Welcome to GitHub Pages.
This automatic page generator is the easiest way to create beautiful pages for all of your projects. Author your page content here using GitHub Flavored Markdown, select a template crafted by a designer, and publish. After your page is generated, you can check out the new gh-pages
branch locally. If you’re using GitHub for Mac or GitHub for Windows, simply sync your repository and you’ll see the new branch.
Designer Templates
We’ve crafted some handsome templates for you to use. Go ahead and click 'Continue to layouts' to browse through them. You can easily go back to edit your page before publishing. After publishing your page, you can revisit the page generator and switch to another theme. Your Page content will be preserved.
Creating pages manually
If you prefer to not use the automatic generator, push a branch named gh-pages
to your repository to create a page manually. In addition to supporting regular HTML content, GitHub Pages support Jekyll, a simple, blog aware static site generator. Jekyll makes it easy to create site-wide headers and footers without having to copy them across every page. It also offers intelligent blog support and other advanced templating features.
Algorithms
This section discusses algorithms used with the SecJSON
specification. Entries contain the identifier to be used as the value of the
Algorithm
attribute of the EncryptionMethod
element
or other element representing the role of the algorithm, a reference to the
formal specification, definitions for the representation of keys and the
results of cryptographic operations where applicable, and general
applicability comments.
Key Transport
RSA Version 1.5
- Identifier:
- http://tiagomistral.github.io/SecJSON#rsa-1_5 (REQUIRED)
The RSAES-PKCS1-v1_5 algorithm, specified in RFC 2437 [PKCS1], takes no explicit parameters. An example of an
RSA Version 1.5 EncryptionMethod
element is:
"EncryptedMethod": { "Algorithm": "http://tiagomistral.github.io/SecJSON#rsa-1_5" }
The CipherValue
for such an encrypted key is the base64 [MIME] encoding of the octet string computed as per RFC
2437 [PKCS1, section 7.2.1: Encryption operation].
As specified in the EME-PKCS1-v1_5 function RFC 2437 [PKCS1, section 9.1.2.1], the value input to the key
transport function is as follows:
CRYPT ( PAD ( KEY ))
where the padding is of the following special form:
02 | PS* | 00 | key
where "|" is concatenation, "02" and "00" are fixed octets of the corresponding hexadecimal value, PS is a string of strong pseudo-random octets [RANDOM] at least eight octets long, containing no zero octets, and long enough that the value of the quantity being CRYPTed is one octet shorter than the RSA modulus, and "key" is the key being transported. The key is 192 bits for TRIPLEDES and 128, 192, or 256 bits for AES. Support of this key transport algorithm for transporting 192 bit keys is MANDATORY to implement. Support of this algorithm for transporting other keys is OPTIONAL. RSA-OAEP is RECOMMENDED for the transport of AES keys.
The resulting base64 [MIME] string is the value of
the child text node of the CipherData
element, e.g.
"CipherData": { "CipherValue": "Ad/F7DvLVc0NwmI7kS3JvMJE0Qh1Jf452hoe1FXVghjRimy7HcDjpZurM9+JSxlqSE0kY98xuqudosgXABdqDYz4NPqRXEsUVclx0JItyB/Jv7/qgHSG/hCh9cyZkf0yhpfbugiHLDvPhHLjCB/dUXoYEETHMWQ0mXbJGG3zyIJwm3rRbmmrWanitejs30oNxb0R3X5Ao5aOZFHZ/prw+6Ant7eFsdWhKpqMx8mCSXlQwMZqdkdi6GHVCKSRnFY9EaU3PIsWUM7s8+wc2d2xxxavnailwQmpA0Gdg4hUDiNkIgpPxzWWZQ7y0ogWiHDSJcsd1N9hq0bb2VrjXcTZxQ==" }
RSA-OAEP
- Identifier:
- http://tiagomistral.github.io/SecJSON#rsa-oaep-mgf1p (REQUIRED)
The RSAES-OAEP-ENCRYPT algorithm, as specified in RFC 2437 [PKCS1], takes three parameters. The two user specified
parameters are a MANDATORY message digest function and an OPTIONAL encoding
octet string OAEPparams
. The message digest function is
indicated by the Algorithm
attribute of a child
ds:DigestMethod
element and the mask generation function, the
third parameter, is always MGF1 with SHA1 (mgf1SHA1Identifier). Both the
message digest and mask generation functions are used in the EME-OAEP-ENCODE
operation as part of RSAES-OAEP-ENCRYPT. The encoding octet string is the
base64 decoding of the content of an optional OAEPparams
child
element . If no OAEPparams
child is provided, a null string is
used.
