Valid hash algorithms for X.509 certificates

Simon Josefsson simon at josefsson.org
Mon Jan 5 14:39:29 CET 2009


"David Marín Carreño" <davefx at gmail.com> writes:

> Related with the MD5 issue, if I am not wrong, currently the only
> interoperable hash algorithm for use with X.509 algorithms is SHA-1.

Right.

> However, in the document [0] it is said that SHA-1 will probably
> follow the same fate in a not very long time.
>
> SHA-2 is currently allowed in standard X.509 certificates according to
> RFC 4055, but only if RSASSA-PSS is used (at least, I understand it
> that way).

No, I believe RFC 4055 also defines SHA-2 for PKCSv1.5 (e.g., pre-PSS),
see section 5 of the document.

> Also, a new document "Internet X.509 Public Key Infrastructure:
> Additional Algorithms and Identifiers for DSA and ECDSA"[1] is under
> development, that includes SHA-2 hashing only when the certificate
> uses DSA or ECDSA...

Right.  That is DSA2.

> Does anyone know if the IETF is preparing a revision or update to RFC
> 3279 for deprecating (officially) MD2 and MD5 and including SHA-2 (or
> other algorithms) as a proposed "standard" for all kinds of public
> keys?
>
> [0] http://www.win.tue.nl/hashclash/rogue-ca/
> [1] http://tools.ietf.org/html/draft-ietf-pkix-sha2-dsa-ecdsa-05

I believe SHA-2 is already taken care of with RFC 4055.  MD2 and MD5 are
discouraged by RFC 3279 already, and I'm not sure any stronger words
will make much practical difference.

GnuTLS should support RSA SHA-2 since v2.0.  There is a self-test
tests/sha2/ that create a RSA X.509 certificate chain signed using some
SHA-2 algorithms:

Certificate[0]: CN=End-user
	Issued by: CN=SHA 256 sub-sub-CA
	Verifying against certificate[1].
	Verification output: Verified.

Certificate[1]: CN=SHA 256 sub-sub-CA
	Issued by: CN=SHA 384 sub-CA
	Verifying against certificate[2].
	Verification output: Verified.

Certificate[2]: CN=SHA 384 sub-CA
	Issued by: CN=SHA 512 CA
	Verifying against certificate[3].
	Verification output: Verified.

Certificate[3]: CN=SHA 512 CA
	Issued by: CN=SHA 512 CA
	Verification output: Verified.

Test OK

/Simon





More information about the Gnutls-devel mailing list