Page tree
Skip to end of metadata
Go to start of metadata

BSNk public scheme keys format description.

Key organization

Polymorphic pseudonimization uses various keys. Keys or organised in schemeVersion and schemeKeySetVersion.

The schemeVersion indicates the version of the cryptographic scheme and this syntax and SHALL start at 1. The schemeVersion defines the elliptic curve used in the scheme.

The schemeKeySetVersion is a version that SHALL start at 1 and represents the effective set of long term scheme master keys (PP-M, PD-M, etc...).

Relying party key format

Keys for relying parties are provided using the notation described in DV-key format.

Public scheme key format

Several of the scheme-wide keys are public, and can be used to use the polymorphism or verify signatures. These keys are defined in Metadata and under the role PPSteutelSet in RoleDescriptors non-Participants. For these public keys the brainpool P320r1 curve is used, which is a named curve defined as

-- Brainpool curves and the TeleTrust namespace are defined in BSI TR-03111
ecStdCurvesAndGeneration OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) teletrust(36) algorithm(3)
    signature-algorithm(3) ecSign(2) ecStdCurvesAndGeneration(8)
}

ellipticCurve OBJECT IDENTIFIER ::= { ecStdCurvesAndGeneration 1 }

versionOne OBJECT IDENTIFIER ::= { ellipticCurve 1 }

brainpoolP320r1 OBJECT IDENTIFIER ::= { versionOne 9 }
  • No labels