Home   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z  

Portable Symmetric Key Container (PSKC) :: RFC6030








Internet Engineering Task Force (IETF)                          P. Hoyer
Request for Comments: 6030                                 ActivIdentity
Category: Standards Track                                         M. Pei
ISSN: 2070-1721                                                 VeriSign
                                                              S. Machani
                                                              Diversinet
                                                            October 2010


                Portable Symmetric Key Container (PSKC)

Abstract

   This document specifies a symmetric key format for the transport and
   provisioning of symmetric keys to different types of crypto modules.
   For example, One-Time Password (OTP) shared secrets or symmetric
   cryptographic keys to strong authentication devices.  A standard key
   transport format enables enterprises to deploy best-of-breed
   solutions combining components from different vendors into the same
   infrastructure.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6030.

















Hoyer, et al.                Standards Track                    [Page 1]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


Copyright Notice

   Copyright (c) 2010 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1. Introduction ....................................................4
      1.1. Key Words ..................................................4
      1.2. Version Support ............................................4
      1.3. Namespace Identifiers ......................................5
           1.3.1. Defined Identifiers .................................5
           1.3.2. Referenced Identifiers ..............................5
   2. Terminology .....................................................6
   3. Portable Key Container Entities Overview and Relationships ......6
   4.  Element: The Basics ..............................8
      4.1. : Embedding Keying Material and Key-Related
           Information ................................................8
      4.2. Key Value Encoding ........................................10
           4.2.1. AES Key Value Encoding .............................11
           4.2.2. Triple-DES Key Value Encoding ......................11
      4.3. Transmission of Supplementary Information .................12
           4.3.1.  Element: Unique Device
                  Identification .....................................13
           4.3.2.  Element: CryptoModule
                  Identification .....................................15
           4.3.3.  Element: User Identification ..............15
           4.3.4.  Element:
                  Supplementary Information for OTP and CR Algorithms 15
      4.4. Transmission of Key Derivation Values .....................17
   5. Key Policy .....................................................19
      5.1. PIN Algorithm Definition ..................................23
   6. Key Protection Methods .........................................23
      6.1. Encryption Based on Pre-Shared Keys .......................24
           6.1.1. MAC Method .........................................26
      6.2. Encryption Based on Passphrase-Based Keys .................27
      6.3. Encryption Based on Asymmetric Keys .......................29




Hoyer, et al.                Standards Track                    [Page 2]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


      6.4. Padding of Encrypted Values for Non-Padded
           Encryption Algorithms .....................................31
   7. Digital Signature ..............................................31
   8. Bulk Provisioning ..............................................33
   9. Extensibility ..................................................35
   10. PSKC Algorithm Profile ........................................36
      10.1. HOTP .....................................................36
      10.2. PIN ......................................................37
   11. XML Schema ....................................................38
   12. IANA Considerations ...........................................44
      12.1. Content-Type Registration for 'application/pskc+xml' .....44
      12.2. XML Schema Registration ..................................45
      12.3. URN Sub-Namespace Registration ...........................46
      12.4. PSKC Algorithm Profile Registry ..........................46
      12.5. PSKC Version Registry ....................................47
      12.6. Key Usage Registry .......................................47
   13. Security Considerations .......................................48
      13.1. PSKC Confidentiality .....................................49
      13.2. PSKC Integrity ...........................................50
      13.3. PSKC Authenticity ........................................50
   14. Contributors ..................................................50
   15. Acknowledgements ..............................................50
   16. References ....................................................51
      16.1. Normative References .....................................51
      16.2. Informative References ...................................52
   Appendix A.  Use Cases ............................................54
     A.1.  Online Use Cases ..........................................54
       A.1.1.  Transport of Keys from Server to Cryptographic
               Module ................................................54
       A.1.2.  Transport of Keys from Cryptographic Module to
               Cryptographic Module ..................................54
       A.1.3.  Transport of Keys from Cryptographic Module to
               Server ................................................55
       A.1.4.  Server-to-Server Bulk Import/Export of Keys ...........55
     A.2.  Offline Use Cases .........................................55
       A.2.1.  Server-to-Server Bulk Import/Export of Keys ...........55
   Appendix B.  Requirements .........................................56














Hoyer, et al.                Standards Track                    [Page 3]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


1.  Introduction

   With the increasing use of symmetric-key-based systems, such as
   encryption of data at rest or systems used for strong authentication,
   such as those based on One-Time Password (OTP) and Challenge/Response
   (CR) mechanisms, there is a need for vendor interoperability and a
   standard format for importing and exporting (provisioning) symmetric
   keys.  For instance, traditionally, vendors of authentication servers
   and service providers have used proprietary formats for importing and
   exporting these keys into their systems, thus making it hard to use
   tokens from two different vendors.

