draft-ietf-smime-3278bis-07.txt   draft-ietf-smime-3278bis-08.txt 
S/MIME WG Sean Turner, IECA S/MIME WG Sean Turner, IECA
Internet Draft Dan Brown, Certicom Internet Draft Dan Brown, Certicom
Intended Status: Informational May 5, 2009 Intended Status: Informational May 29, 2009
Obsoletes: 3278 (once approved) Obsoletes: 3278 (once approved)
Expires: November 5, 2009 Expires: November 29, 2009
Use of Elliptic Curve Cryptography (ECC) Algorithms Use of Elliptic Curve Cryptography (ECC) Algorithms
in Cryptographic Message Syntax (CMS) in Cryptographic Message Syntax (CMS)
draft-ietf-smime-3278bis-07.txt draft-ietf-smime-3278bis-08.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. This document may contain material provisions of BCP 78 and BCP 79. This document may contain material
from IETF Documents or IETF Contributions published or made publicly from IETF Documents or IETF Contributions published or made publicly
available before November 10, 2008. The person(s) controlling the available before November 10, 2008. The person(s) controlling the
copyright in some of this material may not have granted the IETF copyright in some of this material may not have granted the IETF
Trust the right to allow modifications of such material outside the Trust the right to allow modifications of such material outside the
IETF Standards Process. Without obtaining an adequate license from IETF Standards Process. Without obtaining an adequate license from
skipping to change at page 1, line 43 skipping to change at page 1, line 43
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on November 5, 2009. This Internet-Draft will expire on November 29, 2009.
Copyright Notice Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info). publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 3, line 14 skipping to change at page 3, line 14
7.2. Other Syntax.............................................24 7.2. Other Syntax.............................................24
8. Recommended Algorithms and Elliptic Curves....................26 8. Recommended Algorithms and Elliptic Curves....................26
9. Security Considerations.......................................28 9. Security Considerations.......................................28
10. IANA Considerations..........................................33 10. IANA Considerations..........................................33
11. References...................................................33 11. References...................................................33
11.1. Normative...............................................33 11.1. Normative...............................................33
11.2. Informative.............................................35 11.2. Informative.............................................35
Appendix A ASN.1 Modules.........................................36 Appendix A ASN.1 Modules.........................................36
Appendix A.1 1988 ASN.1 Module................................36 Appendix A.1 1988 ASN.1 Module................................36
Appendix A.2 2004 ASN.1 Module................................43 Appendix A.2 2004 ASN.1 Module................................43
Appendix B Changes since RFC 3278................................53 Appendix B Changes since RFC 3278................................57
Acknowledgements.................................................56 Acknowledgements.................................................59
Author's Addresses...............................................56 Author's Addresses...............................................59
1. Introduction 1. Introduction
The Cryptographic Message Syntax (CMS) is cryptographic algorithm The Cryptographic Message Syntax (CMS) is cryptographic algorithm
independent. This specification defines a profile for the use of independent. This specification defines a profile for the use of
Elliptic Curve Cryptography (ECC) public key algorithms in the CMS. Elliptic Curve Cryptography (ECC) public key algorithms in the CMS.
The ECC algorithms are incorporated into the following CMS content The ECC algorithms are incorporated into the following CMS content
types: types:
- 'SignedData' to support ECC-based digital signature methods - 'SignedData' to support ECC-based digital signature methods
skipping to change at page 6, line 24 skipping to change at page 6, line 24
- originator MUST be the alternative originatorKey. The - originator MUST be the alternative originatorKey. The
originatorKey algorithm field MUST contain the id-ecPublicKey originatorKey algorithm field MUST contain the id-ecPublicKey
object identifier (see Section 7.1.2). The parameters object identifier (see Section 7.1.2). The parameters
associated with id-ecPublicKey MUST be absent, ECParameters, or associated with id-ecPublicKey MUST be absent, ECParameters, or
NULL. The parameters associated with id-ecPublicKey SHOULD be NULL. The parameters associated with id-ecPublicKey SHOULD be
absent or ECParameters, and NULL is allowed to support legacy absent or ECParameters, and NULL is allowed to support legacy
implementations. The previous version of this document required implementations. The previous version of this document required
NULL to be present. If the parameters are ECParameters, then NULL to be present. If the parameters are ECParameters, then
they MUST be namedCurve. The originatorKey publicKey field MUST they MUST be namedCurve. The originatorKey publicKey field MUST
contain the value of the ASN.1 type ECPoint (see Section 7.2), contain the DER-encoding of the value of the ASN.1 type ECPoint
which represents the sending agent's ephemeral EC public key. (see Section 7.2), which represents the sending agent's
The ECPoint in uncompressed form MUST be supported. ephemeral EC public key. The ECPoint in uncompressed form MUST
be supported.
- ukm MAY be present or absent. However, message originators - ukm MAY be present or absent. However, message originators
SHOULD include the ukm. As specified in RFC 3852 [CMS], SHOULD include the ukm. As specified in RFC 3852 [CMS],
implementations MUST support ukm message recipient processing, implementations MUST support ukm message recipient processing,
so interoperability is not a concern if the ukm is present or so interoperability is not a concern if the ukm is present or
absent. The ukm is placed in the entityUInfo field of the ECC- absent. The ukm is placed in the entityUInfo field of the ECC-
CMS-SharedInfo structure. When present, the ukm is used to CMS-SharedInfo structure. When present, the ukm is used to
ensure that a different key-encryption key is generated, even ensure that a different key-encryption key is generated, even
when the ephemeral private key is improperly used more than when the ephemeral private key is improperly used more than
once, by using the ECC-CMS-SharedInfo as an input to the key once, by using the ECC-CMS-SharedInfo as an input to the key
skipping to change at page 19, line 46 skipping to change at page 19, line 46
30 15 06 06 2b 81 04 01 0F 01 30 0b 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 01 30 0b 06 09 60 86 48 01 65 03 04
01 05 01 05
KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128 KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128
30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04
01 05 01 05
KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128 KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128
30 15 06 06 2b 81 04 01 0F 03 30 0d 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04
01 05 01 05
KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192 KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192
30 18 06 09 2b 81 05 10 86 48 3f 00 10 30 0b 06 09 60 86 48 01 30 18 06 09 2b 81 05 10 86 48 3f 00 10 30 0b 06 09 60 86 48 01
65 03 04 01 19 65 03 04 01 19
KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192 KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192
30 15 06 06 2b 81 04 01 0F 00 30 0b 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 00 30 0b 06 09 60 86 48 01 65 03 04
01 19 01 19
skipping to change at page 21, line 9 skipping to change at page 21, line 9
KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256 KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256
30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04
01 2D 01 2D
KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256 KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256
30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04 30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04
01 2D 01 2D
NOTE: The S/MIME Capabilities indicate that parameters for the key
wrap algorithm AES-* (where * is 128, 192, or 256) are NULL; however,
the parameters are absent when used to encrypt/decrypt a content
encryption key.
