CSA ISO/IEC 14888-2:09 (R2019)

CSA Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). This Standard supersedes CAN/CSA-ISO/IEC 14888-2-02 (adoption of ISO/IEC 14888-2:1999). At the time of publication, ISO/IEC 14888-2:2008 is available from ISO and IEC in English only. CSA will publish the French version when it becomes available from ISO and IEC. This Standard has been developed in compliance with Standards Council of Canada requirements for National Standards of Canada. It has been published as a National Standard of Canada by CSA Group. Scope This part of ISO/IEC 14888 specifies digital signatures with appendix whose security is based on the difficulty of factoring the modulus in use. For each signature scheme, it specifies: a) the relationships and constraints between all the data elements required for signing and verifying; b) a signature mechanism, i.e., how to produce a signature of a message with the data elements required for signing; c) a verification mechanism, i.e., how to verify a signature of a message with the data elements required for verifying. The production of key pairs requires random bits and prime numbers. The production of signatures often requires random bits. Techniques for producing random bits and prime numbers are outside the scope of this part of ISO/IEC 14888. For further information, see ISO/IEC 18031 [33] and ISO/IEC 18032 [34]. Various means are available to obtain a reliable copy of the public verification key, e.g., a public key certificate. Techniques for managing keys and certificates are outside the scope of this part of ISO/IEC 14888. For further information, see ISO/IEC 9594-8 [27], ISO/IEC 11770 [31] and ISO/IEC 15945 [32].