfc-editor.org/info/rfc6986>.

[RFC7091] Dolmatov, У., Ed. and A. Degtyarev, "GOST R 34.10-2012: Digital Signature
Algorithm", RFC 7091, DOI 10.17487/RFC7091, December 2013, <https://www.rfc-
editor.org/info/rfc7091>.

[RFC7836] Smyshlyaev, S., Ed. Alekseev, E., Oshkin, I., Popov, V., Leontiev, S., Podobaev, V.,
and D. Belyavsky, "Guidelines on the Cryptographic Algorithms to Accompany
the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012", RFC 7836, DOI
10.17487/RFC7836, March 2016, <https://www.rfc-editor.org/info/rfc7836>.

[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14,
RFC 8174, DOI 10.17487/RFC8174, Мау 2017, «https://www.rfc-editor.org/info/
rfc8174>.

9.2. Informative References

[ANS17] Alekseev, E.K., Nikolaev, V.D., and SV. Smyshlyaev, "On the security properties of
Russian standardized elliptic curves", Mathematical Aspects of Cryptography,
9:3, P. 5-32, DOI 10.4213/mvk260, 2018, <https://doi.org/10.4213/mvk260>.

[GOSTR3410-2012] "Information technology. Cryptographic data security. Signature and
verification processes of [electronic] digital signature", GOST R 34.10-2012,
Federal Agency on Technical Regulating and Metrology, 2012.

[GOSTR3411-2012] "Information technology. Cryptographic Data Security. Hashing function",
GOST R 34.11-2012, Federal Agency on Technical Regulating and Metrology, 2012.

Baryshkov, et al. Informational Page 11

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

Appendix A. GostR3410-2012-PKISyntax

Baryshkov, et al. Informational Page 12

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

GostR3410-2012-PKISyntax
( iso(1) member-body(2) ru(643) rosstandart(7)
tc26(1) modules(@) gostR3410-2012-PKISyntax(2) )

DEFINITIONS ::-
BEGIN
-- EXPORTS All --

-- ASN.1 TC 26 root
id-tc26 OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1) )

-- Signature algorithm
id-tc26-sign OBJECT IDENTIFIER ::-
( id-tc26 algorithms(1) sign(1) )

-- Hash algorithm
id-tc26-digest OBJECT IDENTIFIER ::-
( id-tc26 algorithms(1) digest(2) )

-- Public key identifiers
id-tc26-sign-constants OBJECT IDENTIFIER ::-
( id-tc26 constants(2) sign(1) )

-- Public key algorithm GOST R 34.10-2012 / 256-bit identifiers
id-tc26-gost-3410-2012-256-constants OBJECT IDENTIFIER ::-
( id-tc26-sign-constants gost-3410-2012-256(1) )

-- Public key algorithm GOST R 34.10-2012 / 512-bit identifiers
id-tc26-gost-3410-2012-512-constants OBJECT IDENTIFIER ::-
( id-tc26-sign-constants gost-3410-2012-512(2) )

-- GOST R 34.10-2012 / 256-bit signature algorithm
id-tc26-gost3410-12-256 OBJECT IDENTIFIER ::-
( id-tc26-sign gost3410-12-256(1) )

-- GOST R 34.10-2012 / 512-bit signature algorithm
id-tc26-gost3410-12-512 OBJECT IDENTIFIER ::-
( id-tc26-sign gost3410-12-512(2) )

-- GOST R 34.11-2012 / 256-bit hash algorithm
id-tc26-gost3411-12-256 OBJECT IDENTIFIER ::-
( id-tc26-digest gost3411-12-256(2))

-- GOST R 34.11-2012 / 512-bit hash algorithm
id-tc26-gost3411-12-512 OBJECT IDENTIFIER ::-
( id-tc26-digest gost3411-12-512(3))

-- GOST R 34.10-2012 / GOST R 34.11-2012 sign/hash algorithm
id-tc26-signwithdigest OBJECT IDENTIFIER ::-
( id-tc26 algorithms(1) signwithdigest(3) )

-- Signature & hash algorithm GOST R 34.10-2012 / 256 bits
-- with GOST R 34.11-2012
id-tc26-signwithdigest-gost3410-12-256 OBJECT IDENTIFIER ::-
( id-tc26-signwithdigest gost3410-12-256(2) )

Baryshkov, et al. Informational Page 13

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012

-- Signature & hash algorithm GOST R 34.10-2012 / 512 bits
-- with GOST R 34.11-2012
id-tc26-signwithdigest-gost3410-12-512 OBJECT IDENTIFIER ::-
( id-tc26-signwithdigest gost3410-12-512(3) )

-- GOST R 34.10-2012 / 256-bit signature algorithm

-- parameters identifier: "Set A"
id-tc26-gost-3410-2012-256-paramSetA OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-256-constants paramSetA(1) )

-- GOST R 34.10-2012 / 256-bit signature algorithm

-- parameters identifier: "Set B"
id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-256-constants paramSetB(2) )

-- GOST R 34.10-2012 / 256-bit signature algorithm

-- parameters identifier: "Set C"
id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-256-constants paramSetC(3) )

-- GOST R 34.10-2012 / 256-bit signature algorithm

-- parameters identifier: "Set D"
id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-256-constants paramSetD(4) )

-- GOST R 34.10-2012 / 512-bit signature algorithm

-- parameters identifier: "Test set"
id-tc26-gost-3410-2012-512-paramSetTest OBJECT IDENTIFIER
( id-tc26-gost-3410-2012-512-constants paramSetTest(0) }

-- GOST R 34.10-2012 / 512-bit signature algorithm

-- parameters identifier: "Set A"
id-tc26-gost-3410-2012-512-paramSetA OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-512-constants paramSetA(1) )

