Algorithm Identifiers for the HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

]> Algorithm Identifiers for the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) Vigil Security, LLC

515 Dranesville Road Herndon, VA 20170 United States of America housley@vigilsec.com

HKDF, Algorithm Identifier RFC 5869 specifies the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) algorithm. This document assigns algorithm identifiers to the HKDF algorithm when used with three common one-way hash functions.

Introduction The HKDF algorithm is a key derivation function based on the Hashed Message Authentication Code (HMAC). This document assigns algorithm identifiers to the HKDF algorithm when used with three common one-way hash functions. These algorithm identifiers are needed to make use of the HKDF in some security protocols, such as the Cryptographic Message Syntax (CMS) .

Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

ASN.1 In this specification, values are generated using ASN.1 using the Basic Encoding Rules (BER) and the Distinguished Encoding Rules (DER) .

HKDF Algorithm Identifiers This section assigns three algorithm identifiers to HKDF used with three common one-way hash functions that are specified in : SHA-256, SHA-384, and SHA-512. When any of these three object identifiers appear within the ASN.1 type AlgorithmIdentifier, the parameters component of that type SHALL be absent. The specification of AlgorithmIdentifier is available in , which evolved from the original definition in X.509 . The assigned object identifiers are:

ASN.1 Module This section contains the ASN.1 module for the HKDF algorithm identifiers. This module imports types from other ASN.1 modules that are defined in .

Security Considerations Despite the simplicity of HKDF, there are many security considerations that have been taken into account in the design and analysis of this construction. An exposition of all of these aspects is well beyond the scope of this document. Please refer to for detailed information, including rationale for the HKDF design.

IANA Considerations One object identifier for the ASN.1 module in was assigned in the "SMI Security for S/MIME Module Identifiers (1.2.840.113549.1.9.16.0)" registry : Three object identifiers for the HKDF algorithm identifiers were assigned in the "SMI Security for S/MIME Algorithms (1.2.840.113549.1.9.16.3)" registry :

References Normative References Secure Hash Standard (SHS) National Institute of Standards and Technology (NIST) Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Cryptographic Message Syntax (CMS) This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK] HMAC-based Extract-and-Expand Key Derivation Function (HKDF) This document specifies a simple Hashed Message Authentication Code (HMAC)-based key derivation function (HKDF), which can be used as a building block in various protocols and applications. The key derivation function (KDF) is intended to support a wide range of applications and requirements, and is conservative in its use of cryptographic hash functions. This document is not an Internet Standards Track specification; it is published for informational purposes. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Information technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation ITU-T Information technology -- ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) ITU-T Informative References Cryptographic Extraction and Key Derivation: The HKDF Scheme SMI Security for S/MIME Algorithms (1.2.840.113549.1.9.16.3) IANA SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) IANA New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes. New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX) The Public Key Infrastructure using X.509 (PKIX) certificate format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes. Recommendation X.509: The Directory - Authentication Framework CCITT