In a move intended to broaden the choices federal agencies have when securing information, the Commerce Department's National Institute of Standards and Technology today announced plans to consider incorporating additional digital signature methods into its Digital Signature Standard. In a notice in today's Federal Register, NIST seeks comments on the possibility of allowing government agencies to use additional public-key based digital signature algorithms, such as the RSA and elliptic curve techniques.
In a related announcement, also in today's Federal Register, NIST announced plans to develop a federal standard for public-key based cryptographic key agreement and exchange. The notice asks for comments on such techniques as RSA, Diffie-Hellman and elliptic curve.
"Today's announcements set the stage for agencies to take greater advantage of both commercially available and emerging cryptographic technologies," said Under Secretary of Commerce for Technology Mary Good. "This allows us to work more closely with the private sector in promoting secure products and enhancing flexibility as we protect government services and systems."
These moves are consistent with the Clinton Administration's overall efforts to promote the use of strong cryptography, by both federal agencies and those in the private sector, while maintaining societal safeguards. The activities announced today augment both NIST's ongoing work to develop an advanced encryption standard and the effort to develop a federal encryption key recovery standard by the Department of Commerce's Technical Advisory Committee to Develop a Federal Information Processing Standard for the Federal Key Management Infrastructure.
Digital signatures are used to confirm the identity of the signer and to verify that electronic information has not been altered. If information must be kept confidential, then encryption also is necessary.
The Clinton Administration's encryption policy calls for cryptographic keys used by federal agencies for encryption—to protect the confidentiality of information—to be recoverable through an agency or third-party process and for keys used for digital signatures—for integrity and authentication of information—to not be recoverable. To maintain this distinction, agencies must be able to ensure that signature keys cannot be used for encryption.
Digital signatures, used increasingly in electronic business transactions and electronic commerce, also are expected to become an integral part of routine government business. Purchasing agents, contract officers and others will come to rely on this reassurance that their electronic information has not been altered in transit or sent from a forged address. The Digital Signature Standard, also known as Federal Information Processing Standard, or FIPS, 186, currently requires federal departments, agencies and contractors who use digital signatures to do so with the Digital Signature Algorithm. Today's announcement starts the process of looking for additional algorithms to be incorporated into the standard. FIPS do not apply to the private sector, but they frequently are used by non-federal organizations.
Development of a new standard for public-key based cryptographic key agreement and exchange will provide federal agencies one or more secure methods to protect their sensitive communications.
Anyone wishing to comment on the digital signature announcement should write to Director, Information Technology Laboratory, Planned Revision to FIPS 186, A231 Technology Building, NIST, Gaithersburg, Md. 20899-0001, or send electronic mail to .
Those with comments on the key agreement and exchange announcement should write to Director, Information Technology Laboratory, Key Agreement/Exchange FIPS, A231 Technology Building, NIST, Gaithersburg, Md. 20899-0001, or send electronic mail to .
A non-regulatory agency of the Commerce Department's Technology Administration, NIST promotes U.S. economic growth by working with industry to develop and apply technology, measurements and standards.