-- GOST R 34.10-2012 / 512-bit signature algorithm

-- parameters identifier: "Set B"
id-tc26-gost-3410-2012-512-paramSetB OBJECT IDENTIFIER
( id-tc26-gost-3410-2012-512-constants paramSetB(2) )

-- GOST R 34.10-2012 / 512-bit signature algorithm

-- parameters identifier: "Set C"
id-tc26-gost-3410-2012-512-paramSetC OBJECT IDENTIFIER ::-
( id-tc26-gost-3410-2012-512-constants paramSetC(3) )

-- Public key GOST R 34.10-2012 / 256 bits
GostR3410-2012-256-PublicKey ::- OCTET STRING (SIZE (64))
-- Public key GOST R 34.10-2012 / 512 bits
GostR3410-2012-512-PublicKey ::- OCTET STRING (SIZE (128))
-- Public key GOST R 34.10-2012

GostR3410-2012-PublicKey ::- OCTET STRING (SIZE (64 | 128))

-- Public key parameters GOST R 34.10-2012
GostR3410-2012-PublicKeyParameters ::-
SEQUENCE {
publicKeyParamSet OBJECT IDENTIFIER,
digestParamSet OBJECT IDENTIFIER OPTIONAL

Baryshkov, et al. Informational

March 2022

Page14

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

END -- GostR3410-2012-PKISyntax

Baryshkov, et al. Informational Page 15

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

Appendix B. GostR3410-2012-RuStrongCertsSyntax

Baryshkov, et al. Informational Page 16

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

RuStrongCertsSyntax
( iso(1) member-body(2) ru(643) rosstandart(7)
tc26(1) modules(@) ruStrongCertsSyntax(6) )

DEFINITIONS ::-
BEGIN
-- EXPORTS All --

id-ca OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) ca(3) )

id-fss OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) fss(100) )

id-fns OBJECT IDENTIFIER ::-
( id-ca fns(131) )

-- The main state registration number of juridical entities.
OGRN ::- NumericString(SIZE (13))

id-OGRN OBJECT IDENTIFIER ::-
( id-fss ogrn(1) )

-- The individual insurance account number.
SNILS ::- NumericString(SIZE (11))

id-SNILS OBJECT IDENTIFIER ::-
( id-fss snils(3) )
-- The main state registration number of
-- individual entrepreneurs (sole traders).
OGRNIP ::- NumericString(SIZE (15))

id-OGRNIP OBJECT IDENTIFIER ::-
( id-fss ogrnip(5) )

id-class OBJECT IDENTIFIER ::-
( id-fss class(113) }

id-class-kc1 OBJECT IDENTIFIER ::-
( id-class kc1(1) }

id-class-kc2 OBJECT IDENTIFIER ::-
( id-class kc2(2) )

id-class-kc3 OBJECT IDENTIFIER ::-
( id-class kc3(3) )

id-class-kb1 OBJECT IDENTIFIER ::-
( id-class kb1(4) }

id-class-kb2 OBJECT IDENTIFIER ::-
( id-class kb2(5) )

id-class-ka OBJECT IDENTIFIER ::-
( id-class ka(6) )

Baryshkov, et al. Informational Page 17

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

-- The individual taxpayer number (ITN).
INN ::- NumericString(SIZE (12))

id-INN OBJECT IDENTIFIER ::-
( id-fns ids(1) inn(1) )

-- The organization taxpayer number (OTN).
INNLE ::- NumericString(SIZE (10))

id-INNLE OBJECT IDENTIFIER ::-
( id-fss innle(4) )

-- The token or software type used by the certificate owner.
SubjectSignTool ::= UTF8String(SIZE(1..200))

id-SubjectSignTool OBJECT IDENTIFIER ::-
( id-fss subjectSignTool(111) )

-- The tools used to generate key pairs and tools used by
-- the CA to sign certificates.

IssuerSignTool ::= SEQUENCE 4
signTool UTF8String(SIZE(1..200)),
cATool UTF8String(SIZE(1..200)),

signToolCert UTF8String(SIZE(1..100)),
cAToolCert UTF8String(SIZE(1..100)) )

id-IssuerSignTool OBJECT IDENTIFIER ::-
( id-fss issuerSignTool(112) )

-- The method of identifying the owner, when it applies/receives

-- the certificate in the CA.

IdentificationKind ::= INTEGER 4 personal(0), remote-cert(1),
remote-passport(2), remote-system(3) )

id-IdentificationKind OBJECT IDENTIFIER ::-
( id-fss identificationKind(114) )

END -- RuStrongCertsSyntax

Appendix C. Public Key Parameters

Неге we define three new OIDs for three existing public key parameter sets defined in [RFC4357].
These OIDs MUST be used with GOST R 34.10-2012 public keys only.

id-tc26-gost-3410-2012-256-paramSetB OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
constants(2) sign-constants(1) gost-3410-12-256-constants(1)
paramSetB(2))

The elliptic curve of this parameter set is the same as that of id-GostR3410-2001-CryptoPro-
A-ParamSet (and id-GostR3410-2001-CryptoPro-XchA-ParamSet), which can be found in
[RFC4357].

Baryshkov, et al. Informational Page 18

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

id-tc26-gost-3410-2012-256-paramSetC OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
constants(2) sign-constants(1) gost-3410-12-256-constants(1)
paramSetC(3))

The elliptic curve of this parameter set is the same as that of id-GostR3410-2001-CryptoPro-
B-ParamSet, which can be found in [RFC4357].

id-tc26-gost-3410-2012-256-paramSetD OBJECT IDENTIFIER ::-
( iso(1) member-body(2) ru(643) rosstandart(7) tc26(1)
constants(2) sign-constants(1) gost-3410-12-256-constants(1)
paramSetD(4))

The elliptic curve of this parameter set is the same as that of id-GostR3410-2001-CryptoPro-
C-ParamSet (and id-GostR3410-2001-CryptoPro-XchB-ParamSet), which can be found in
[RFC4357].

