DATE: February 15, 2000

FROM: Barry McVay, CPCM

SUBJECT:NIST; Announcing Approval of Federal Information Processing Standard (FIPS) 186-2, Digital Signature Standard (DSS)

SOURCE: Federal Register, February 15, 2000, Vol. 65, No. 31, page 7507

AGENCIES: National Institute of Standards and Technology (NIST), Department of Commerce

ACTION: Notice

SYNOPSIS: NIST is announcing the Secretary of Commerce's approval of FIPS 186-2, Digital Signature Standard (DSS), which expands FIPS 186-1 by specifying an additional voluntary industry standard for generating and verifying digital signatures. This action will enable Federal agencies to use the Digital Signature Algorithm (DSA), which was originally the single approved technique for digital signatures, as well as two ANSI standards that were developed for the financial community: ANSI X9.31, Digital Signature Using Reversible Public Key Cryptography, and the new voluntary industry standard ANSI X9.62, Elliptic Curve Digital Signature Algorithm (ECDSA).

EFFECTIVE DATE: June 27, 2000.

FOR FURTHER INFORMATION CONTACT: Ms. Elaine Barker (301) 975-2911, National Institute of Standards and Technology, 100 Bureau Drive, STOP 8930, Gaithersburg, MD 20899-8930.

Specifications for FIPS 186-2 are available on NIST Web page at http://csrc.nist.gov/encryption. Copies of ANSI X9.31 and ANSI X9.62 are available from the American Bankers Assoc./DC, X9 Customer Service Dept. P.O. Box 79064, Baltimore, MD 21279-0064; 1-800-338-0626.

SUPPLEMENTAL INFORMATION: On May 10, 1994, the Secretary of Commerce approved FIPS 186, Digital Signature Standard (DSS), which specified the Digital Signature Algorithm (DSA) as the single technique for the generation and verification of digital signatures.

On May 13, 1997, NIST solicited comments on augmenting FIPS 186 with other digital signature techniques, including the Rivest-Shamir-Adleman (RSA) and the elliptic curve techniques. The comments received by NIST supported adding both techniques to FIPS 186. Both techniques were being considered by the financial services industry as voluntary industry standards.

On December 15, 1998, NIST announced that the Secretary of Commerce had approved FIPS 186-1, Digital Signature Standard (DSS), as an interim final standard. FIPS 186-1 added the RSA digital signature technique, which had been approved as an industry standard (X9.31-1998, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry). However, the elliptic curve technique was not included in the interim final standard since it had not yet been approved by the American National Standards Institute (ANSI) as a voluntary industry standard.

The December 15, 1998, notice invited comments concerning the specification of two techniques (DSA and ANSI X9.31-1998) for the generation and verification of digital signatures. That notice also referred to the elliptic curve technique, which NIST had expected to be approved by ANSI as a voluntary industry standard.

In response to the invitation for comments, NIST received comments from 15 private sector organizations and individuals, and from two federal government organizations. The comments supported the addition of the ANSI X9.31 standard and the the elliptic curve technique (which has been approved as the ECDSA under ANSI X9.62) to the DSS. NIST recommended approval of FIPS 186-2 to authorize the DSA, ANSI X9.31, and the ECDSA, and the Secretary of Commerce has approved it.

FOR FURTHER INFORMATION CONTACT: Barry McVay at 703-451-5953 or by e-mail to BarryMcVay@FedGovContracts.com.

Copyright 2000 by Panoptic Enterprises. All Rights Reserved.

Return to the Dispatches Library.

Return to the Main Page.