NOTE: The S/MIME Capabilities for the supported AES content NOTE: The S/MIME Capabilities for the supported AES content
encryption key sizes are defined in [CMS-AES]. encryption key sizes are defined in [CMS-AES].
NOTE: The S/MIME Capabilities for the supported MAC algorithms are NOTE: The S/MIME Capabilities for the supported MAC algorithms are
defined in [CMS-ASN]. defined in [CMS-ASN].
7. ASN.1 Syntax 7. ASN.1 Syntax
The ASN.1 syntax used in this document is gathered in this section The ASN.1 syntax [X.680], [X.681], X.682], [X.683] used in this
for reference purposes. document is gathered in this section for reference purposes.
7.1. Algorithm Identifiers 7.1. Algorithm Identifiers
This section provides the object identifiers for the algorithms used This section provides the object identifiers for the algorithms used
in this document along with any associated parameters. in this document along with any associated parameters.
7.1.1. Digest Algorithms 7.1.1. Digest Algorithms
Digest algorithm object identifiers are used in the SignedData Digest algorithm object identifiers are used in the SignedData
digestAlgorithms and digestAlgorithm fields and the AuthenticatedData digestAlgorithms and digestAlgorithm fields and the AuthenticatedData
skipping to change at page 22, line 4 skipping to change at page 21, line 46
The KeyAgreeRecipientInfo originator field uses the following object The KeyAgreeRecipientInfo originator field uses the following object
identifier to indicate an elliptic curve public key: identifier to indicate an elliptic curve public key:
id-ecPublicKey OBJECT IDENTIFIER ::= { id-ecPublicKey OBJECT IDENTIFIER ::= {
ansi-x9-62 keyType(2) 1 } ansi-x9-62 keyType(2) 1 }
where where
ansi-x9-62 OBJECT IDENTIFIER ::= { ansi-x9-62 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) 10045 } iso(1) member-body(2) us(840) 10045 }
When the object identifier id-ecPublicKey is used here with an When the object identifier id-ecPublicKey is used here with an
algorithm identifier, the associated parameters MUST be either absent algorithm identifier, the associated parameters MUST be either absent
or ECParameters. Implementations MUST accept id-ecPublicKey with or ECParameters. Implementations MUST accept id-ecPublicKey with
absent and ECParameters parameters. If ECParameters is present, its absent and ECParameters parameters. If ECParameters is present, its
value MUST match the recipient's ECParameters. Implementations value MUST match the recipient's ECParameters. Implementations
SHOULD generate absent parameters for the id-ecPublicKey object SHOULD generate absent parameters for the id-ecPublicKey object
identifier in the KeyAgreeRecipientInfo originator field. identifier in the KeyAgreeRecipientInfo originator field.
NOTE: [CMS-ECC] indicated the parameters were NULL. Support for this [CMS-ECC] indicated the parameters were NULL. Support for this
legacy form is OPTIONAL. legacy form is OPTIONAL.
7.1.3. Signature Algorithms 7.1.3. Signature Algorithms
Signature algorithm identifiers are used in the SignedData Signature algorithm identifiers are used in the SignedData
signatureAlgorithm and signature fields. The signature algorithms signatureAlgorithm and signature fields. The signature algorithms
used in this document are ECDSA with SHA-1, ECDSA with SHA-224, ECDSA used in this document are ECDSA with SHA-1, ECDSA with SHA-224, ECDSA
with SHA-256, ECDSA with SHA-384, and ECDSA with SHA-512. The object with SHA-256, ECDSA with SHA-384, and ECDSA with SHA-512. The object
identifiers and parameters associated with these algorithms are found identifiers and parameters associated with these algorithms are found
in [PKI-ALG]. in [PKI-ALG].
NOTE: [CMS-ECC] indicated the parameters were NULL. Support for this [CMS-ECC] indicated the parameters were NULL. Support for this
legacy form is OPTIONAL. legacy form is OPTIONAL.
7.1.4. Key Agreement Algorithms 7.1.4. Key Agreement Algorithms
Key agreement algorithms are used in EnvelopedData, Key agreement algorithms are used in EnvelopedData,
AuthenticatedData, and AuthEnvelopedData in the KeyAgreeRecipientInfo AuthenticatedData, and AuthEnvelopedData in the KeyAgreeRecipientInfo
keyEncryptionAlgorithm field. The following object identifiers keyEncryptionAlgorithm field. The following object identifiers
indicate the key agreement algorithms used in this document: indicate the key agreement algorithms used in this document [SP800-
56A], [SEC1]:
dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
x9-63-scheme 2 } x9-63-scheme 2 }
dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 0 } secg-scheme 11 0 }
dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 1 } secg-scheme 11 1 }
skipping to change at page 24, line 31 skipping to change at page 24, line 29
7.1.7. Message Authentication Code Algorithms 7.1.7. Message Authentication Code Algorithms
Message authentication code algorithms are used in AuthenticatedData Message authentication code algorithms are used in AuthenticatedData
in the macAlgorithm field. The message authentication code in the macAlgorithm field. The message authentication code
algorithms used in this document are HMAC with SHA-1, HMAC with SHA- algorithms used in this document are HMAC with SHA-1, HMAC with SHA-
224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512. 224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512.