Appendix D. Test Examples
D.1. GOST R 34.10-2001 Test Parameters (256-Bit Private Key Length)
This example uses the curve defined in Section 7.1 of [RFC7091].

The private key is

d = @x7A929ADE789BB9BE19ED359DD39A72C1 \ \
1B60961F49397EEE1D19CE9891EC3B28

The public key is

@x7F2B49E270DB6D98D8595BEC458B50C5\ \
8585BA1D4E9B788F6689DBD8E56FD80B

х
П

@x26F1B489D6701DD185C8413A977B3CBB\ \
AF64D1C593D26627DFFB101A87FF77DA

Baryshkov, et al. Informational Page 19

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

D.1.1. Certificate Request

(vA s
129:

15
Ss
165
14

3
6
9
11
13
15
20

29
31
33
43
45
54

64
67

133

135
137

147

Baryshkov, et al.

-BEGIN CERTIFICATE REQUEST
MIHTMIGBAgEAMBIXEDAOBgNVBAMTBOVAYW1wbGUwZ j Af BggqhQMHAQEBATATBgcq
hQMCAiMABggqhQMHAQECAgNDAARACO9hv5djbiWaPeJtOHbqFhcVQiO0XsWinYkG3b
c0JJK3/ad/-*HGhD73ydm0pPFOWSvuzx7lzpByIXRHXDWibTxJqAAMAoGCCqFAwcB
AQMCA0EAaqqz j ) XUqqUXIAMBeZEi2FVIT1efTLuW1jzf3zrMQypBqijS8asUgoDN
ntVv7aQZdAU1VKQnZ7g60EP90dwEkwz-

-END CERTIFICATE REQUEST

67:
64:

SEQUENCE {
SEQUENCE {
INTEGER 0
SEQUENCE {
SET (
SEQUENCE (

OBJECT IDENTIFIER commonName (2 5 4 3)
'Example'

PrintableString

}

}
SEQUENCE {
SEQUENCE {

OBJECT IDENTIFIER '1 2 643 7
SEQUENCE (
OBJECT IDENTIFIER '1 2 643
OBJECT IDENTIFIER '1 2 643
)
)
ВІТ STRING, encapsulates 4
OCTET STRING
өв 08 6F Е5 08 DB 89 66 ЗЕ
C5 50 8B 45 EC 5B 59 p8 90
РА И БЕЗВИ ТА ЕТО ЕВО DERZ
ВВ ЗС 7В 97 ЗА 41 С8 85 01
)
ци {}
SEQUENCE {
OBJECT IDENTIFIER 12 643 7 1 1
}
BIT STRING
6A АА B3 8E 35 D4 АА А5 17 94 03
55 48 4F 57 9F 4C BB 96 D6 3C DF
41 AA 28 D2 F1 AB 14 82 8@ CD 9E
74 05 35 54 А4 27 67 B8 ЗА DO 43
)
Informational

91
сс
Ер
DC

22
43
A4
04

BA
49
D1
В4

D8
2A
19
93

85 85
2B 7F
64 AF
F1 26

March 2022

Page 20

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

D.1.2. Certificate

Baryshkov, et al. Informational Page 21

КЕС9215

205
207

Baryshkov, et al.

PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

SBEGIN CERTIEICATE-----
MIIBLTCB26ADAgECAgEKMAoGCCqFAwcBAQMCMBIXxEDAOBgNVBAMTBOVAYWTwbGUW
IBcNMDEwMTAxMDAwMDAwWhgPMj A1MDEyMzEwMDAWMDBaMBIXxEDAOBgNVBAMTBOVA4
YW1wbGUwZ j Af BggqhQMHAQEBATATBgcqhQMCAiMABggqhQMHAQECAgNDAARACOhv
5djbiWaPeJtOHbqFhcVQiO0XsW1nYkG3bcOJJK3 /ad/-*HGhD73ydmOpPFOWSvuzx7
lzpByIXRHXDWibTxJqMTMBEwDwYDVROTAQH/BAUWAWEB / ZAKBggqhQMHAQEDAgNB
AE1T8BL+CBd2UH1Nm7gfAO/bTu/Uq406xLrPc1Fzz6gcQaoo@vGrFIKAzZ7Vb+2k
GXQFNVSkJ2e40tBD/TncBJM-

SEND CERTIFICATE-----

67:
64:

19:
ДЕЛЕ

01:
1

SEQUENCE 4
SEQUENCE {
[0]
ІМТЕСЕВ 2

)
INTEGER 10
SEQUENCE (
OBJECT IDENTIFIER '12 643 7 1 1 3 2'

)
SEQUENCE 4
SET 4
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

}

SEQUENCE {
UTCTime 01/01/2001 00:00:00 GMT
GeneralizedTime 31/12/2050 00:00:00 GMT

}
SEQUENCE {
БЕЛЕ
SEQUENCE 4
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

}

}
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER "12 643 7 1 1 1 1'
SEQUENCE (
OBJECT IDENTIFIER '1 2 643 2 2 35 0
OBJECT IDENTIFIER '1 2 643 7 1 1 2 2'

}

}
BIT STRING, encapsulates 4
OCTET STRING
өв D8 6F Е5 08 DB 89 66 ЗЕ 78 9B ДЕ 1D BA 85 85
C5 50 8B 45 EC 5B 59 08 90 6D DB 70 Е2 49 2B 7F
DA 77 FF 87 ЛА 10 ЕВ DF 27 66 02 93 C5 01 64 AF
BB 3C 7B 97 3A 41 C8 85 D1 1D 70 D6 89 B4 F1 26
}
}
beet
SEQUENCE {

Informational Page 22

КЕС9215

209
211
216
219
221
223

226
228

238

Baryshkov, et al.

