1、 TIA-102.BAKA April 2012Project 25 KMF to KMF Interface NOTICE TIA Engineering Standards and Publications are designed to serve the public interest through eliminating misunderstandings between manufacturers and purchasers, facilitating interchangeability and improvement of products, and assisting t
2、he purchaser in selecting and obtaining with minimum delay the proper product for their particular need. The existence of such Standards and Publications shall not in any respect preclude any member or non-member of TIA from manufacturing or selling products not conforming to such Standards and Publ
3、ications. Neither shall the existence of such Standards and Publications preclude their voluntary use by Non-TIA members, either domestically or internationally. Standards and Publications are adopted by TIA in accordance with the American National Standards Institute (ANSI) patent policy. By such a
4、ction, TIA does not assume any liability to any patent owner, nor does it assume any obligation whatever to parties adopting the Standard or Publication. This Standard does not purport to address all safety problems associated with its use or all applicable regulatory requirements. It is the respons
5、ibility of the user of this Standard to establish appropriate safety and health practices and to determine the applicability of regulatory limitations before its use. (From Project No. PN-3-0429, formulated under the cognizance of the TIA TR-8 Mobile and Personal Private Radio Standards. TR-8.3 Subc
6、ommittee on Encryption). Published by TELECOMMUNICATIONS INDUSTRY ASSOCIATION Standards and Technology Department 2500 Wilson Boulevard Arlington, VA 22201 U.S.A. PRICE: Please refer to current Catalog of TIA TELECOMMUNICATIONS INDUSTRY ASSOCIATION STANDARDS AND ENGINEERING PUBLICATIONS or call IHS,
7、 USA and Canada (1-877-413-5187) International (303-397-2896) or search online at http:/www.tiaonline.org/standards/catalog/ All rights reserved Printed in U.S.A. NOTICE OF COPYRIGHT This document is copyrighted by the TIA. Reproduction of these documents either in hard copy or soft copy (including
8、posting on the web) is prohibited without copyright permission. For copyright permission to reproduce portions of this document, please contact the TIA Standards Department or go to the TIA website (www.tiaonline.org) for details on how to request permission. Details are located at: http:/www.tiaonl
9、ine.org/standards/catalog/info.cfm#copyright or Telecommunications Industry Association Technology (b) there is no assurance that the Document will be approved by any Committee of TIA or any other body in its present or any other form; (c) the Document may be amended, modified or changed in the stan
10、dards development or any editing process. The use or practice of contents of this Document may involve the use of intellectual property rights (“IPR”), including pending or issued patents, or copyrights, owned by one or more parties. TIA makes no search or investigation for IPR. When IPR consisting
11、of patents and published pending patent applications are claimed and called to TIAs attention, a statement from the holder thereof is requested, all in accordance with the Manual. TIA takes no position with reference to, and disclaims any obligation to investigate or inquire into, the scope or valid
12、ity of any claims of IPR. TIA will neither be a party to discussions of any licensing terms or conditions, which are instead left to the parties involved, nor will TIA opine or judge whether proposed licensing terms or conditions are reasonable or non-discriminatory. TIA does not warrant or represen