The object identifiers and parameters associated with these The object identifiers and parameters associated with these
algorithms are found in [CMS-ALG] and [HMAC-SHA2]. algorithms are found in [CMS-ALG] and [HMAC-SHA2].
NOTE: [HMAC-SHA2] defines the object identifiers for HMAC with SHA-
224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512, but
there is no ASN.1 module from which to import these object
identifiers. Therefore, the object identifiers for these algorithms
are included in the ASN.1 modules defined in Appendix A.
7.1.8. Key Derivation Algorithm 7.1.8. Key Derivation Algorithm
The KDF used in this document is as specified in 3.6.1 of [SEC1]. The KDF used in this document is as specified in 3.6.1 of [SEC1].
The hash algorithm is identified in key agreement algorithm. For The hash algorithm is identified in key agreement algorithm. For
example, dhSinglePass-stdDH-sha256kdf-scheme uses the KDF from [SEC1] example, dhSinglePass-stdDH-sha256kdf-scheme uses the KDF from [SEC1]
but uses SHA-256 instead of SHA-1. but uses SHA-256 instead of SHA-1.
7.2. Other Syntax 7.2. Other Syntax
The following additional syntax is used here. The following additional syntax is used here.
skipping to change at page 33, line 11 skipping to change at page 33, line 11
---------+----------+-----------+----------- ---------+----------+-----------+-----------
256 | 512+ | SHA-512 | secp521r1 256 | 512+ | SHA-512 | secp521r1
---------+----------+-----------+----------- ---------+----------+-----------+-----------
10. IANA Considerations 10. IANA Considerations
This document makes extensive use of object identifiers to register This document makes extensive use of object identifiers to register
originator public key types and algorithms. The algorithm object originator public key types and algorithms. The algorithm object
identifiers are registered in the ANSI X9.62, ANSI X9.63, NIST, RSA, identifiers are registered in the ANSI X9.62, ANSI X9.63, NIST, RSA,
and SECG arcs. Additionally, object identifiers are used to identify and SECG arcs. Additionally, object identifiers are used to identify
the ASN.1 modules found in Appendix A. These are defined in an arc the ASN.1 modules found in Appendix A (there are two). These are
delegated by IANA to the SMIME Working Group. No further action by defined by the SMIME WG Registrar in an arc delegated by RSA to the
IANA is necessary for this document or any anticipated updates. SMIME Working Group: iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0). No action by IANA is
necessary for this document or any anticipated updates.
11. References 11. References
11.1. Normative 11.1. Normative
[CMS] Housley, R., "Cryptographic Message Syntax", RFC [CMS] Housley, R., "Cryptographic Message Syntax", RFC
3852, July 2004. 3852, July 2004.
[CMS-AES] Schaad, J., "Use of the Advanced Encryption Standard [CMS-AES] Schaad, J., "Use of the Advanced Encryption Standard
(AES) Encryption Algorithm in Cryptographic Message (AES) Encryption Algorithm in Cryptographic Message
Syntax (CMS)", RFC 3565, July 2003. Syntax (CMS)", RFC 3565, July 2003.
[CMS-AESCG] Housley, R., "Using AES-CCM and AES-GCM Authenticated [CMS-AESCG] Housley, R., "Using AES-CCM and AES-GCM Authenticated
Encryption in the Cryptographic Message Syntax Encryption in the Cryptographic Message Syntax
(CMS)", RFC 5084, November 2007. (CMS)", RFC 5084, November 2007.
[CMS-ALG] Housley, R., "Cryptographic Message Syntax (CMS) [CMS-ALG] Housley, R., "Cryptographic Message Syntax (CMS)
Algorithms", RFC 3370, August 2002. Algorithms", RFC 3370, August 2002.
[CMS-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for
CMS", draft-ietf-smime-new-asn1, work-in-progress.
[CMS-AUTHENV] Housley, R. "Cryptographic Message Syntax (CMS) [CMS-AUTHENV] Housley, R. "Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type", RFC 5083, Authenticated-Enveloped-Data Content Type", RFC 5083,
November 2007. November 2007.
[CMS-DH] Rescorla, E., "Diffie-Hellman Key Agreement Method", [CMS-DH] Rescorla, E., "Diffie-Hellman Key Agreement Method",
RFC 2631, June 1999. RFC 2631, June 1999.
[CMS-SHA2] Turner, S., "Using SHA2 Algorithms with Cryptographic [CMS-SHA2] Turner, S., "Using SHA2 Algorithms with Cryptographic
Message Syntax", draft-ietf-smime-sha2, work-in- Message Syntax", draft-ietf-smime-sha2, work-in-
progress. progress.
skipping to change at page 34, line 40 skipping to change at page 34, line 40
"Randomness Recommendations for Security", RFC 4086, "Randomness Recommendations for Security", RFC 4086,
June 2005. June 2005.
[RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional [RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional
Algorithms and Identifiers for RSA Cryptography for Algorithms and Identifiers for RSA Cryptography for
use in the Internet X.509 Public Key Infrastructure use in the Internet X.509 Public Key Infrastructure
Certificate and Certificate Revocation List (CRL) Certificate and Certificate Revocation List (CRL)
Profile", RFC 4055, June 2005. Profile", RFC 4055, June 2005.
[SEC1] SECG, "Elliptic Curve Cryptography", Standards for [SEC1] SECG, "Elliptic Curve Cryptography", Standards for
Efficient Cryptography Group, 2000. Available from Efficient Cryptography Group, 2002. Available from
www.secg.org/collateral/sec1.pdf. http://www.secg.org/download/aid-780/sec1-v2.pdf.