65:

= © сл © (л

SEQU

OBJECT IDENTIFIER basicConstraints (2 5 29 19)
BOOLEAN TRUE

PKIX: GOST R 34.10-2012, 34.11-2012

ENCE (

OCTET STRING, encapsulates 4

)
SEQUENCE (
OBJECT I

}

BIT STRING
4D 53 F0
DB 4E EF
41 AA 28
74 05 35

SEQUENCE (
BOOLEAN

DENTIFIER

12 FE 08
04 АВ 83
D2 F1 AB
54 A4 27

TRUE

2246499 72198 32725

17 76 50 7D 4D 9B B8 ТЕ 00 EF
BA CA BA CF 73 51 73 CF А8 1C
14 82 80 CD 9E D5 6F ED A4 19
67 B8 ЗА DO 43 FD 39 DC 04 93

Informational

March 2022

Page 23

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

D.1.3. Certificate Revocation List

----- BEGIN X509 CRL-----

MIGSMEECAQEwCgY IKoUDBwEBAwIwE jEQMA4GA1UEAxMHRXhhbXBsZRCNMTQwMTAx
MDAwMDAwWhcNMTQwMTAyMDAwMDAwW;j AKBggqhQMHAQEDAgNBAEK /OSoUO-*vpV68-*
RstQv19CIaADrTOXJ1PJSpw3ox0gQaoo0vGrFIKAzZ7Vb*2kGXQFNVSkJ2e40tBD

/TncBJM=

cce END X509 CRL-----

0 146: SEQUENCE (
3 65: SEQUENCE (

5 ЛЕ
8 10:
10 8:

20 18:
2/2 2E:
24 14:
26 ЗЕ
31 е

48 13:
55 13:

ІМТЕСЕК 1
SEQUENCE 4
OBJECT IDENTIFIER "12 643 7 1 1 3 2'

)
SEQUENCE 4
SET (
SEQUENCE (
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

}

}
UTCTime 01/01/2014 00:00:00 GMT
UTCTime 02/01/2014 00:00:00 GMT

i )
70 10: SEQUENCE {

72 8:

OBJECT IDENTIFIER 12 643 7 1 1 3 2'

}
82 65: BIT STRING

42 BF 39 2А 14 D3 ЕВ Е9 57 АҒ ЗЕ 46 СВ 50 BF 5F
42 21 А0 03 AD 3D 17 27 53 C9 ДА 9C 37 АЗ 1D 20
41 AA 28 D2 F1 AB 14 82 80 CD 9E D5 6F ED A4 19
74 05 35 54 А4 27 67 ВВ ЗА DO 43 FD 39 DC 04 93

March 2022

D.2. GOST R 34.10-2012 TC26-256-A Parameters (256-Bit Private Key Length)
This example uses the curve defined in Appendix A.2 of [RFC7836].

The private key is

d = @x3A929ADE789BB9BE19ED359DD39A72C1 \ \
0B87C83F80BE18B85C041F4325B62EC1

Baryshkov, et al.

Informational

Page 24

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

The public key is

х
П

@x99C3DF265EA59350640BA69D1DE04418\ \

AF3FEAO03ECOF85F2DD84E8BED4952774

Q@xE218631A69C47C122E2D516DA1CO9E6B \ \

D19344D94389D1F16COCA4DADCF96F578

D.2.1. Certificate Request

-BEGIN CERTIFICATE REQUEST
MIHKMHKCAQAwE j EQMA4GA1UEAxMHRXhhbXBsZTBeMBcGCCqFAwcBAQEBMAsGCSqF
AwCBAgEBAQNDAARAdCeV1L70ohN3yhQ/sA-*o/rxhE4B2dpgtkUJOlXibfw5149ZbP
TUOMbPHRiUPZRJPRa57A0W1RLSASfMRpGmMYA4qAAMAoGCCqFAwcBAQMCAOEAGO9wq
Exdnm2Y jL2PqFv98ZMyqua2FX8bhgJFmHbedSBIdDh21vjR8bxtSVseurCAK1krH

85 OF
93 A5
D1 89
7C C4

FF
9D
AC
6E

7C
48
20
E7

em9bOg4Jcxjnrm7naQ--
SEE END СЕКТІҒІСАТЕ REQUEST-----
0 202: SEQUENCE 4
СТР SEQUENCE {
5 ДЕС ІМТЕСЕК 0
8 18: SEQUENCE (
10 16: SET (
Пола SEQUENCE 4
ЕЕ ЖБ OBJECT IDENTIFIER commonName (2 5 4 3)
19 Te PrintableString 'Example'
: )
: }
28 94: SEQUENCE {
30 23: SEQUENCE {
32 8: OBJECT IDENTIFIER '1 2 643 7
220 SEQUENCE (
44 9: OBJECT IDENTIFIER '1 2 643
; }
: )
55) (6: ВІТ STRING, encapsulates (
58 64: OCTET STRING
: 74 27 95 04 ВЕ E8 84 DD F2
: 18 44 Ед 1D 9D А6 ОВ 64 50
= 78 F5 96 CF 4р 40 ВС 6C F1
: CBO ESCORAIM OGD AS Т ОРЕОЕЯ
З )
: )
124 0: [e] 0
: )
126 10: SEQUENCE {
128 8: OBJECT IDENTIFIER '1 2 643 7 1
: )
138 65 ВІТ STRING
Вер ZAR 131767 ЗОВ 66: 23; 2 63
СС AA B9 AD 85 5F C6 E1 80 91 66
1D ВЕ 1D A5 ВЕ 34 7C 6F 1B 52 56
D6 4A C7 7A 6F 5B 3A 0E 09 73 18
)
Baryshkov, et al. Informational