   This document defines a standardized XML-based key container, called
   Portable Symmetric Key Container (PSKC), for transporting symmetric
   keys and key-related metadata.  The document also specifies the
   information elements that are required when the symmetric key is
   utilized for specific purposes, such as the initial counter in the
   HMAC-Based One-Time Password (HOTP) [HOTP] algorithm.  It also
   creates an IANA registry for algorithm profiles where algorithms,
   their metadata and PSKC transmission profile can be recorded for a
   centralized, standardized reference.

1.1.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

1.2.  Version Support

   There is a provision made in the syntax for an explicit version
   number.  Only version "1.0" is currently specified.

   The numbering scheme for PSKC versions is ".".  The
   major and minor numbers MUST be treated as separate integers and each
   number MAY be incremented higher than a single digit.  Thus, "PSKC
   2.4" would be a lower version than "PSKC 2.13", which in turn would
   be lower than "PSKC 12.3".  Leading zeros (e.g., "PSKC 6.01") MUST be
   ignored by recipients and MUST NOT be sent.

   The major version number should be incremented only if the message
   format (e.g., element structure) has changed so dramatically that an
   older version implementation would not be able to interoperate with a
   newer version.  The minor version number indicates new capabilities,
   and it MUST be ignored by an entity with a smaller minor version
   number but used for informational purposes by the entity with the
   larger minor version number.




Hoyer, et al.                Standards Track                    [Page 4]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


1.3.  Namespace Identifiers

   This document uses Uniform Resource Identifiers (URIs) [RFC3986] to
   identify resources, algorithms, and semantics.

1.3.1.  Defined Identifiers

   The XML namespace [XMLNS] URI for Version 1.0 of PSKC is:

   "urn:ietf:params:xml:ns:keyprov:pskc"

   References to qualified elements in the PSKC schema defined in this
   specification and used in the example use the prefix "pskc" (defined
   as xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc").  It is
   RECOMMENDED to use this namespace in implementations.

1.3.2.  Referenced Identifiers

   The PSKC syntax presented in this document relies on algorithm
   identifiers and elements defined in the XML Signature [XMLDSIG]
   namespace:

   xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

   References to the XML Signature namespace are represented by the
   prefix "ds".

   PSKC also relies on algorithm identifiers and elements defined in the
   XML Encryption [XMLENC] namespace:

   xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"

   References to the XML Encryption namespace are represented by the
   prefix "xenc".

   When protecting keys in transport with passphrase-based keys, PSKC
   also relies on the derived key element defined in the XML Encryption
   Version 1.1 [XMLENC11] namespace:

   xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"

   References to the XML Encryption Version 1.1 namespace are
   represented by the prefix "xenc11".

   When protecting keys in transport with passphrase-based keys, PSKC
   also relies on algorithm identifiers and elements defined in the PKCS
   #5 [PKCS5] namespace:




Hoyer, et al.                Standards Track                    [Page 5]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


   xmlns:pkcs5=
   "http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#"

   References to the PKCS #5 namespace are represented by the prefix
   "pkcs5".

2.  Terminology

   NOTE: In subsequent sections of the document, we highlight
   **mandatory** XML elements and attributes.  Optional elements and
   attributes are not explicitly indicated, i.e., if it does not say
   mandatory, it is optional.

3.  Portable Key Container Entities Overview and Relationships

   The portable key container is based on an XML schema definition and
   contains the following main conceptual entities:

   1.  KeyContainer entity - representing the container that carries a
       number of KeyPackage entities.  A valid container MUST carry at
       least one KeyPackage entity.

   2.  KeyPackage entity - representing the package of at most one key
       and its related provisioning endpoint or current usage endpoint,
       such as a physical or virtual device and a specific CryptoModule.

   3.  DeviceInfo entity - representing the information about the device
       and criteria to identify uniquely the device.

   4.  CryptoModuleInfo entity - representing the information about the
       CryptoModule where the keys reside or to which they are
       provisioned.

   5.  Key entity - representing the key transported or provisioned.

   6.  Data entity - representing a list of metadata related to the key,
       where the element name is the name of the metadata and its
       associated value is either in encrypted (for example, for 
       element ) or plaintext (for example, the  element
       ) form.

   Figure 1 shows the high-level structure of the PSKC data elements.