[SP800-56A] National Institute of Standards and Technology [SP800-56A] National Institute of Standards and Technology
(NIST), Special Publication 800-56A: Recommendation (NIST), Special Publication 800-56A: Recommendation
Pair-Wise Key Establishment Schemes Using Discrete Pair-Wise Key Establishment Schemes Using Discrete
Logarithm Cryptography (Revised), March 2007. Logarithm Cryptography (Revised), March 2007.
[X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-
1:2002. Information Technology - Abstract Syntax 1:2002. Information Technology - Abstract Syntax
Notation One. Notation One.
skipping to change at page 35, line 17 skipping to change at page 35, line 17
[BON] D. Boneh, "The Security of Multicast MAC", [BON] D. Boneh, "The Security of Multicast MAC",
Presentation at Selected Areas of Cryptography 2000, Presentation at Selected Areas of Cryptography 2000,
Center for Applied Cryptographic Research, University Center for Applied Cryptographic Research, University
of Waterloo, 2000. Paper version available from of Waterloo, 2000. Paper version available from
http://crypto.stanford.edu/~dabo/papers/mmac.ps http://crypto.stanford.edu/~dabo/papers/mmac.ps
[CERTCAP] Santesson, S., "X.509 Certificate Extension for [CERTCAP] Santesson, S., "X.509 Certificate Extension for
Secure/Multipurpose Internet Mail Extensions (S/MIME) Secure/Multipurpose Internet Mail Extensions (S/MIME)
Capabilities", RFC 4262, December 2005. Capabilities", RFC 4262, December 2005.
[CMS-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for
CMS", draft-ietf-smime-new-asn1, work-in-progress.
[CMS-ECC] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of [CMS-ECC] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of
Elliptic Curve Cryptography (ECC) Algorithms in Elliptic Curve Cryptography (ECC) Algorithms in
Cryptographic Message Syntax (CMS)", RFC 3278, April Cryptographic Message Syntax (CMS)", RFC 3278, April
2002. 2002.
[CMS-KEA] Pawling, J., "CMS KEA and SKIPJACK Conventions", RFC [CMS-KEA] Pawling, J., "CMS KEA and SKIPJACK Conventions", RFC
2876, July 2000. 2876, July 2000.
[K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1
and IEEE P1363 newsgroups, 1998. and IEEE P1363 newsgroups, 1998.
[PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for [PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for
PKIX", draft-ietf-pkix-new-asn1, work-in-progress. PKIX", draft-ietf-pkix-new-asn1, work-in-progress.
[SP800-57] National Institute of Standards and Technology [SP800-57] National Institute of Standards and Technology
(NIST), Special Publication 800-57: Recommendation (NIST), Special Publication 800-57: Recommendation
for Key Management - Part 1 (Revised), March 2007. for Key Management - Part 1 (Revised), March 2007.
[X.681] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824-
1:2002. Information Technology - Abstract Syntax
Notation One.
[X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-
2:2002. Information Technology - Abstract Syntax 2:2002. Information Technology - Abstract Syntax
Notation One: Information Object Specification. Notation One: Information Object Specification.
[X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-
3:2002. Information Technology - Abstract Syntax 3:2002. Information Technology - Abstract Syntax
Notation One: Constraint Specification. Notation One: Constraint Specification.
[X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-
4:2002. Information Technology - Abstract Syntax 4:2002. Information Technology - Abstract Syntax
Notation One: Parameterization of ASN.1 Notation One: Parameterization of ASN.1
Specifications, 2002. Specifications, 2002.
Appendix A ASN.1 Modules Appendix A ASN.1 Modules
Appendix A.1 provides the normative ASN.1 definitions for the Appendix A.1 provides the normative ASN.1 definitions for the
structures described in this specification using ASN.1 as defined in structures described in this specification using ASN.1 as defined in
[X.680] for compilers that support the 1988 ASN.1. [X.680] for compilers that support the 1988 ASN.1.
Appendix A.2 provides an informative ASN.1 definitions for the Appendix A.2 provides informative ASN.1 definitions for the
structures described in this specification using ASN.1 as defined in structures described in this specification using ASN.1 as defined in
[X.680], [X.681], [X.682], and [X.683] for compilers that support the [X.680], [X.681], [X.682], and [X.683] for compilers that support the
2002 ASN.1. This appendix contains the same information as Appendix 2002 ASN.1. This appendix contains the same information as Appendix
A.1 in a more recent (and precise) ASN.1 notation, however Appendix A.1 in a more recent (and precise) ASN.1 notation, however Appendix
A.1 takes precedence in case of conflict. A.1 takes precedence in case of conflict.
NOTE: The values for the TBAs will be included during AUTH48. NOTE: The values for the TBAs will be included during AUTH48.
