Portable Symmetric Key Container (PSKC)
2010-08-19
2012-04-06
Algorithm URI Registry and Related PSKC Profiles
Specification Required
Unassigned
Algorithm identifiers from this registry are also used as otp-algID values
in the PA-OTP-CHALLENGE described in Section 4.1 and the PA-OTP-REQUEST
described in Section 4.2 of .
HOTP
OTP
urn:ietf:params:xml:ns:keyprov:pskc:hotp
IESG
FALSE
The <KeyPackage> element MUST be present and the
<ResponseFormat> element, which is a child element of the
<AlgorithmParameters> element, MUST be used to indicate the OTP
length and the value format.
The <Counter> element (see Section 4.1 of [RFC-ietf-keyprov-pskc-09]) MUST be provided as
metadata for the key.
The following additional constraints apply:
+ The value of the <Secret> element MUST contain key material
with a length of at least 16 octets (128 bits), if it is present.
+ The <ResponseFormat> element MUST have the 'Format'
attribute set to "DECIMAL", and the 'Length' attribute MUST
indicate a length value between 6 and 9 (inclusive).
+ The <PINPolicy> element MAY be present, but the
'PINUsageMode' attribute cannot be set to "Algorithmic".
An example can be found in Figure 3 of [RFC-ietf-keyprov-pskc-09].
PIN
Symmetric static credential comparison
urn:ietf:params:xml:ns:keyprov:pskc:pin
Section 5.1
IESG
FALSE
The <Usage> element MAY be present, but no attribute of the
<Usage> element is required. The <ResponseFormat> element MAY
be used to indicate the PIN value format.
The <Secret> element (see Section 4.1 of [RFC-ietf-keyprov-pskc-09]) MUST be provided.
See the example in Figure 5 of [RFC-ietf-keyprov-pskc-09].
PSKC Version Registry
Standards Action
1.0
Key Usage Registry
Expert Review
Unassigned
OTP
Section 5
FALSE
CR
Section 5
FALSE
Encrypt
Section 5
FALSE
Integrity
Section 5
FALSE
Verify
Section 5
FALSE
Unlock
Section 5
FALSE
Decrypt
Section 5
FALSE
KeyWrap
Section 5
FALSE
Unwrap
Section 5
FALSE
Derive
Section 5
FALSE
Generate
Section 5
FALSE