13、t that procedures or practices suggested or provided in the Manual have been complied with as respects the Document or its contents. If the Document contains one or more Normative References to a document published by another organization (“other SSO”) engaged in the formulation, development or publ
14、ication of standards (whether designated as a standard, specification, recommendation or otherwise), whether such reference consists of mandatory, alternate or optional elements (as defined in the TIA Engineering Manual, 4thedition) then (i) TIA disclaims any duty or obligation to search or investig
15、ate the records of any other SSO for IPR or letters of assurance relating to any such Normative Reference; (ii) TIAs policy of encouragement of voluntary disclosure (see Engineering Manual Section 6.5.1) of Essential Patent(s) and published pending patent applications shall apply; and (iii) Informat
16、ion as to claims of IPR in the records or publications of the other SSO shall not constitute identification to TIA of a claim of Essential Patent(s) or published pending patent applications. TIA does not enforce or monitor compliance with the contents of the Document. TIA does not certify, inspect,
17、test or otherwise investigate products, designs or services or any claims of compliance with the contents of the Document. ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING WITHOUT LIMITATION, ANY AND ALL WARRANTIES CONCERNING THE ACCURACY OF THE CONTENTS, ITS FITNESS OR APPROPRIATENESS
18、FOR A PARTICULAR PURPOSE OR USE, ITS MERCHANTABILITY AND ITS NONINFRINGEMENT OF ANY THIRD PARTYS INTELLECTUAL PROPERTY RIGHTS. TIA EXPRESSLY DISCLAIMS ANY AND ALL RESPONSIBILITIES FOR THE ACCURACY OF THE CONTENTS AND MAKES NO REPRESENTATIONS OR WARRANTIES REGARDING THE CONTENTS COMPLIANCE WITH ANY A
19、PPLICABLE STATUTE, RULE OR REGULATION, OR THE SAFETY OR HEALTH EFFECTS OF THE CONTENTS OR ANY PRODUCT OR SERVICE REFERRED TO IN THE DOCUMENT OR PRODUCED OR RENDERED TO COMPLY WITH THE CONTNTS. TIA SHALL NOT BE LIABLE FOR ANY AND ALL DAMAGES, DIRECT OR INDIRECT, ARISING FROM OR RELATING TO ANY USE OF
20、 THE CONTENTS CONTAINED HEREIN, INCLUDING WITHOUT LIMITATION ANY AND ALL INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING DAMAGES FOR LOSS OF BUSINESS, LOSS OF PROFITS, LITIGATION, OR THE LIKE), WHETHER BASED UPON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE),
21、PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE FOREGOING NEGATION OF DAMAGES IS A FUNDAMENTAL ELEMENT OF THE USE OF THE CONTENTS HEREOF, AND THESE CONTENTS WOULD NOT BE PUBLISHED BY TIA WITHOUT SUCH LIMITATIONS. TIA-102.BAKA i Contents 1 Introduction 1 1.1 Sc
22、ope . 1 1.2 Revision History . 2 1.3 References . 3 1.3.1 Normative References 3 1.3.2 Informative References . 5 1.4 Terms and Abbreviations . 6 2 Architecture Overview 7 2.1 TIA 102 Key Management . 7 2.2 Concepts of Operation (CONOPS) 7 2.2.1 Key Dissemination 9 2.2.2 Interoperability Key Managem
23、ent . 10 2.2.3 Peer-to-Peer Key Sharing . 12 2.3 Transport Overview 13 2.4 Cryptographic Overview . 14 2.4.1 Inner Layer Encryption 15 2.4.2 Outer Layer Encryption and Signing . 16 2.4.3 Transport Layer Security . 19 2.4.4 Public Key Usage 19 2.5 Certificate Management . 20 3 Operating Profiles 22 3