//** RFC Editor: Remove this note prior to publication **// //** RFC Editor: Remove this note prior to publication **//
skipping to change at page 36, line 43 skipping to change at page 37, line 4
IMPORTS IMPORTS
-- From [PKI] -- From [PKI]
AlgorithmIdentifier AlgorithmIdentifier
FROM PKIX1Explicit88 FROM PKIX1Explicit88
{ iso(1) identified-organization(3) dod(6) { iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) mod(0) internet(1) security(5) mechanisms(5) pkix(7) mod(0)
pkix1-explicit(18) } pkix1-explicit(18) }
-- From [RSAOAEP] -- From [RSAOAEP]
id-sha224, id-sha256, id-sha384, id-sha512 id-sha224, id-sha256, id-sha384, id-sha512
FROM PKIX1-PSS-OAEP-Algorithms FROM PKIX1-PSS-OAEP-Algorithms
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-rsa-pkalgs(33) } id-mod-pkix1-rsa-pkalgs(33) }
-- From [PKI-ALG] -- From [PKI-ALG]
id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224, id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224,
ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512, ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512,
id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters
FROM PKIXAlgIDs-2008 FROM PKIX1Algorithms2008
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) TBA1 } security(5) mechanisms(5) pkix(7) id-mod(0) 45 }
-- From [CMS] -- From [CMS]
OriginatorPublicKey, UserKeyingMaterial OriginatorPublicKey, UserKeyingMaterial
FROM CryptographicMessageSyntax2004 FROM CryptographicMessageSyntax2004
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cms-2004(24) } smime(16) modules(0) cms-2004(24) }
-- From [CMS-ALG] -- From [CMS-ALG]
hMAC-SHA1, id-hmacWithSHA224, id-hmacWithSHA256, id-hmacWithSHA384, hMAC-SHA1, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter
id-hmacWithSHA512, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter
FROM CryptographicMessageSyntaxAlgorithms FROM CryptographicMessageSyntaxAlgorithms
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cmsalg-2008(TBD) } smime(16) modules(0) cmsalg-2001(16) }
-- From [CMS-AES] -- From [CMS-AES]
id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV, id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV,
id-aes128-wrap, id-aes192-wrap, id-aes256-wrap id-aes128-wrap, id-aes192-wrap, id-aes256-wrap
FROM CMSAesRsaesOaep FROM CMSAesRsaesOaep
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cms-aes(19) } smime(16) modules(0) id-mod-cms-aes(19) }
-- From [CMS-AESCG] -- From [CMS-AESCG]
skipping to change at page 40, line 47 skipping to change at page 40, line 47
-- id-aes256-CCM Parameters are CCMParameters -- id-aes256-CCM Parameters are CCMParameters
-- id-aes128-GCM Parameters are GCMParameters -- id-aes128-GCM Parameters are GCMParameters
-- id-aes192-GCM Parameters are GCMParameters -- id-aes192-GCM Parameters are GCMParameters
-- id-aes256-GCM Parameters are GCMParameters -- id-aes256-GCM Parameters are GCMParameters
-- --
-- Message Authentication Code Algorithms -- Message Authentication Code Algorithms
-- --
-- hMAC-SHA1 Parameters are preferred absent -- hMAC-SHA1 Parameters are preferred absent
-- id-hmacWithSHA224 Parameters are absent
-- id-hmacWithSHA256 Parameters are absent -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are
-- id-hmacWithSHA384 Parameters are absent -- absent
-- id-hmacWithSHA512 Parameters are absent id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 }
id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 }
id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10
}
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11
}
-- --
-- Originator Public Key Algorithms -- Originator Public Key Algorithms
-- --
-- id-ecPublicKey Parameters are absent, NULL, or ECParameters -- id-ecPublicKey Parameters are absent, NULL, or ECParameters
-- Format for both ephemeral and static public keys -- Format for both ephemeral and static public keys
-- ECPoint ::= OCTET STRING -- ECPoint ::= OCTET STRING
skipping to change at page 43, line 14 skipping to change at page 43, line 18
-- --
-- S/MIME Capabilities: ECMQV, Single Pass, Standard -- S/MIME Capabilities: ECMQV, Single Pass, Standard
-- --
-- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm
-- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm
-- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm
-- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm
-- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm
--
-- S/MIME Capabilities: Message Authentication Code Algorithms
--
-- hMACSHA1 Type is preferred absent
-- id-hmacWithSHA224 Type is absent
-- if-hmacWithSHA256 Type is absent
-- id-hmacWithSHA384 Type is absent
-- id-hmacWithSHA512 Type is absent
END END
Appendix A.2 2004 ASN.1 Module Appendix A.2 2004 ASN.1 Module
SMIMEECCAlgs-2008 SMIMEECCAlgs-2008
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) TBA2 } smime(16) modules(0) TBA2 }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS ALL -- EXPORTS ALL
IMPORTS IMPORTS
-- From [PKI-ASN]
-- From [PKI-ALG]
mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256,
sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey,
ECDSA-Sig-Value, ECPoint, ECParameters ECDSA-Sig-Value, ECPoint, ECParameters
FROM PKIXAlgIDs-2008 FROM PKIXAlgs-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) TBA2 } security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-algorithms2008-02(56) }
-- FROM [PKI-ASN] -- From [PKI-ASN]
KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, mda-sha224, mda-sha256, mda-sha384, mda-sha512
PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE FROM PKIX1-PSS-OAEP-Algorithms-2009
FROM AlgorithmInformation
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation(TBA5) } id-mod-pkix1-rsa-pkalgs-02(54) }
-- From [PKI-ASN]
mda-sha224, mda-sha256, mda-sha384, mda-sha512 -- FROM [CMS-ASN]
FROM PKIX1-PSS-OAEP-Algorithms
KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM,
PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS
FROM AlgorithmInformation-2009
{ iso(1) identified-organization(3) dod(6) internet(1) { iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0) TBA7 } security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) }
-- From [CMS] -- From [CMS-ASN]
OriginatorPublicKey, UserKeyingMaterial OriginatorPublicKey, UserKeyingMaterial
FROM CryptographicMessageSyntax2004 FROM CryptographicMessageSyntax-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cms-2004(24) } smime(16) modules(0) id-mod-cms-2004-02(41) }
-- From [CMS-ASN] -- From [CMS-ASN]
maca-hMAC-SHA1, maca-hMAC-SHA224, maca-hMAC-SHA256, maca-hMAC-SHA384, maca-hMAC-SHA1, cea-des-ede3-cbc, kwa-3DESWrap, CBCParameter
maca-hMAC-SHA512, cea-des-ede3-cbc, kwa-3DESWrap, CBCParameter FROM CryptographicMessageSyntaxAlgorithms-2009
FROM CryptographicMessageSyntaxAlgorithms
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cmsalg-2001(16) } smime(16) modules(0) id-mod-cmsalg-2001-02(37) }
-- From [CMS-ASN] -- From [CMS-ASN]
cea-aes128-CBC, cea-aes192-CBC, cea-aes256-CBC, kwa-aes128-wrap, cea-aes128-CBC, cea-aes192-CBC, cea-aes256-CBC, kwa-aes128-wrap,
kwa-aes192-wrap, kwa-aes256-wrap kwa-aes192-wrap, kwa-aes256-wrap
FROM CMSAesRsaesOaep FROM CMSAesRsaesOaep-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) id-mod-cms-aes(19) } smime(16) modules(0) id-mod-cms-aes-02(38) }
-- From [CMS-ASN] -- From [CMS-ASN]
cea-aes128-ccm, cea-aes192-ccm, cea-aes256-ccm, cea-aes128-gcm, cea-aes128-ccm, cea-aes192-ccm, cea-aes256-ccm, cea-aes128-gcm,
cea-aes192-gcm, cea-aes256-gcm cea-aes192-gcm, cea-aes256-gcm
FROM CMS-AES-CCM-and-AES-GCM FROM CMS-AES-CCM-and-AES-GCM-2009
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) modules(0) cms-aes-ccm-and-gcm(32) } smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) }
; ;
-- Constrains the SignedData digestAlgorithms field -- Constrains the SignedData digestAlgorithms field
-- Constrains the SignedData SignerInfo digestAlgorithm field -- Constrains the SignedData SignerInfo digestAlgorithm field
-- Constrains the AuthenticatedData digestAlgorithm field -- Constrains the AuthenticatedData digestAlgorithm field
-- MessageDigestAlgs DIGEST-ALGORITHM ::= { -- MessageDigestAlgs DIGEST-ALGORITHM ::= {
-- mda-sha1 | -- mda-sha1 |
-- mda-sha224 | -- mda-sha224 |
-- mda-sha256 | -- mda-sha256 |
-- mda-sha384 | -- mda-sha384 |
-- mda-sha512, -- mda-sha512,
skipping to change at page 46, line 29 skipping to change at page 47, line 4
kaa-mqvSinglePass-sha512kdf-scheme, kaa-mqvSinglePass-sha512kdf-scheme,
... -- Extensible ... -- Extensible
} }
x9-63-scheme OBJECT IDENTIFIER ::= { x9-63-scheme OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) tc68(133) country(16) x9(840) iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9-63(63) schemes(0) } x9-63(63) schemes(0) }
secg-scheme OBJECT IDENTIFIER ::= { secg-scheme OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) certicom(132) schemes(1) } iso(1) identified-organization(3) certicom(132) schemes(1) }
-- --
-- Diffie-Hellman Single Pass, Standard, with KDFs -- Diffie-Hellman Single Pass, Standard, with KDFs
-- --
-- Parameters are always present and indicate the Key Wrap Algorithm -- Parameters are always present and indicate the Key Wrap Algorithm
kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme
IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme }
} }
dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
x9-63-scheme 2 } x9-63-scheme 2 }
kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme
IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme }
} }
dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 0 } secg-scheme 11 0 }
kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme
IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme }
} }
dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 1 } secg-scheme 11 1 }
kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme
IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme }
} }
dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 2 } secg-scheme 11 2 }
kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme }
IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme }
} }
dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 11 3 } secg-scheme 11 3 }
-- --
-- Diffie-Hellman Single Pass, Cofactor, with KDFs -- Diffie-Hellman Single Pass, Cofactor, with KDFs
-- --
kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme
IDENTIFIED BY
dhSinglePass-cofactorDH-sha1kdf-scheme }
} }
dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
x9-63-scheme 3 } x9-63-scheme 3 }
kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme
IDENTIFIED BY
dhSinglePass-cofactorDH-sha224kdf-scheme }
} }
dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 14 0 } secg-scheme 14 0 }
kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme
IDENTIFIED BY
dhSinglePass-cofactorDH-sha256kdf-scheme }
} }
dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 14 1 } secg-scheme 14 1 }
kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme
IDENTIFIED BY
dhSinglePass-cofactorDH-sha384kdf-scheme }
} }
dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 14 2 } secg-scheme 14 2 }
kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= {
IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme
IDENTIFIED BY
dhSinglePass-cofactorDH-sha512kdf-scheme }
} }
dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 14 3 } secg-scheme 14 3 }
-- --
-- MQV Single Pass, Cofactor, with KDFs -- MQV Single Pass, Cofactor, with KDFs
-- --
kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= {
IDENTIFIER mqvSinglePass-sha1kdf-scheme IDENTIFIER mqvSinglePass-sha1kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme
IDENTIFIED BY mqvSinglePass-sha1kdf-scheme }
} }
mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= {
x9-63-scheme 16 } x9-63-scheme 16 }
kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= {
IDENTIFIER mqvSinglePass-sha224kdf-scheme IDENTIFIER mqvSinglePass-sha224kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme
IDENTIFIED BY mqvSinglePass-sha224kdf-scheme }
} }
mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 15 0 } secg-scheme 15 0 }
kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= {
IDENTIFIER mqvSinglePass-sha256kdf-scheme IDENTIFIER mqvSinglePass-sha256kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme
IDENTIFIED BY mqvSinglePass-sha256kdf-scheme }
} }
mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 15 1 } secg-scheme 15 1 }
kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= {
IDENTIFIER mqvSinglePass-sha384kdf-scheme IDENTIFIER mqvSinglePass-sha384kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme
IDENTIFIED BY mqvSinglePass-sha384kdf-scheme }
} }
mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 15 2 } secg-scheme 15 2 }
kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= {
IDENTIFIER mqvSinglePass-sha512kdf-scheme IDENTIFIER mqvSinglePass-sha512kdf-scheme
PARAMS TYPE KeyWrapAlgorithm ARE required PARAMS TYPE KeyWrapAlgorithm ARE required
UKM TYPE -- unencoded data -- IS preferredPresent UKM -- TYPE unencoded data -- IS preferredPresent
SMIME CAPS { TYPE KeyWrapAlgorithm SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme
IDENTIFIED BY mqvSinglePass-sha512kdf-scheme }
} }
mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 15 3 } secg-scheme 15 3 }
-- --
-- Key Wrap Algorithms -- Key Wrap Algorithms
-- --
KeyWrapAlgorithm ::= KeyWrapAlgs KeyWrapAlgorithm ::= KeyWrapAlgs
skipping to change at page 51, line 4 skipping to change at page 50, line 39
} }
mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
secg-scheme 15 3 } secg-scheme 15 3 }
-- --
-- Key Wrap Algorithms -- Key Wrap Algorithms
-- --
KeyWrapAlgorithm ::= KeyWrapAlgs KeyWrapAlgorithm ::= KeyWrapAlgs
KeyWrapAlgs KEY-WRAP ::= { KeyWrapAlgs KEY-WRAP ::= {
kwa-3des | kwa-3des |
kwa-aes128 | kwa-aes128 |
kwa-aes192 | kwa-aes192 |
kwa-aes256, kwa-aes256,
... -- Extensible ... -- Extensible
} }
-- --
-- Content Encryption Algorithms -- Content Encryption Algorithms
-- --
-- Constrains the EnvelopedData EncryptedContentInfo encryptedContent -- Constrains the EnvelopedData EncryptedContentInfo encryptedContent
-- field and the AuthEnvelopedData EncryptedContentInfo -- field and the AuthEnvelopedData EncryptedContentInfo
-- contentEncryptionAlgorithm field -- contentEncryptionAlgorithm field
-- ContentEncryptionAlgorithms CONTENT-ENCRYPTION ::= { -- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= {
-- cea-des-ede3-cbc | -- cea-des-ede3-cbc |
-- cea-aes128-cbc | -- cea-aes128-cbc |
-- cea-aes192-cbc | -- cea-aes192-cbc |
-- cea-aes256-cbc | -- cea-aes256-cbc |
-- cea-aes128-ccm | -- cea-aes128-ccm |
-- cea-aes192-ccm | -- cea-aes192-ccm |
-- cea-aes256-ccm | -- cea-aes256-ccm |
-- cea-aes128-gcm | -- cea-aes128-gcm |
-- cea-aes192-gcm | -- cea-aes192-gcm |
-- cea-aes256-gcm, -- cea-aes256-gcm,
skipping to change at page 52, line 4 skipping to change at page 51, line 31
-- cea-aes192-gcm | -- cea-aes192-gcm |
-- cea-aes256-gcm, -- cea-aes256-gcm,
-- ... -- Extensible -- ... -- Extensible
-- } -- }
-- des-ede3-cbc and aes*-cbc are used with EnvelopedData and -- des-ede3-cbc and aes*-cbc are used with EnvelopedData and
-- EncryptedData -- EncryptedData
-- aes*-ccm are used with AuthEnvelopedData -- aes*-ccm are used with AuthEnvelopedData
-- aes*-gcm are used with AuthEnvelopedData -- aes*-gcm are used with AuthEnvelopedData
-- (where * is 128, 192, and 256) -- (where * is 128, 192, and 256)
-- --
-- Message Authentication Code Algorithms -- Message Authentication Code Algorithms
-- --
-- Constrains the AuthenticatedData -- Constrains the AuthenticatedData
-- MessageAuthenticationCodeAlgorithm field -- MessageAuthenticationCodeAlgorithm field
-- --
-- MessageAuthenticationCodeAlgorithms MAC-ALGORITHM ::= { MessageAuthAlgs MAC-ALGORITHM ::= {
-- maca-hMAC-SHA1 | -- maca-hMAC-SHA1 |
-- maca-hMAC-SHA224 | maca-hMAC-SHA224 |
-- maca-hMAC-SHA256 | maca-hMAC-SHA256 |
-- maca-hMAC-SHA384 | maca-hMAC-SHA384 |
-- maca-hMAC-SHA512, maca-hMAC-SHA512,
-- ... -- Extensible ... -- Extensible
-- } }
maca-hMAC-SHA224 MAC-ALGORITHM ::= {
IDENTIFIER hMAC-SHA1
PARAMS TYPE ARE absent
IS-KEYED-MAC TRUE
SMIME-CAPS cap-hMAC-SHA224
}
id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 8 }
maca-hMAC-SHA256 MAC-ALGORITHM ::= {
IDENTIFIER id-hmacWithSHA256
PARAMS TYPE ARE absent
IS-KEYED-MAC TRUE
SMIME-CAPS cap-hMAC-SHA256
}
id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 9 }
maca-hMAC-SHA384 MAC-ALGORITHM ::= {
IDENTIFIER id-hmacWithSHA384
PARAMS TYPE ARE absent
IS-KEYED-MAC TRUE
SMIME-CAPS cap-hMAC-SHA384
}
id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 10 }
maca-hMAC-SHA512 MAC-ALGORITHM ::= {
IDENTIFIER id-hmacWithSHA512
PARAMS TYPE ARE absent
IS-KEYED-MAC TRUE
SMIME-CAPS cap-hMAC-SHA512
}
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549)
digestAlgorithm(2) 11 }
-- --
-- Originator Public Key Algorithms -- Originator Public Key Algorithms
-- --
-- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey -- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey
-- OriginatorPublicKey algorithm field -- OriginatorPublicKey algorithm field
-- PARAMS are NULL -- PARAMS are NULL
OriginatorPKAlgorithms PUBLIC-KEY ::= { OriginatorPKAlgorithms PUBLIC-KEY ::= {
skipping to change at page 53, line 22 skipping to change at page 54, line 4
-- Any future additions to this CHOICE should be coordinated -- Any future additions to this CHOICE should be coordinated
-- with ANSI X.9. -- with ANSI X.9.
