Contact: Anne Enright Shepherd, aeshep@nist.gov
FOR IMMEDIATE RELEASE: TA 97-03
May 13, 1997
Contact: Anne Enright Shepherd NIST TO CONSIDER REVISED
(301) 975-4858 DIGITAL SIGNATURE STANDARD
anne.shepherd@nist.gov FOR FEDERAL AGENCIES
In a move intended to broaden the choices federal agencies have when
securing information, the Commerce Department's National Institute of
Standards and Technology today announced plans to consider incorporating
additional digital signature methods into its Digital Signature
Standard. In a notice in today's Federal Register, NIST seeks comments
on the possibility of allowing government agencies to use additional
public-key based digital signature algorithms, such as the RSA and
elliptic curve techniques.
In a related announcement, also in today's Federal Register, NIST
announced plans to develop a federal standard for public-key based
cryptographic key agreement and exchange. The notice asks for comments
on such techniques as RSA, Diffie-Hellman and elliptic curve.
"Today's announcements set the stage for agencies to take greater
advantage of both commercially available and emerging cryptographic
technologies," said Under Secretary of Commerce for Technology Mary
Good. "This allows us to work more closely with the private sector in
promoting secure products and enhancing flexibility as we protect
government services and systems."
These moves are consistent with the Clinton Administration's overall
efforts to promote the use of strong cryptography, by both federal
agencies and those in the private sector, while maintaining societal
safeguards. The activities announced today augment both NIST's ongoing
work to develop an advanced encryption standard and the effort to
develop a federal encryption key recovery standard by the Department of
Commerce's Technical Advisory Committee to Develop a Federal Information
Processing Standard for the Federal Key Management Infrastructure.
Digital signatures are used to confirm the identity of the signer and to
verify that electronic information has not been altered. If information
must be kept confidential, then encryption also is necessary.
The Clinton Administration's encryption policy calls for cryptographic
keys used by federal agencies for encryption--to protect the
confidentiality of information--to be recoverable through an agency or
third-party process and for keys used for digital signatures--for
integrity and authentication of information--to not be recoverable. To
maintain this distinction, agencies must be able to ensure that
signature keys cannot be used for encryption.
Digital signatures, used increasingly in electronic business
transactions and electronic commerce, also are expected to become an
integral part of routine government business. Purchasing agents,
contract officers and others will come to rely on this reassurance that
their electronic information has not been altered in transit or sent
from a forged address.
The Digital Signature Standard, also known as Federal Information
Processing Standard, or FIPS, 186, currently requires federal
departments, agencies and contractors who use digital signatures to do
so with the Digital Signature Algorithm. Today's announcement starts the
process of looking for additional algorithms to be incorporated into the
standard. FIPS do not apply to the private sector, but they frequently
are used by non-federal organizations.
Development of a new standard for public-key based cryptographic key
agreement and exchange will provide federal agencies one or more secure
methods to protect their sensitive communications.
Anyone wishing to comment on the digital signature announcement should
write to Director, Information Technology Laboratory, Planned Revision
to FIPS 186, A231 Technology Building, NIST, Gaithersburg, Md.
20899-0001, or send electronic mail to .
Those with comments on the key agreement and exchange announcement
should write to Director, Information Technology Laboratory, Key
Agreement/Exchange FIPS, A231 Technology Building, NIST, Gaithersburg,
Md. 20899-0001, or send electronic mail to .
A non-regulatory agency of the Commerce Department's Technology
Administration, NIST promotes U.S. economic growth by working with
industry to develop and apply technology, measurements and standards.
- 30 -
�����������������������������������������������������������������������������������������������������������