`127273`

- P
- a password encoded as a Unicode UTF-8 string
- S
- a random initializing value
- V
_{s} - the set of byte strings of length s, where s >= 0; the string b = (b
_{1},...,b_{s}) belongs to the set V_{s}if b_{1},...,b_{s}belongs to {0,...,255} - |A|
- the number of components (a length) of the vector A belonging to V
_{s}(if A is an empty string, then |A| = 0) - A||C
- a concatenation of two byte strings A, C from V
_{s}, i.e., a string from V_{|A|+|C|}, where the left substring from V_{|A|}is equal to the string A and the right substring from V_{|C|}is equal to the string C: A = (a_{1},...,a_{n1}) in V_{n1}and C = (c_{1},...,c_{n2}) in V_{n2}, res = (a_{1},...,a_{n1},c_{1},...,c_{n2}) in V_{n1+n2} - F_q
- a finite prime field represented as a set of q integers {0,1,...,q - 1}, where q > 3 - prime number
- b mod q
- the minimum non-negative number comparable to b modulo p
- INT(b)
- integer INT(b) = b
_{1}+ b_{2}* 256 +...+ b_{s}* 256^{s-1}, where b belongs to V_{s}

- Signature
- one or more data elements resulting from the signature process (Clause 3.12 of
). Note: The terms "digital signature", "electronic signature", and "electronic digital signature" are considered equivalent in this document. - Signature key
- set of private data elements specific to an entity and usable only by this entity
in the signature process (Clause 3.13 of
). Note: Sometimes called a private key. - Verification key
- set of public data elements that is mathematically related to an entity's signature key
and is used by the verifier in the verification process (Clause 3.16 of
). Note: Sometimes called a public key. - ASN.1
- Abstract Syntax Notation One, as defined in
. - BER
- Basic Encoding Rules, as defined in
. - HMAC_GOSTR3411
- Hash-Based Message Authentication Code. A
function for calculating a Message Authentication Code (MAC) based
on the GOST R 34.11-2012 hash function (see
) with 512-bit output in accordance with .

- version is the syntax version number; the only allowed value for this specification is 3.
- authSafe contains the data of type ContentInfo. In the case of password integrity mode, the authSafe.content field has a Data type value and contains a BER-encoded value of the AuthenticatedSafe structure.
- macData has a MacData type; in the case of password integrity mode, the macData field should contain information about the algorithm and parameters for password key generation.
Integrity control is ensured by using the HMAC_GOSTR3411_2012_512 algorithm: the macData.mac.digestAlgorithm.algorithm field contains the HMAC_GOSTR3411_2012_512 algorithm identifier (see
). When processing PFX, this field should be checked first.

encryptionAlgorithmOID field:

- bagId is an object identifier; it defines the type of object.
- bagValue is the value of an object.
- bagAttributes contains the users' names, the key identifiers, and other additional information. This field is optional.

- pkcs8ShroudedKeyBag
- certBag

- a public key corresponding to the GOST R 34.10-2012 algorithm with a key length of 256 bits has the GostR3410-2012-256-PublicKey representation. It is specified by a 64-byte string, where the first 32 bytes contain the little-endian representation of the x coordinate and the last 32 bytes contain the little-endian representation of the y coordinate.
- a public key corresponding to the GOST R 34.10-2012 algorithm with a key length of 512 bits has the GostR3410-2012-512-PublicKey representation. It is specified by a 128-byte string, where the first 64 bytes contain the little-endian representation of the x coordinate and the last 64 bytes contain the little-endian representation of the y coordinate.

- version identifies the version of OneAsymmetricKey. If publicKey is present, then version is set to 2; else, version is set to 1.
- privateKeyAlgorithm identifies the private key algorithm and optionally contains parameters associated with the asymmetric key
pair. For GOST R 34.10-2012 private keys, the identifiers of the corresponding public keys are used; they are defined in
. The use of identifiers and public key parameters is defined in . - privateKey is an OCTET STRING that contains the value of the masked private key I.
- attributes are optional. They contain information corresponding to the public key (e.g., certificates).
- publicKey contains the value of the public key GostR3410-2012-256-PublicKey or GostR3410-2012-512-PublicKey encoded in a BIT STRING. This field is optional.

- encryptionAlgorithm identifies the algorithm under which the private key information is encrypted. Encryption
MUST use the PBES2 scheme. The algorithm and parameters of this scheme are presented in. - encryptedData is the DER-encoded PrivateKeyInfo structure.

- certId identifies the type of certificate.
- certValue contains the certificate.