EA
DF
44
63

64
12
0A
69

3F AF
C3 99
93 D1
18 E2

March 2022

Page 25

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

D.2.2. Certificate

Baryshkov, et al. Informational Page 26

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012

спада BEGIN CERTIFICATE-----
MIIBJTCB06ADAgECAgEKMAoGCCqFAwcBAQMCMBIxEDAOBgNVBAMTBOVAYW1wbGUw
IBcNMDEwMTAxMDAwMDAwWhgPMj A1MDEyMzEwMDAwMDBaMBIXEDAOBgNVBAMTBOVA
YW1wbGUwXj AXBggqhQMHAQEBATALBgkqhQMHAQIBAQEDQwAEQHQn1dS+6ITd80UP
7APqP68YROAdnaYLZFCTpV4m380ZePWWzO1NDGzxO0Y1D2USTOWuewKF tUSOuEnzE
aRpjGOKjEzARMA8GA1UdEWEB /WwQFMAMBAf8wCgYIKoUDBWEBAWIDQQAUCO2pEksJ
yw1c6Sjuh@JzoxAS1JLsDik2nj t5EkhX j BOOHaW+NHxvG1JWx66sTArWSsd6b1s6
DglzGOeubudp

Eu END CERTIFICATE-----

0 293: SEQUENCE (
4 211: SEQUENCE {

7 3: [0]
9 ЛЕ INTEGER 2
: }
12 ДЕ INTEGER 10
15 10: SEQUENCE 4
17 8: OBJECTS ӘЕМІНЕЛТЕРЕ МІР 264 ИЗ РИ
: )
2 А Өр SEQUENCE 5
29 16: SET 4
И SEQUENCE 4
33 oe OBJECT IDENTIFIER commonName (2 5 4 3)
38 TE PrintableString 'Example'
)
< )
27553257 SEQUENCE (
49 13: UTCTime 01/01/2001 00:00:00 GMT
64% Шығ GeneralizedTime 31/12/2050 00:00:00 GMT
4 )
ӨЛІ ats SEQUENCE 5
83 16: БЕЛЕ
85 14: SEQUENCE 4
87 3s OBJECT IDENTIFIER commonName (2 5 4 3)
92 ps PrintableString 'Example'
)
: }
101 94: SEQUENCE 4
103 23: SEQUENCE 5
105 9 ОВЈЕСЛТРЕМТЕТЕТЕВ У 2643 ТЕТ
Uae ТИТЕ: SEQUENCE 5
117 9: OBJECIMIDENTTIETER 12 64367162810
: )
4 )
128 67: ВІТ STRING, encapsulates 4
151004 OCTET STRING
2 74 27 95 DA ВЕ Е8 84 DD F2 85 ОҒ ЕС 03 EA ЗЕ АҒ
18 44 Ед 1р 9D Аб ОВ 64 50 93 А5 БЕ 26 DF СЗ 99
78 F5 96 CF 4D 40 ВС 6C F1 D1 89 43 09 44 93 рт
6В SE CO АЛ 60:51 20 2Е 12 ССА 69 ТА 63 18. E2
)
5 )
197 19: ТЕҢІЗІ
199 17: SEQUENCE 5
201 15: SEQUENCE 4
Baryshkov, et al. Informational

March 2022

Page 27

КЕС9215

203
208
211
243
215

218
220

230

— 0001 ©

све

PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

OBJECT IDENTIFIER basicConstraints (2 5 29 19)
BOOLEAN TRUE
OCTET STRING, encapsulates 4
SEQUENCE (
BOOLEAN TRUE

)
SEQUENCE (
OBJECT IDENTIFIER "12 643 7 1 1 3 2'

)

BIT STRING
14 ӨВ 4р A9 12 4B 09 СВ Өр 5C Е9 28 EE 87 42 73
A3 10 12 94 92 EC 0E 29 36 9E 3B 79 12 48 57 8C
1D OE 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A
D6 4A C7 7A 6F 5B ЗА ВЕ 09 73 18 E7 AE 6E E7 69

D.2.3. Certificate Revocation List

565u52k-

0 146:
651
Пе
10:
8

3
5
8
10

20
22
24
26
31

40
55

70
72

82

Baryshkov, et al.

BEGIN X509 CRL-----

MIGSMEECAQEwCgY IKoUDBwEBAwIwE jEQMA4GA1UEAxMHRXhhbXBsZRCNMTQwMTAx
MDAwMDAwWhcNMTQwMTAyMDAwMDAwW;j AKBggqhQMHAQEDAgNBABS9aAh805A8eqKL
B/6y571v4JY/Vj JnNZ9c20q0UFmtHQA4dpb40f G8bU1bHrqwgCtZKx3pvWzoOCXMY

END X509 CRL-----

1:87
N6:
14:
Зе:
Te

SEQUENCE {

SEQUENCE {
INTEGER 1
SEQUENCE {
OBJECT IDENTIFIER '1 2 643 7 1 1 3 2'

}
SEQUENCE {
SET {
SEQUENCE {
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

}
UTCTime 01/01/2014 00:00:00 GMT
UTCTime 02/01/2014 00:00:00 GMT

}
SEQUENCE {
OBJECT IDENTIFIER '1 2 643 7 1 1 3 2'

}

BIT STRING
14 BD 68 08 7C 3B 90 3C 7A А2 8B 07 FE В2 E7 BD
6F Ед 96 ЗЕ 56 32 67 35 9Ғ 5C D8 EA В4 50 59 AD
1D OE 1D A5 BE 34 7C 6F 1B 52 56 C7 AE AC 20 0A
D6 4A C7 7A 6F 5B ЗА ВЕ 09 73 18 E7 AE 6E E7 69

Informational Page 28

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

D.3. GOST R 34.10-2012 Test Parameters (512-Bit Private Key Length)

This example uses the curve defined in Appendix E.