24、.1 S/MIME Operating Profile 22 3.2 TLS Operating Profile 24 3.3 X.509 Certificate Profile . 24 4 Application Level PDUs and Procedures . 25 4.1 Application PDU Formats . 26 4.1.1 Conventions 26 4.1.2 KMF-to-KMF PDU Format . 27 4.1.3 IKMF Message (Ikmf-App-Msg) Format 27 4.1.4 Key Dissemination Messa
25、ge . 31 4.1.5 Key Request Message 33 4.1.6 Key Delete Message . 33 4.1.7 Key Activity Progress Message . 35 4.1.8 Key Activity Request Message 36 4.1.9 Key Activation Message 37 4.1.10 Object Create Message 37 4.1.11 Object Delete Message . 38 4.1.12 Return Receipt Message . 39 4.1.13 Elementary Typ
26、es . 41 4.2 Application Procedures 56 4.2.1 PDU Preparation Procedures 56 4.2.2 Non-Real-Time Message Transfer Procedures . 56 4.2.3 Real-Time Message Transfer Procedures 57 TIA-102.BAKA ii 4.2.4 Validation Procedures . 58 4.3 Operational Procedures . 59 4.3.1 General Procedures 61 4.3.2 Uncoordinat
27、ed Procedures 62 4.3.3 Coordinated Procedures 68 5 Recommended PKI Implementations (Informative) 75 5.1 PKI for Small Systems 75 5.2 PKI for Large Systems . 75 6 Example Application Level PDUs . 77 6.1 OpenSSL 77 6.1.1 Win32 OpenSSL Setup and Initialization . 77 6.1.2 PKI Creation 78 6.2 Inner-Layer
28、 Encryption and Decryption 83 6.2.1 Inner-Layer Encryption 83 6.2.2 Inner-Layer Decryption 85 6.3 Example Inter-KMF Procedures . 86 6.3.1 Key Dissemination Examples 86 6.3.2 Interoperability Key Management Examples . 93 6.3.3 Alternate Examples . 112 6.3.4 KMF to KMF PDU Examples . 121 6.4 Outer-Lay
29、er Cryptographic Operations 124 6.4.1 Encryption and Signing 124 6.4.2 Decryption and Verification 126 7 Inter-KMF Message Schema 129 8 Open SSL Configuration 138 TIA-102.BAKA iii List of Figures Figure 1 TIA 102 Key Storage Model 7 Figure 2 Key Dissemination 9 Figure 3 Interoperability Key Manageme
30、nt . 10 Figure 4 Encryption Object Life Cycle Model 11 Figure 5 Peer-to-Peer Key Sharing . 12 Figure 6 Inner Layer Encryption 15 Figure 7 Originator Creation of Inter-KMF S/MIME Object 16 Figure 8 S/MIME Envelope and Contents . 17 Figure 9 Recipient Decryption of Inter-KMF S/MIME Object . 18 Figure
31、10 Example PKI Infrastructure . 21 Figure 11 IKMF Message Nesting . 25 Figure 12 IKMF Message Definition (Ikmf-App-Msg) 27 Figure 13 IKMF Message Body Definition (“ikmfAppMsg”) . 28 Figure 14 IKMF Message Header (“ikmfHeader”) . 28 Figure 15 IKMF Message Content (“ikmfContent”) . 30 Figure 16 IKMF M
32、essage Manufacturer-Specific Content (“manCon”) . 30 Figure 17 Key Dissemination Message . 31 Figure 18 Key Request Message 33 Figure 19 Key Delete Message . 33 Figure 20 Key Activity Progress Message 35 Figure 21 Key Activity Request Message . 36 Figure 22 Key Activation Message 37 Figure 23 Object
33、 Create Message 37 Figure 24 Object Delete Message . 38 Figure 25 Return Receipt Message 39 Figure 26 Algorithm Elementary Type . 41 Figure 27 chooseAlgorithm Elementary Type . 41 Figure 28 chooseKeyClass Elementary Type . 42 Figure 29 Ctag Elementary Type 43 Figure 30 ctagTag Elementary Type . 43 F
34、igure 31 Comment Elementary Type 44 Figure 32 GroupId Elementary Type . 44 Figure 33 Key Elementary Type 44 Figure 34 keyClass Elementary Type . 45 Figure 35 keyID Elementary Type . 45 Figure 36 keyName Elementary Type . 46 Figure 37 manConContents Elementary Type 47 Figure 38 mfID Elementary Type 4
35、7 Figure 39 mfName Elementary Type 47 Figure 40 msgID Elementary Type . 48 Figure 41 nameChar Elementary Type . 48 Figure 42 nameSource Elementary Type . 49 Figure 43 objectName Elementary Type . 49 Figure 44 otherAlgorithm Elementary Type 50 TIA-102.BAKA iv Figure 45 otherKeyClass Elementary Type .
