Crypto and Firmware RFCs

This post summarizes the relevant RFCS (and other standards) related to cryptography and, specifically, relevant to MCUboot.

I intend to update this post with more RFCs as I refer to them in my work.


The following documents describe protocols and encodings relevant to digital signatures.

  • RFC3447: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
  • RFC5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification Version 1.2 (obsolete)
  • RFC5480: Elliptic Curve Cryptography Subject Public Key Information
  • RFC5915: Elliptic Curve Private Key Structure
  • RFC5958: Asymmetric Key Packages
  • RFC8017: PKCS #1: RSA Cryptography Specifications Version 2.2
  • RFC8018: PKCS #5: Password-Based Cryptography Specification Version 2.1

  • newcurves draft 06: Algorithm Identifiers for Ed25519, Ed448, X25519 and X448 for use in the Internet X.509 Public Key Infrastructure

Firmware update

The following documents describe formats and protocols for firmware update. RFC4108 is over 12 years old, and does not represent devices typically used for IoT devices.

  • RFC3852: Cryptographic Message Syntax (CMS)
  • RFC4108: Using Cryptographic Message Syntax (CMS) to Protect Firmware Packages
  • RFC7228: Terminology for Constrained-Node Networks
  • FUD The IETF working group on Firmware Updates, to update RFC4108
About David Brown
Software engineer and Jazz musician, currently living in the Denver, CO area.
comments powered by Disqus