Hoyer, et al.                Standards Track                    [Page 6]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


      -----------------
      | KeyContainer  |
      |---------------|
      | EncryptionKey |
      | Signature     |
      | ...           |
      -----------------
              |
              |
             /|\ 1..n
      ----------------        ----------------
      | KeyPackage   |    0..1| DeviceInfo   |
      |--------------|--------|--------------|
      |              |--      | SerialNumber |
      ----------------  |     | Manufacturer |
              |         |     | ....         |
              |         |     ----------------
             /|\ 0..1   |
      ----------------  |     --------------------
      | Key          |  | 0..1| CryptoModuleInfo |
      |--------------|   -----|------------------|
      | Id           |        | Id               |
      | Algorithm    |        |....              |
      | UserId       |        --------------------
      | Policy       |
      | ....         |
      ----------------
              |
              |
             /|\ 0..n
          --------------------------------------- -  -
          |                     |              |
      ------------------  ----------------  -------- - -
      | Data:Secret    |  | Data:Counter |  | Data:other
      |----------------|  |--------------|  |-- - -
      | EncryptedValue |  | PlainValue   |
      | ValueMAC       |  ----------------
      ------------------

             Figure 1: PSKC Data Elements Relationship Diagram

   The following sections describe in detail all the entities and
   related XML schema elements and attributes.








Hoyer, et al.                Standards Track                    [Page 7]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


4.   Element: The Basics

   In its most basic form, a PSKC document uses the top-level element
    and a single  element to carry key
   information.

   The following example shows a simple PSKC document.  We will use it
   to describe the structure of the  element and its child
   elements.

   
   
       
           
               Issuer-A
               
                   
                       MTIzNA==
                       
                   
               
           
       
   

                Figure 2: Basic PSKC Key Container Example

   The attributes of the  element have the following
   semantics:

   'Version':  The 'Version' attribute is used to identify the version
      of the PSKC schema version.  This specification defines the
      initial version ("1.0") of the PSKC schema.  This attribute MUST
      be included.

   'Id':  The 'Id' attribute carries a unique identifier for the
      container.  As such, it helps to identify a specific key container
      in cases in which multiple containers are embedded in larger XML
      documents.

4.1.  : Embedding Keying Material and Key-Related Information

   The following attributes of the  element MUST be included at a
   minimum:




Hoyer, et al.                Standards Track                    [Page 8]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


   'Id':  This attribute carries a unique identifier for the symmetric
      key in the context of key provisioning exchanges between two
      parties.  This means that if PSKC is used in multiple interactions
      between a sending and receiving party, using different containers
      referencing the same keys, the 'Id' attribute of  MUST use
      the same value (e.g., after initial provisioning, if a system
      wants to update key metadata values in the other system, the value
      of the 'Id' attribute of the  where the metadata is to be
      updated MUST be the same of the original 'Id' attribute value
      provisioned).  The identifier is defined as a string of
      alphanumeric characters.

   'Algorithm':  This attribute contains a unique identifier for the
      PSKC algorithm profile.  This profile associates specific
      semantics to the elements and attributes contained in the 
      element.  This document describes profiles for open standards
      algorithms in Section 10.  Additional profiles are defined in the
      following informative document: [PSKC-ALGORITHM-PROFILES].

   The  element has a number of optional child elements.  An
   initial set is described below:

   :  This element represents the name of the party that issued
      the key.  For example, a bank "Foobar Bank, Inc." issuing hardware
      tokens to their retail banking users may set this element to
      'Foobar Bank, Inc.'.

   :  A human-readable name for the secret key for easier
      reference.  This element serves informational purposes only.  This
      element is a language-dependent string; hence, it SHOULD have an
      attribute xml:lang="xx" where xx is the language identifier as
      specified in [RFC5646].  If no xml:lang attribute is present,
      implementations MUST assume the language to be English as defined
      by setting the attribute value to 'en' (e.g., xml:lang="en").

   :  This element carries parameters that
      influence the result of the algorithmic computation, for example,
      response truncation and format in OTP and CR algorithms.  A more
      detailed discussion of the element can be found in Section 4.3.4.

   :  This element carries data about and related to the key.  The
      following child elements are defined for the  element:

      :  This element carries the value of the key itself in a
         binary representation.  Please see Section 4.2 for more details
         on Key Value Encoding.





Hoyer, et al.                Standards Track                    [Page 9]

RFC 6030         Portable Symmetric Key Container (PSKC)    October 2010


      :  This element contains the event counter for event-
         based OTP algorithms.

      

 

RFC, FYI, BCP