JSON Schema Definition: { "$schema":"http://json-schema.org/draft-04/schema#", "type":"object", "properties":{ "EncryptionMethod":{ "type":"string" } }, "required":[ "EncryptionMethod" ] }
An example of an RSA-OAEP element is:
<EncryptionMethod Algorithm="http://tiagomistral.github.io/SecJSON#rsa-oaep-mgf1p"> <OAEPparams> 9lWu3Q== </OAEPparams> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <EncryptionMethod>
The CipherValue
for an RSA-OAEP encrypted key is the base64
[MIME] encoding of the octet string computed as per
RFC 2437 [PKCS1, section 7.1.1: Encryption
operation]. As described in the EME-OAEP-ENCODE function RFC 2437 [PKCS1, section 9.1.1.1], the value input to the key
transport function is calculated using the message digest function and string
specified in the DigestMethod
and OAEPparams
elements and using the mask generator function MGF1 (with SHA1) specified in
RFC 2437. The desired output length for EME-OAEP-ENCODE is one byte shorter
than the RSA modulus.
The transported key size is 192 bits for TRIPLEDES and 128, 192, or 256 bits for AES. Implementations MUST implement RSA-OAEP for the transport of 128 and 256 bit keys. They MAY implement RSA-OAEP for the transport of other keys.
Block Encryption Algorithms
Triple DES
- Identifier:
- http://tiagomistral.github.io/SecJSON#tripledes-cbc (REQUIRED)
ANSI X9.52 [TRIPLEDES] specifies three sequential FIPS 46-3 [DES] operations. The XML Encryption TRIPLEDES consists of a DES encrypt, a DES decrypt, and a DES encrypt used in the Cipher Block Chaining (CBC) mode with 192 bits of key and a 64 bit Initialization Vector (IV). Of the key bits, the first 64 are used in the first DES operation, the second 64 bits in the middle DES operation, and the third 64 bits in the last DES operation.
Note: Each of these 64 bits of key contain 56 effective bits and 8 parity bits. Thus there are only 168 operational bits out of the 192 being transported for a TRIPLEDES key. (Depending on the criterion used for analysis, the effective strength of the key may be thought to be 112 bits (due to meet in the middle attacks) or even less.)
The resulting cipher text is prefixed by the IV. If included in XML output, it is then base64 encoded. An example TRIPLEDES EncryptionMethod is as follows:
<EncryptionMethod Algorithm="http://tiagomistral.github.io/SecJSON#tripledes-cbc"/>
AES
- Identifier:
- http://tiagomistral.github.io/SecJSON#aes128-cbc (REQUIRED)
- http://tiagomistral.github.io/SecJSON#aes192-cbc (OPTIONAL)
- http://tiagomistral.github.io/SecJSON#aes256-cbc (REQUIRED)
[AES] is used in the Cipher Block Chaining (CBC) mode with a 128 bit initialization vector (IV). The resulting cipher text is prefixed by the IV. If included in XML output, it is then base64 encoded. An example AES EncryptionMethod is as follows:
<EncryptionMethod Algorithm="http://tiagomistral.github.io/SecJSON#aes128-cbc"/>
Message Digest
Message digest algorithms can be used in AgreementMethod
as
part of the key derivation, within RSA-OAEP encryption as a hash function,
and in connection with the HMAC message authentication code method as
described in [XML-DSIG].)
SHA1
- Identifier:
- http://tiagomistral.github.io/SecJSON#sha1 (REQUIRED)
The SHA-1 algorithm [SHA] takes no explicit
parameters. An example of an SHA-1 DigestMethod
element is:
{ "DigestMethod": { "Algorithm" : "http://tiagomistral.github.io/SecJSON#sha1" } }
A SHA-1 digest is a 160-bit string. The content of the
DigestValue
element shall be the base64 encoding of this bit
string viewed as a 20-octet octet stream. For example, the
DigestValue
element for the message digest:
A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
from Appendix A of the SHA-1 standard would be:
"DigestValue": "qZk+NkcGgWq6PiVxeFDCbJzQ2J0="
Authors and Contributors
You can @mention a GitHub username to generate a link to their profile. The resulting <a>
element will link to the contributor’s GitHub Profile. For example: In 2007, Chris Wanstrath (@defunkt), PJ Hyett (@pjhyett), and Tom Preston-Werner (@mojombo) founded GitHub.
Support or Contact
Having trouble with Pages? Check out our documentation or contact support and we’ll help you sort it out.
References
- PKCS1
- RFC 2437: PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski and J. Staddon. Informational, October 1998.
- http://www.ietf.org/rfc/rfc2437.txt
- MIME
- RFC 2045: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies. N. Freed and N. Borenstein. Standards Track, November 1996.
- http://www.ietf.org/rfc/rfc2045.txt
- DES
- NIST FIPS 46-3: Data Encryption Standard (DES). October 1999.
- http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
- TRIPLEDES
- ANSI X9.52: Triple Data Encryption Algorithm Modes of Operation. 1998.
- AES
- NIST FIPS 197: Advanced Encryption Standard (AES). November 2001.
- http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
- XML-DSIG
- XML-Signature Syntax and Processing. D. Eastlake, J. Reagle, and D. Solo. W3C Recommendation, February 2002.
- http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
- SHA
- Secure Hash Standard. NIST FIPS 180-1. (RFC 3174). April 1995.
- http://www.itl.nist.gov/fipspubs/fip180-1.htm
- Secure Hash Standard. NIST Draft FIPS 180-2. 2001. (Extended to include SHA-384, SHA-256, and SHA-512)