Assigned Numbers for SKIP Protocols

Updated: April 24, 1997

The SKIP protocol requires that certain values be assigned for use within the protocols. For purposes of interoperability, these numbers are assigned centrally. This document lists all current number assignments.

Numbers for all of the SKIP protocols may be requested by sending mail to numbers@skip.org. Please include references to transforms, algorithm, etc in your number assignment request. Assignments will only be made when information sufficient for independent implementation is provided.

SKIP Assigned Numbers

CDP assigned Numbers


SKIP Assigned Numbers

Kij Algorithms

Algorithm Number Description
1 DES-CBC , (64 bit IV=0, random fill key to multiple of 64-bits, MD5 as Hash Algorithm
2 3 Key Triple DES-EDE-CBC (64 bit IV=0, random fill key up to multiple of 64 bits, MD5 as hash Algorithm)
3 IDEA-CBC (64 bit IV=0, random fill key up to multiple of 64 bits.  MD5 as hash Algorithm)
241 SAFER-128SK (64 bit IV=0, random fill key up to multiple of 64 bits. MD5 as hash Algorithm)
242 RC2 40 bit (64 bit IV=0, random fill key up to multiple of 64 bits. MD5 as hash Algorithm)
250-255 Reserved for private use among consenting parties.

Crypt Algorithms

Algorithm Number Description
1 DES-CBC as specified in RFC 1829, 64 bit IV
2 3 Key (k1, k2, k3) Triple DES (EDE-CBC) as specified in RFC1851, 64 bit IV
3 IDEA-CBC, 64 bit IV, encapsulate in same manner as RFC1829
240 RC4,40 bit, Encapsulated as described in Stream Cipher Transform Document.
241 SAFER-128SK, SK mode, 64 bit IV, encapsulate in same manner as RFC1829
242 RC2, 40 bit, encapsulated in same manner as RFC1829, 64 bit IV
250-255 Reserved for private use among consenting parties

MAC Algorithms

Algorithm Number Description
1 128 Bit Keyed MD5, RFC1828
2 DES-EDE MAC
3 Keyed SHA-1, RFC 1852
250-255 Reserved for private use among consenting parties

Compression Algorithms

Algorithm Number Description
250-255 Reserved for private use among consenting parties

Name Space Identifiers (NSID)

NSID Number Name Space Description Master KeyID Length
1 IP v4 Address space 32 Bits
2 POSIX/Xopen User Ids 32 Bits
3 IP v6 Address Space 128 Bits
4 MD5 of DNS name 128 Bits
5 MD5 of ISO DN ASN.1 encoding 128 Bits
6 MD5 of arbitrary ASCII String 128 Bits
7 802.10 MAC address 48 Bits
8 MD5 of principle's DH Pub Val 128 Bits
9 MD5 of RFC-822 Mailbox Address 128 Bits
10 MD5 of Bank Account # 128 Bits
11 MD5 of NIS Name 128 Bits
12 Ephemeral DH Master Keyid (EMKID) 32 Bits
250-255 Reserved for private use among consenting parties Undefined

Diffie-Hellman common Parameters (g, p)

For interoperability, the values g and p in gj mod p are specified here, for various modulus lengths.

The primes given below were generated using the following algorithm. The prime generation method is given so it is possible to independently verify how the primes were generated.

The prime generator is based on SHA.1, the FIPS 180.1 secure hash algorithm. This takes the given seed as input and produces a 160-bit output sequence in 20 bytes. These bytes are taken as a big-endian number to produce a number n0 from 0 to 2160-1. (That is, n0 = 2152 * byte0 + 2144 * byte1 + ... + 28 * byte19 + byte20.)

Then the seed is incremented as a big-endian array of bytes, modulo its size (that is, the last byte is incremented, propagating carry if necessary), and hashed again to produce n1, then n2, etc.

A number of arbitrary size can be constructed by concatenating N = n0 + 2160 * n1 + 2320 * n2 +.... To get a number no larger than 2k, take the low-order k bits of N, N mod 2k. Obviously, if k is 1024, it is only necessary to compute n0 through n6.

To generate a k-bit prime p (2k > p >= 2(k-1)), take t = N mod 2(k-2); that is, a number with at most k-2 significant bits. Then add 2(k-1) to force the number into the desired range, and 2(k-2) to force it into the high-half of the range. This extra refinement makes an attack more expensive without affecting the time required to do computations mod p. Additional high-order 1 bits could be forced, but the incremental benefit rapidly diminishes.

The resultant number t is used as the starting point in a search for a suitable prime p. p is chosen to be the first number >= t such that p is prime and (p-1)/2 is prime.

Because SHA.1 is a cryptographic hash, it is computationally infeasible to find an input that has a given output. Indeed, there is no known technique better than brute-force search to find an input that produces an output with any special properties. Assuming that there is an unknown class of primes that are easy to solve the discrete logarithm problem for, this ensures that the chance of choosing a prime p, which is a member of that class, is no better than random chance regardless of malice on the part of the party generating the prime.

The seed chosen is arbitrary, so was chosen for aesthetic reasons. It is the 79 bytes of the ASCII representation of a quote by Gandhi:

"Whatever you do is insignificant, but it is very important that you do it."

