bcgit
The oid of the wapip192v1 curve in GMObjectIdentifiers.java is wrong
Hello
According to the definition 《WAPI Certificate Management Part 5: Certificate Format Example》 , the oid of the wapi curve should be 1.2.156.11235.1.1.2.1
Dear zzhouxq,
We greatly appreciate your support for our endeavours. Your inquiry and the provided reference document have not gone unnoticed.
We have observed that the OID 1.2.156.10197.1.301.101 is acknowledged in certain OID databases [1-2]. However, it has not been documented in the official records of the Chinese Cryptography Standardization Technology Committee (CCSTC). Specifically, the standard titled "Information security technology—Cryptographic application identifier criterion specification" [3] does not encompass OIDs ending with 101. Given these considerations, we have decided to retain the OID value.
We extend our gratitude for furnishing the draft standard "WAPI certificate management—Part 5: Example of certificate format (draft version)" [4]. Within this standard, on pages 9 and 10, it is indicated that 1.2.156.11235.1.1.1 is designated for the ECDSA-192 algorithm paired with SHA-256, and 1.2.156.11235.1.1.2.1 is allocated to the elliptic curve parameter field. While we have taken note of statements resembling yours in certain documentation [5], asserting that 1.2.156.11235.1.1.2.1 is meant for the WAPI elliptic curve and that 1.2.156.11235.1.1.1 signifies the ECDSA signature algorithm with SHA-256, we feel compelled to align ourselves with the official standard's interpretation. Consequently, we will designate 1.2.156.11235.1.1.1 for the ECDSA-192 algorithm with SHA-256, and allocate 1.2.156.11235.1.1.2.1 to the elliptic curve parameter field.
Once again, we appreciate your engagement and your valuable input. We are open to any further questions or discussions you may have.
Best regards,
用户zzhouxq 您好,
非常感谢您对我们工作的支持,我们非常感激您提交的问题以及提供的相关文件作为佐证。
我们注意到,在一些OID数据库[1-2]中包含1.2.156.10197.1.301.101,但在中国密码学标准化技术委员会(CCSTC)的官方标准《信息安全技术—密码应用标识准则规范》[3] 第21页并未记录以101结尾的OID。基于这两个事实,我们决定保留这个OID值。
感谢您提供标准《WAPI证书管理—第5部分:证书格式示例(草案版本)》[4]。该标准在第9页和第10页指出,1.2.156.11235.1.1.1标识基于SHA-256的ECDSA-192算法,而1.2.156.11235.1.1.2.1标识椭圆曲线参数字段。我们注意到一些文献[5]与您类似的使用,将1.2.156.11235.1.1.2.1标识WAPI椭圆曲线算法,1.2.156.11235.1.1.1标识基于SHA-256的ECDSA签名算法。然而,基于我们对官方标准的理解,我们将采用1.2.156.11235.1.1.1作为带有SHA-256的ECDSA-192算法,并将1.2.156.11235.1.1.2.1用于椭圆曲线参数字段。
再次感谢您的参与和宝贵的意见。我们欢迎您提出任何其他问题或进一步的讨论。 顺颂商祺
Reference: [1] http://oid-info.com/cgi-bin/display?oid=1.2.156.10197.1.301.101&a=display [2] https://github.com/IonicDev/ecc-explorer/blob/develop/curveData.json [3] Information security technology—Cryptographic application identifier criterion specification, CCSTC, published on 1st December 2017, url: http://c.gb688.cn/bzgk/gb/showGb?type=online&hcno=252CF0F72A7BE339A56DEA7D774E8994. [4] WAPI certificate management—Part 5: Example of certificate format (draft), China Broadband Wireless "IP" Standard Group, published on 20th December 2011, url: http://www.chinabwips.org.cn/doc/101.pdf [5] http://blackberry.com/developers/docs/6.0.0api/net/rim/device/api/crypto/oid/OIDs.html