The private key is

d = 0x0BA6048AADAE241BA40936D47756D7C9NN
3091A0E8514669700EE7508E508B1020V V
72E8123B2200A0563322DAD2827E2714\\
A2636B7BFD18AADFC62967821FA18DD4

The public key is

@x115DC5BC96760C7B48598D8AB9E74@D4 \ \
C4A85A65BE33C1815B5C320C854621DD\\
5A515856D13314AF69BC5B924C8B4DDF \ \
F75C45415C1D9DD9DD33612CD530EFE1

х
П

y = 0x37C7C90CDA40B0OF5621DC3AC1B751CFA0N^
E2634FA0503B3D52639F5D7FB72AFD61^^
EA199441D943FFE7F0C70A2759A3CDB8VN*
4C114E1F9339FDF27F35ECA93677BEEC

Baryshkov, et al. Informational Page 29

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

D.3.1. Certificate Request

Baryshkov, et al. Informational Page 30

КЕС9215

с642

193

195
197

207

Baryshkov, et al.

PKIX: GOST R 34.10-2012, 34.11-2012

-BEGIN CERTIFICATE REQUEST-----

MIIBTzCBvAIBADASMRAwDgYDVQQDEwdFeGFtcGx1MIGgMBcGCCqFAwcBAQECMAsG
CSqFAwcBAgECAAOBhAAEgYDh7zDVLGEz3dmdHVXxBRVz3302LTJJbvGmvFDPRVIhR
WtOhRoUMMlxbgcEzvmVaqMTUQOe5io1ZSHsMdpa8xVOR7L53NqnsNX/y/ TmTHOAR
TLjNo1knCsfw5/9D2UGUGeph/Sq3f12fY11901CgT2PioM9Rt8E63CFWDwvUDMnH
N6AAMAoGCCqFAwcBAQMDAA4GBAEM7HWzKCIHXx5XN-7sWqixoOCmkBbnZEn4hJg/J1q
wF2HvyTibEUnilwhkqdbqUmTq9YHTn/xvwP9L10Xr6HZRVgvhvpgoIEJGiPdeV4e
PGie5RKj yC7g3MJkPHj ugPys@1SSVYSGsg8cnsGXyQaZhQJgyTvLzZxcMxfhk@Th

339:
188:
Ts
18:
16:
14

129:

SEQUENCE 4
SEQUENCE 4
ІМТЕСЕК 0
SEQUENCE 4
SET 4
SEQUENCE 4
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

)
)
SEQUENCE (
SEQUENCE (
OBJECT IDENTIFIER '1 2 643 7 1 1 1 2'
SEQUENCE (
OBJECT IDENTIFIER '12 643 7 1 2 12 8"

}

}
BIT STRING, encapsulates {

OCTET STRING
ЕП "ЕЕ ЗЙИрЫ>2 261 333 DDSD9.29DSTD$E5CiE АТ 45956
DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51
DD 21 46 85 0C 32 5C 5B 81 C1 33 ВЕ 65 5A А8
D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D
ЕС ВЕ 77 36 А9 ЕСРЭБТЛЕ ЕФ “Ере 39593 MIE TAEI
B8 CD АЗ 59 27 OA C7 Е Е7 FF 43 09 41 94 19
61 FD 2A B7 7F 5D 9Ғ 63 52 30 ЗВ 50 А0 4Е 63
Ад СЕ 51 B7 C1 ЗА DC 21 56 OF ВВ 04 ВС C9 C7

}
}
[0] {}
}

SEQUENCE {
OBJECT IDENTIFIER '1 2 643 7 1 1 3 3'

}
BIT STRING

43 3B 1D 6C EA 0A 51 F1 E5 73 7E B1 6A A2 C6 83
82 9A 40 5B 9D 91 27 E2 12 60 FC 9D 6A C0 5D 87
BF 24 E2 6C 45 27 8A 5C 21 92 A7 5B A9 49 93 AB
06 07 ДЕ 7F F1 BF ӨЗ FD 2Ғ 53 97 AF АТ 09 45 58
2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E
E5 12 АЗ C8 2E Ед DC C2 64 ЗС 78 ЕЕ A8 FC АС рз
54 92 55 84 86 B2 OF 1C 9E C1 97 C9 06 99 85 02
60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36

Informational

F7
5A
C4
11
АС
ЕА
Е2
37.