36、 50 Figure 46 percentageComplete Elementary Type . 51 Figure 47 protocolVersion Elementary Type . 51 Figure 48 Readiness Elementary Type . 51 Figure 49 Reason Elementary Type 52 Figure 50 reasonCode Elementary Type . 52 Figure 51 RSI Elementary Type 53 Figure 52 specificKeyName Elementary Type 53 Fi
37、gure 53 specificObjectName Elementary Type 53 Figure 54 SystemId Elementary Type . 54 Figure 55 Talkgroup Elementary Type 54 Figure 56 WacnId Elementary Type 55 Figure 57 Uncoordinated Procedures Message Sequence . 62 Figure 58 Coordinated Procedures Message Sequence . 68 Figure 59 Certificate Seria
38、l Number Supplier 78 Figure 60 Root CA Certificate . 78 Figure 61 KMF1 Signature Certificate . 79 Figure 62 Signing KMF1s Certificate 80 Figure 63 KMF2 Encryption Certificate 81 Figure 64 Signing KMF2s Certificate 82 Figure 65 Certificate Verification . 83 Figure 66 Convert Hexadecimal Key to Binary
39、 84 Figure 67 Encrypt Key . 84 Figure 68 Convert Encrypted Key from Binary to Hexadecimal 84 Figure 69 Encrypted AES Key . 85 Figure 70 Encrypted DES Key 85 Figure 71 Convert Encrypted Key from Hexadecimal to Binary 85 Figure 72 Decrypt Key . 86 Figure 73 Convert Decrypted Key from Binary to Hexadec
40、imal 86 Figure 74 Push Key . 87 Figure 75 Key Dissemination 88 Figure 76 Return Receipt 89 Figure 77 Pull Key . 89 Figure 78 Key Request 90 Figure 79 Key Dissemination 91 Figure 80 Return Receipt 92 Figure 81 Interoperability Key Management 93 Figure 82 Create Object 93 Figure 83 Object Create 94 Fi
41、gure 84 Return Receipt 95 Figure 85 Distribute Key 96 Figure 86 Key Dissemination 97 Figure 87 Optional Key Activity Progress 98 Figure 88 Return Receipt 99 Figure 89 Activate Key 100 Figure 90 Key Activation . 101 TIA-102.BAKA v Figure 91 Optional Key Activity Progress 102 Figure 92 Optional Key Ac
42、tivity Progress 103 Figure 93 Key Activity Request . 104 Figure 94 Key Activity Progress 105 Figure 95 Return Receipt 106 Figure 96 Delete Key 106 Figure 97 Key Delete 107 Figure 98 Optional Key Activity Progress 108 Figure 99 Return Receipt 109 Figure 100 Delete Object 109 Figure 101 Object Delete
43、110 Figure 102 Return Receipt 111 Figure 103 Automatic Key Activation 112 Figure 104 Key Dissemination 113 Figure 105 Return Receipt 114 Figure 106 Optional Key Activity Progress 115 Figure 107 Return Receipt 116 Figure 108 Automatic Key Expiration 117 Figure 109 Key Dissemination 118 Figure 110 Ret
44、urn Receipt 119 Figure 111 Return Receipt 120 Figure 112 Single Message PDU 121 Figure 113 Multi-Part PDU 123 Figure 114 Message Signing 124 Figure 115 Verify Message Signature . 125 Figure 116 Message Encryption . 126 Figure 117 Display Encrypted Message . 126 Figure 118 Message Decryption . 126 Fi
45、gure 119 Verify Decrypted Message Signature 127 Figure 120 Display Decrypted Message . 128 Figure 121 IKMF Message Schema 137 Figure 122 Win32 OpenSSL Configuration File 143 TIA-102.BAKA vi List of Tables Table 1, S/MIME Operating Profile . 23 Table 2, IKMF Message Header Elements . 29 Table 3, Mess
46、age Identifiers 29 Table 4, manCon Elements 30 Table 5, Key Dissemination Elements 32 Table 6, Key Request Elements . 33 Table 7, Key Delete Elements 34 Table 8, Key Delete Reason Identifiers 34 Table 9, Key Activity Progress Elements 35 Table 10, Key Activity Request Elements . 36 Table 11, Key Act
47、ivation Elements . 37 Table 12, Object Create Elements . 38 Table 13, Object Delete Elements 38 Table 14, Return Receipt Elements 39 Table 15, Return-Code Values . 40 Table 16, chooseAlgorithm Elements . 42 Table 17, chooseKeyClass Elements . 42 Table 18, Ctag Elements 43 Table 19, keyName Elements
48、46 Table 20, objectName Elements 49 Table 21, Procedures Required to Support Key Dissemination . 59 Table 22, Messages Required to Support Key Dissemination . 59 Table 23, Procedures Required to Support Interoperability Key Management and Peer-to-Peer Key Sharing 60 Table 24, Messages Required to Su
49、pport Interoperability Key Management and Peer-to-Peer Key Sharing 60 TIA-102.BAKA vii FOREWORD (This Foreword is not part of the specifications described in this document.) This document has been created in response to a request by the APCO/NASTD/FED Project 25 Steering Committee as provided for in a Memorandum of Understanding (MOU) dated Apri