2048 Bit Parameters

Base (g): 0x02
Modulus (p) (MSB first):
      0xF6, 0x42, 0x57, 0xB7, 0x08, 0x7F, 0x08, 0x17, 
      0x72, 0xA2, 0xBA, 0xD6, 0xA9, 0x42, 0xF3, 0x05, 
      0xE8, 0xF9, 0x53, 0x11, 0x39, 0x4F, 0xB6, 0xF1, 
      0x6E, 0xB9, 0x4B, 0x38, 0x20, 0xDA, 0x01, 0xA7, 
      0x56, 0xA3, 0x14, 0xE9, 0x8F, 0x40, 0x55, 0xF3, 
      0xD0, 0x07, 0xC6, 0xCB, 0x43, 0xA9, 0x94, 0xAD, 
      0xF7, 0x4C, 0x64, 0x86, 0x49, 0xF8, 0x0C, 0x83, 
      0xBD, 0x65, 0xE9, 0x17, 0xD4, 0xA1, 0xD3, 0x50, 
      0xF8, 0xF5, 0x59, 0x5F, 0xDC, 0x76, 0x52, 0x4F, 
      0x3D, 0x3D, 0x8D, 0xDB, 0xCE, 0x99, 0xE1, 0x57, 
      0x92, 0x59, 0xCD, 0xFD, 0xB8, 0xAE, 0x74, 0x4F, 
      0xC5, 0xFC, 0x76, 0xBC, 0x83, 0xC5, 0x47, 0x30, 
      0x61, 0xCE, 0x7C, 0xC9, 0x66, 0xFF, 0x15, 0xF9, 
      0xBB, 0xFD, 0x91, 0x5E, 0xC7, 0x01, 0xAA, 0xD3, 
      0x5B, 0x9E, 0x8D, 0xA0, 0xA5, 0x72, 0x3A, 0xD4, 
      0x1A, 0xF0, 0xBF, 0x46, 0x00, 0x58, 0x2B, 0xE5, 
      0xF4, 0x88, 0xFD, 0x58, 0x4E, 0x49, 0xDB, 0xCD,
      0x20, 0xB4, 0x9D, 0xE4, 0x91, 0x07, 0x36, 0x6B, 
      0x33, 0x6C, 0x38, 0x0D, 0x45, 0x1D, 0x0F, 0x7C, 
      0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D, 0x8E, 0xF6, 
      0xF3, 0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B, 
      0x18, 0x8D, 0x8E, 0xBB, 0x55, 0x8C, 0xB8, 0x5D, 
      0x38, 0xD3, 0x34, 0xFD, 0x7C, 0x17, 0x57, 0x43, 
      0xA3, 0x1D, 0x18, 0x6C, 0xDE, 0x33, 0x21, 0x2C, 
      0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40, 
      0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72, 
      0xD6, 0x86, 0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29, 
      0x7A, 0xCA, 0x95, 0x0C, 0xD9, 0x96, 0x9F, 0xAB, 
      0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46, 0xD3, 0x08,
      0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C, 
      0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB, 
      0xA2, 0x5E, 0xC3, 0x55, 0xE9, 0x32, 0x0B, 0x3B

1024 Bit Parameters

Base (g): 0x02
Modulus (p) (MSB first):

      0xF4, 0x88, 0xFD, 0x58, 0x4E, 0x49, 0xDB, 0xCD, 
      0x20, 0xB4, 0x9D, 0xE4, 0x91, 0x07, 0x36, 0x6B, 
      0x33, 0x6C, 0x38, 0x0D, 0x45, 0x1D, 0x0F, 0x7C, 
      0x88, 0xB3, 0x1C, 0x7C, 0x5B, 0x2D, 0x8E, 0xF6, 
      0xF3, 0xC9, 0x23, 0xC0, 0x43, 0xF0, 0xA5, 0x5B, 
      0x18, 0x8D, 0x8E, 0xBB, 0x55, 0x8C, 0xB8, 0x5D, 
      0x38, 0xD3, 0x34, 0xFD, 0x7C, 0x17, 0x57, 0x43, 
      0xA3, 0x1D, 0x18, 0x6C, 0xDE, 0x33, 0x21, 0x2C, 
      0xB5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40, 
      0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72, 
      0xD6, 0x86, 0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29, 
      0x7A, 0xCA, 0x95, 0x0C, 0xD9, 0x96, 0x9F, 0xAB, 
      0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46, 0xD3, 0x08, 
      0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C, 
      0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB, 
      0xA2, 0x5E, 0xC3, 0x55, 0xE9, 0x2F, 0x78, 0xC7

512 Bit Parameters

Base (g): 0x02
Modulus (p) (MSB first): 
        0xF5, 0x2A, 0xFF, 0x3C, 0xE1, 0xB1, 0x29, 0x40,
        0x18, 0x11, 0x8D, 0x7C, 0x84, 0xA7, 0x0A, 0x72,
        0xD6, 0x86, 0xC4, 0x03, 0x19, 0xC8, 0x07, 0x29,
        0x7A, 0xCA, 0x95, 0x0C, 0xD9, 0x96, 0x9F, 0xAB,
        0xD0, 0x0A, 0x50, 0x9B, 0x02, 0x46, 0xD3, 0x08,
        0x3D, 0x66, 0xA4, 0x5D, 0x41, 0x9F, 0x9C, 0x7C,
        0xBD, 0x89, 0x4B, 0x22, 0x19, 0x26, 0xBA, 0xAB,
        0xA2, 0x5E, 0xC3, 0x55, 0xE9, 0x2A, 0x05, 0x5F

CDP Assigned Numbers

Name Type Assignments

Name Type Value Name Type
1 SKIP Name
2 PGP Printable String
3 PGP Key ID
4 DNS Name
5 RFC 822 Name
6 X.509 Distinquished Name
250-255 Reserved for private use among consenting parties

Cerificate Type Assignments

CERT-Type Value Certificate Type
1 X.509
2 PGP
3 Secure DNS
4 MD5 of Unsigned DH Public Value
5 MD5 of Unsigned Elliptic Curve Public Value
6 MD5 of Unsigned RSA Public Value
7 X.509 Certificate Revocation List
8 Ephemeral DH Certificate
250-255 Reserved for private use among consenting parties