-- Format of KeyAgreeRecipientInfo ukm field when used with -- Format of KeyAgreeRecipientInfo ukm field when used with
-- ECMQV -- ECMQV
MQVuserKeyingMaterial ::= SEQUENCE { MQVuserKeyingMaterial ::= SEQUENCE {
ephemeralPublicKey OriginatorPublicKey, ephemeralPublicKey OriginatorPublicKey,
addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL
} }
-- 'SharedInfo' for input to KDF when using ECDH and ECMQV with -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with
-- EnvelopedData, AuthenticatedData, or AuthEnvelopedData -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData
ECC-CMS-SharedInfo ::= SEQUENCE { ECC-CMS-SharedInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier { KeyWrapAlgorithm }, keyInfo AlgorithmIdentifier { KeyWrapAlgorithm },
entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
suppPubInfo [2] EXPLICIT OCTET STRING suppPubInfo [2] EXPLICIT OCTET STRING
} }
--
-- S/MIME CAPS for algorithms in this document
--
SMimeCAPS SMIME-CAPS ::= {
-- mda-sha1.&smimeCaps |
-- mda-sha224.&smimeCaps |
-- mda-sha256.&smimeCaps |
-- mda-sha384.&smimeCaps |
-- mda-sha512.&smimeCaps |
-- sa-ecdsaWithSHA1.&smimeCaps |
-- sa-ecdsaWithSHA224.&smimeCaps |
-- sa-ecdsaWithSHA256.&smimeCaps |
-- sa-ecdsaWithSHA384.&smimeCaps |
-- sa-ecdsaWithSHA512.&smimeCaps |
kaa-dhSinglePass-stdDH-sha1kdf-scheme.&smimeCaps |
kaa-dhSinglePass-stdDH-sha224kdf-scheme.&smimeCaps |
kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps |
kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps |
kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps |
kaa-dhSinglePass-cofactorDH-sha1kdf-scheme.&smimeCaps |
kaa-dhSinglePass-cofactorDH-sha224kdf-scheme.&smimeCaps |
kaa-dhSinglePass-cofactorDH-sha256kdf-scheme.&smimeCaps |
kaa-dhSinglePass-cofactorDH-sha384kdf-scheme.&smimeCaps |
kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps |
kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps |
kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps |
kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps |
kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps |
kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps |
-- kwa-3des.&smimeCaps |
-- kwa-aes128.&smimeCaps |
-- kwa-aes192.&smimeCaps |
-- kwa-aes256.&smimeCaps |
-- cea-des-ede3-cbc.&smimeCaps |
-- cea-aes128-cbc.&smimeCaps |
-- cea-aes192-cbc.&smimeCaps |
-- cea-aes256-cbc.&smimeCaps |
-- cea-aes128-ccm.&smimeCaps |
-- cea-aes192-ccm.&smimeCaps |
-- cea-aes256-ccm.&smimeCaps |
-- cea-aes128-gcm.&smimeCaps |
-- cea-aes192-gcm.&smimeCaps |
-- cea-aes256-gcm.&smimeCaps |
-- maca-hMAC-SHA1.&smimeCaps |
maca-hMAC-SHA224.&smimeCaps |
maca-hMAC-SHA256.&smimeCaps |
maca-hMAC-SHA384.&smimeCaps |
maca-hMAC-SHA512.&smimeCaps,
... - Extensible
}
cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme
}
cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme }
cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme }
cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme
}
cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= {
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme
}
cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-cofactorDH-sha1kdf-scheme
}
cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-cofactorDH-sha224kdf-scheme
}
cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-cofactorDH-sha256kdf-scheme
}
cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-cofactorDH-sha384kdf-scheme
}
cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY dhSinglePass-cofactorDH-sha512kdf-scheme
}
cap-kaa-mqvSinglePass-sha1kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY mqvSinglePass-sha1kdf-scheme
}
cap-kaa-mqvSinglePass-sha224kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY mqvSinglePass-sha224kdf-scheme
}
cap-kaa-mqvSinglePass-sha256kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY mqvSinglePass-sha256kdf-scheme
}
cap-kaa-mqvSinglePass-sha384kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY mqvSinglePass-sha384kdf-scheme
}
cap-kaa-mqvSinglePass-sha512kdf-scheme SMIME-CAPS ::={
TYPE KeyWrapAlgorithm
IDENTIFIED BY mqvSinglePass-sha512kdf-scheme
}
cap-hMAC-SHA224 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA224 }
cap-hMAC-SHA256 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA256 }
cap-hMAC-SHA384 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA384 }
cap-hMAC-SHA512 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA512 }
END END
Appendix B Changes since RFC 3278 Appendix B Changes since RFC 3278
The following summarizes the changes: The following summarizes the changes:
- Abstract: The basis of the document was changed to refer to NIST - Abstract: The basis of the document was changed to refer to NIST
FIPS 186-3 and SP800-56A. However, to maintain backwards FIPS 186-3 and SP800-56A. However, to maintain backwards
compatibility the Key Derivation Function from ANSI/SEC1 is compatibility the Key Derivation Function from ANSI/SEC1 is
retained. retained.
skipping to change at page 54, line 25 skipping to change at page 57, line 43
- Section 3.1.1: The text was updated to include description of all - Section 3.1.1: The text was updated to include description of all
KeyAgreeRecipientInfo fields. Parameters for id-ecPublicKey KeyAgreeRecipientInfo fields. Parameters for id-ecPublicKey
field changed from NULL to absent or ECParameter. Additional field changed from NULL to absent or ECParameter. Additional
information about ukm was added. information about ukm was added.
- Section 3.2: The sentence describing the advantages of 1-Pass - Section 3.2: The sentence describing the advantages of 1-Pass
ECMQV was rewritten. ECMQV was rewritten.
- Section 3.2.1: The text was updated to include description of all - Section 3.2.1: The text was updated to include description of all
fields. Parameters for id-ecPublicKey field changed from NULL fields. Parameters for id-ecPublicKey field changed from NULL
to absent or ECPoint. to absent or ECParameters.
- Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph - Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph
was reworded. was reworded.
- Section 4.1: The sentences describing the advantages of 1-Pass - Section 4.1: The sentences describing the advantages of 1-Pass
ECMQV was moved to Section 4. ECMQV was moved to Section 4.
- Section 4.1.2: The note about the attack was moved to Section 4. - Section 4.1.2: The note about the attack was moved to Section 4.
- Section 4.2: This section was added to address AuthEnvelopedData - Section 4.2: This section was added to address AuthEnvelopedData
 End of changes. 77 change blocks. 
130 lines changed or deleted 317 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/