NIST seeks comments on digital signatures draft regulation

The National Institute for Standards and Technology wants government and industry to comment by June 12 on its new draft standards for digital signatures, according to a request for comments issued today.

The draft Federal Information Processing Standard (FIPS) 186-3, Digital Signatures Standard, would replace the existing FIPS 186-2, which was first issued in 1994 and last revised in 1999.

The draft standard would improve the security of digital signatures, which rely on cryptographic keys for their algorithms.

FIPS 186-3 specifies criteria for creating keys and digital signatures at higher security levels. It would permit 1,024-, 2,048- and 3,072-bit cryptographic key sizes, compared with only 512-bit and 1,024-bit keys under FIPS 186-2.

“With advances in technology, the size of these keys must be increased to provide adequate security,” the RFC said.

The 1,024-, 2,048- and 3,072-bit digital signature key sizes offer security equal to 80-, 112- and 128-bit key sizes in the Advanced Encryption Standard.

FIPS 186-3 would be interoperable with the Public Key Cryptography Standard (PKCS) 1 that RSA Security developed and specifies criteria for creating keys for PKCS 1 digital signatures.

FIPS 186-3 includes new requirements consistent with proposed changes in two elements of FIPS 186-2: the American National Standards (ANS) X9.31, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry, and ANS X9.62, Elliptic Curve Digital Signature Algorithm.

The new draft standard also mandates that senders and receivers provide certain assurances when creating and verifying digital signatures.

NIST will share the methods for acquiring those assurances in an upcoming publication, Special Publication 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications.

Featured

  • Defense
    DOD photo by Senior Airman Perry Aston  11th Wing Public Affairs

    How DOD's executive exodus could affect tech modernization

    Back-to-back resignations raise concerns about how things will be run without permanent leadership in key areas from policy to tech development.

  • Budget
    cybersecurity (vs148/Shutterstock.com)

    House's DHS funding bill would create public-private cyber center

    The legislation would give $2.25 billion to DHS' cyber wing and set up an integrated cybersecurity center with other agencies, state and local governments and private industry.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.