ISO IEC 14888-1-2008 PDF

Full title and description

Information technology — Security techniques — Digital signatures with appendix — Part 1: General. This part of ISO/IEC 14888 specifies general principles, definitions, notation and requirements for digital signature mechanisms with appendix (i.e., where the verification process requires the message as part of the input). It defines terms and symbols used across the 14888 series and describes the relationship with other signature and hash-function standards.

Abstract

ISO/IEC 14888-1:2008 addresses digital signatures with appendix and presents the general principles and requirements that apply to such mechanisms. It distinguishes signature mechanisms with appendix (where the message is supplied during verification) from signature mechanisms giving message recovery, and notes the use of hash functions in generating and verifying signatures. The part provides definitions, symbols and high-level specification elements that are referenced by the algorithm-specific parts of the series.

General information

• Status: Published — International Standard (Edition 2, confirmed after periodic review).
• Publication date: April 2008 (published 2008-04-01 / Edition 2, 2008).
• Publisher: ISO and IEC (prepared under ISO/IEC JTC 1/SC 27).
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 2 (2008) — revision of the 1998 edition.
• Number of pages: 11 pages (official ISO listing for the 2008 edition).

Key bibliographic and lifecycle details above are taken from the ISO record and national standards catalogues. The 2008 edition replaced the 1998 edition and was subject to ISO systematic review and confirmation.

Scope

Specifies general principles and requirements applicable to digital signature mechanisms with appendix for messages of arbitrary length. It defines the vocabulary, symbols and basic operations used across the ISO/IEC 14888 series, and sets out the relationship to algorithm-specific parts (for example, parts addressing integer factoring and discrete logarithm-based signatures). Key areas such as key and certificate management techniques are explicitly outside the scope of this part (references to related standards for those topics are provided).

Key topics and requirements

• Definitions and symbols used for digital signature with appendix mechanisms.
• General principles for signature generation and verification (roles of message, appendix and hash functions).
• Requirements for algorithm parameterization and data formats to promote interoperability.
• Conformance and normative references for algorithm-specific parts (ISO/IEC 14888-2, -3, etc.).
• Cross-references to standards for message recovery signatures and hash functions (e.g., ISO/IEC 9796 and ISO/IEC 10118) and to key/certificate management standards.

The above topics summarize the normative and editorial content that implementers and specifiers must consider when using or referencing the 14888 series.

Typical use and users

Used by cryptographic library implementers, product vendors, security architects, standards writers and conformity assessors who need a normative, interoperable specification for digital signature mechanisms with appendix. It is referenced in technical specifications, protocol designs and product evaluations where formal signature definitions and data formats are required.

Related standards

Directly related to other parts of the 14888 series (for example ISO/IEC 14888-2 and ISO/IEC 14888-3 for algorithm-specific signature mechanisms). Also related to ISO/IEC 9796 (signature mechanisms giving message recovery), ISO/IEC 10118 (hash functions), and standards covering key/certificate management and public-key infrastructure (for example ISO/IEC 9594-8, ISO/IEC 11770-3 and ISO/IEC 15945). These cross-references are noted in the normative references of the standard.

Keywords

digital signature, signature with appendix, public key, hash function, message recovery, interoperability, ISO/IEC 14888, cryptography, IT security.

FAQ

Q: What is this standard?

A: ISO/IEC 14888-1:2008 is the first part of the ISO/IEC 14888 series and provides general principles, definitions and requirements for digital signatures with appendix (where the signed message is provided to the verification algorithm).

Q: What does it cover?

A: It covers terminology, symbols, high-level requirements and normative references that apply to digital signature mechanisms with appendix, and it establishes the framework used by the algorithm-specific parts of the series. Key aspects of key/certificate management are out of scope and are handled by other standards.

Q: Who typically uses it?

A: Implementers of cryptographic libraries and security protocols, product vendors, system architects and conformity assessors who require a formal specification for signature generation and verification behavior and for interoperable data formats.

Q: Is it current or superseded?

A: The 2008 edition (Edition 2) superseded the 1998 edition. The ISO record indicates the 2008 edition was subject to standard periodic review and has been confirmed in reviews (the ISO listing shows the 2008 edition as the current published edition following review). Users should check their national body or ISO for the latest confirmation status before formal citation.

Q: Is it part of a series?

A: Yes — ISO/IEC 14888 is a multi-part series. Part 1 sets out general principles; other parts (for example 14888-2 and 14888-3) specify algorithm-specific digital signature mechanisms.

Q: What are the key keywords?

A: Digital signature, signature with appendix, message appendix, hash function, public-key cryptography, interoperability, signature verification, ISO/IEC 14888.