Crypto and Firmware RFCs

Page content

This post summarizes the relevant RFCS (and other standards) related to cryptography and, specifically, relevant to MCUboot.

I intend to update this post with more RFCs as I refer to them in my work.

Last update: 2018-05-31


The following documents describe protocols and encodings relevant to digital signatures.

  • RFC3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1

  • RFC4279: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)

  • RFC5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.2 (obsolete)

  • RFC5480: Elliptic Curve Cryptography Subject Public Key Information

  • RFC5246: The Transport Layer Security (TLS) Protocol Version 1.2

  • RFC5915: Elliptic Curve Private Key Structure

  • RFC5958: Asymmetric Key Packages

  • RFC6347: Datagram Transport Layer Security Version 1.2

  • RFC7379: Report from the Smart Object Security Workshop

  • RFC7452: Architectural Considerations in Smart Object Networking

  • RFC7925: TLS/DTLS Profiles for the Internet of Things

  • RFC8017: PKCS #1: RSA Cryptography Specifications Version 2.2

  • RFC8018: PKCS #5: Password-Based Cryptography Specification Version 2.1

  • newcurves draft 06: Algorithm Identifiers for Ed25519, Ed448, X25519 and X448 for use in the Internet X.509 Public Key Infrastructure

Firmware update

The following documents describe formats and protocols for firmware update. RFC4108 is over 12 years old, and does not represent devices typically used for IoT devices.

  • RFC3852: Cryptographic Message Syntax (CMS)
  • RFC4108: Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
  • RFC7228: Terminology for Constrained-Node Networks
  • FUD The IETF working group on Firmware Updates, to update RFC4108
  • SP 800-193 NIST CSRC Platform Security Resiliencey Guidelines

Java Web Tokens

Google Cloud IoT Core uses JWT to authenticate the client.

  • RFC7515: JSON Web Signature (JWS)
  • RFC7518: JSON Web Algorithms (JWA) (Section 3 gives “alg” values for various signature/mac algorithms)
  • RFC7519: JSON Web Token (JWT)