March 2022

Page 31

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

D.3.2. Certificate

Baryshkov, et al. Informational Page 32

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012

See BEGIN CERTIFICATE-----
MIIBqjCCARagAwIBAgIBCzAKBggqhQMHAQEDAzASMRAwDgYDVQQDEwdF eGF t cGx1
MCAXDTAXMDEwWMT AWMDAWMF oYDzIwNTAxM jMxMDAWMDAWWj ASMRAwDgYDVQQDEwdF
eGFtcGx1MIGgMBcGCCqFAwcBAQECMASGCSqF AwcBAgECAAOBhAAEgYDh7zDVLGEz
3dmdHVxBRVz3302LTJJbvGmvFDPRVLhRWt@hROUMM1xbgcEzvmVaqMTUQ0e5i01Z
SHsMdpa8xVOR7L53NqnsNX/y/TmTHOARTL jNo1knCsfw5/9D2UGUGeph/Sq3f12f
Y11901CgT2PioM9Rt8bE63CFWDwvUDMnHN6MTMBEwDwYDVROTAOH / BAUWAWEB / ZAK
BggqhQMHAQEDAWOBgQBBVwPYkvG18/aMQ1MYmn7iB7gLVjHvnU1Smk1rVCws+hWq
LqzxH@cP3n2VSFaQPDX9 ј 5Ve8wDZXHdTSnJKDu5wL4b6YKCBCRoj3X1leHjxonuUS
o8gu4NzCZDx47qj8rNNUKIWEhrIPHJ7B18kGmYUCYMk7y82cXDMX4ZNE4XOuNg==
Базе END CERTIFICATE-----

0 426: SEQUENCE (
4 278: SEQUENCE (

8 3: [e]
10 16 ІМТЕСЕВ 2
Е )
13 ПЕ ІМТЕСЕК 11
16 10: SEQUENCE 4
18 8: OBJECTREDENTILELER ЛІ 25 ОЛЗ З ЕЗ:
; )
28 18: SEQUENCE 5
30 16: SET 4
32 T4: SEQUENCE {
ske LES OBJECT IDENTIFIER commonName (2 5 4 3)
39 ie PrintableString 'Example'
}
з )
48 32: SEQUENCE 5
50 13: UTCTime 01/01/2001 00:00:00 GMT
655 GeneralizedTime 31/12/2050 00:00:00 GMT
: )
82 18: SEQUENCE {
84 16: SET (
86 14: SEQUENCE (
88 ЗЕ OBJECT IDENTIFIER commonName (2 5 4 3)
93 VE PrintableString 'Example'
)
; )
102 160: SEQUENCE {
NOS 52365 SEQUENCE 5
107 8: OBJEGTSCEDENITIEEIDERSSS2450499 72019191125
TAE - AES SEQUENCE 4
119 9: OBJECT IDENTIFIER 12 643 7 1 2 1 2 @'
}
}
138 132: BIT STRING, encapsulates 4
134 128: OCTET STRING
: ЕЛ ЕЕ За В5 2 6332 DDE DOSODS IDÉES CRIS ESC
DF 4D 8B 4C 92 5B BC 69 AF 14 33 D1 56 58 51
DD 21 46 85 0C 32 5C 5B 81 C1 33 BE 65 5A А8
D4 40 E7 B9 8A 8D 59 48 7B 0C 76 96 BC C5 5D
ЕС ВЕ 77 36 А9 ЕС 35 ИБЛЕФ ЕВ 39:93 ПЕТДЕСЛЯ
B8 CD АЗ 59 27 OA C7 F0 E7 FF 43 09 41 94 19
61 FD 2A B7 7F 5D 9Ғ 63 52 Зр ЗВ 50 АӨ ДЕ 63
Baryshkov, et al. Informational

E7
5A
C4
iil
АС
ЕА
Е2

Магсһ 2022

Page 33

RFC 9215
265 19:
267 17:
269 15:
271 gc
276 1:
279 Ds:
281 3:
283 1:
286 10:
288 8:
298 129:

Baryshkov, et al.

ге:

}
}
] {

SEQUENCE {

Ай CF 51 B7 C1 3A DC 21 56 OF OB D4 0C C9 C7 37

PKIX: GOST R 34.10-2012, 34.11-2012

SEQUENCE (

OBJECT IDENTIFIER basicConstraints (2 5 29 19)
BOOLEAN TRUE

OCTET STRING,

)
SEQUENCE (
OBJECT IDENTIFIER

)
ВІТ STRING

41
07
15
Ер
2Ғ
ЕБ
54
60

57
В8
АА
8F
86
12
92
C9

03
OB
2Е
95
ҒА
АЗ
55
3B

SEQUENCE 4

encapsulates 4

BOOLEAN TRUE

D8
56
AC
5E
60
C8
84
CB

92
31
F1
F3
AQ
2E
86
CD

F1
EF
1F
да
81
EO
B2
9C

'1

A5
9D
47
D9
09
DC
OF
5C

Informational

2 643711

ЕЗ
49
OF
5C
1A
C2
1C
33

F6
52
DE
77
23
64
9E
17

8C
9A
7D
53
DD
3C
C1
E1

43
40
95
4A
79
78
97
93

9A
2C
90
QE
3C
FC
99
73

7Е
2C
3C
EE
68
AC
85
AE

E2
FA
35
70
9E
D3
02
36

March 2022

Page34

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

D.3.3. Certificate Revocation List

Om 2 1и
65:2
1
10:
8:

3
5
8
10

20
22
24
26
31

Appendix E. GOST К 34.10-2012 Test Parameters (Curve

BEGIN X509 CRL-----

MIHTMEECAQEwCgY IKoUDBwE BAwMwE | EQMA4GA1UEAxMHRXhhbXBsZRCNMTQwMTAx
MDAWMDAWWhcNMTQwMTAyMDAWMDAwWj AKBggqhQMHAQEDAWOBgQA6E/t67NtVY072
E3z8XdZGkXMuv7NpCh/Ax+ik7uoIMH1kjU3AmGxGqHs/vkx69C6jQ1nHIZVMo5/z
q77ZBR9NLA4b6YKCBCRoj3X1eHjxonuUSo8gu4NzCZDx47qj 8rNNUKIWEhrIPHJ7B
18kGmYUCYMk7y82cXDMX4ZNE4XOuNg==

END X509 CRL-----

18:
16:
14:
SE
е

SEQUENCE 4
SEQUENCE 4
ІМТЕСЕК 1
SEQUENCE 4
OBJECT IDENTIFIER '12 643 7 1 1 3 3'

}
SEQUENCE 4
SET {
SEQUENCE 4
OBJECT IDENTIFIER commonName (2 5 4 3)
PrintableString 'Example'

}

)
UTCTime 01/01/2014 00:00:00 GMT
UTCTime 02/01/2014 00:00:00 GMT

)
SEQUENCE (
OBJECT IDENTIFIER '12 643 7 1 1 3 3'

}
BIT STRING

3A 13 FB 7A EC DB 55 60 EE F6 13 7C FC 5D D6 46
91 73 2Е BF ВЗ 69 0A ТЕ CO C7 ЕЗ A4 EE EA 08 30
7D 64 8D 40 СӨ 98 6C 46 АЗ 7B ЗЕ BE 4C 7A F4 2E
АЗ 43 59 C7 95 95 4C АЗ 9F ҒЗ АВ BE 09 05 ТЕ 40
2F 86 FA 60 A0 81 09 1A 23 DD 79 5E 1E 3C 68 9E
E5 12 АЗ C8 2E Ед DC C2 64 ЗС 78 ЕЕ A8 FC АС D3
54 92 55 84 86 B2 OF 1C 9E C1 97 C9 06 99 85 02
60 C9 3B CB CD 9C 5C 33 17 E1 93 44 E1 73 AE 36

Definition)

The following parameters must be used for digital signature generation and verification.

E.1. Elliptic Curve Modulus

The following value is assigned to parameter p in this example:

Baryshkov, et al.

Informational

March 2022

Page 35

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

36239861022290036359077887536838743060213209255346786050N^
86546150450856166624002482588482022271496854025090823603VN
058735163734263822371964987228582907372403

0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04DAEB7CVN
09B5D2D15DF1D852741AF4704A40458047E80E4546D35B8336FAC22N^
4DD81664BBF528BE6373

E.2. Elliptic Curve Coefficients

Parameters a and b take the following values in this example:

0x7

15186550692108285345089500347140431549287475277402064361^N^
94018823352809982443793732829756914785974674866041605397\\
883677596626326413990136959047435811826396

Ox1CFF0806A31116DA29D8CFA54E57EB748BC5F377E49400FDD788B6^N
49ECA1AC4361834013B2AD7322480A89CA58E0CF74BC9E540C2ADDVN^
6897FAD0A3084F302ADC

E.3. Elliptic Curve Points Group Order

Parameter m takes the following value in this example:

36239861022290036359077887536838743060213209255346786050N^
86546150450856166623969164898305032863068499961404079437NN
936585455865192212970734808812618120619743

0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04DAEB7CVN
09B5D2D15DA82F2D7ECB1DBAC719905C5EECCA23F1D86E25EDBE23N^
C595D644AAF187E6E6DF

E.4. Order of Cyclic Subgroup of Elliptic Curve Points Group

Parameter q takes the following value in this example:

Baryshkov, et al. Informational

March 2022

Page 36

КЕС9215

PKIX: GOST R 34.10-2012, 34.11-2012

36239861022290036359077887536838743060213209255346786050N^
86546150450856166623969164898305032863068499961404079437VNN
936585455865192212970734808812618120619743

0x4531ACD1FE0023C7550D267B6B2FEE80922B14B2FFB90F04DAEB7CVN
89B5D2D15DA82F2D7ECB1DBAC719905C5EECC423F 1D86E25EDBE23\ \
C595D644AAF187E6E6DF

E.5. Elliptic Curve Point Coordinates

Point P coordinates take the following values in this example:

19283569440670228493993094012431375989977866354595079743NV
57075491307766592685835441065557681003184874819658004903N^
212332884252335830250729527632383493573274

0x24D19CC64572bEE30F396BF6EBBFD7A6C5213B3B3D7057CC825F910VN
93A468CD762FD60611262CD838DC6B60AA7EEE804E28BC849977FACNN
33B4B530F1B120248A9A

22887286933719728599700121555294784163535623273295061803VN^
14497425931102860301572814141997072271708807066593850650N^
334152381857347798885864807605098724013854

0x2BB312A43BD2CE6E0D020613C857ACDDCFBF061E91E5F2C3F32447NN
C259F39B2C83AB156D77F1496BF7EB3351E1EEA4EA43DC1A18B91B24N^
640B6DBB92CB1ADD371E

Contributors

Semen Pianov
InfoTeCS JSC
Email: Semen.Pianov@infotecs.ru

Ekaterina Karelina
InfoTeCS JSC
Email: Ekaterina.Karelina@infotecs.ru

Dmitry Belyavsky
Cryptocom
Email: beldmit@gmail.com

Baryshkov, et al. Informational

March 2022

Page 37

КЕС9215 PKIX: GOST R 34.10-2012, 34.11-2012 March 2022

Authors' Addresses

Dmitry Baryshkov (EDITOR)
Linaro Ltd.

Harston Mill Royston Rd
Harston, Cambridge

CB227GG

United Kingdom

Email: dbaryshkov@gmail.com

Vasily Nikolaev

CryptoPro

18, Suschevsky val

Moscow

127018

Russian Federation

Phone: +7 (495) 995-48-20
Email: nikolaev@cryptopro.ru

Alexander Chelpanov
InfoTeCS JSC
Email: Aleksandr.Chelpanov@infotecs.ru

Baryshkov, et al. Informational Page 38