draft-ietf-smime-aes-alg-06.txt   draft-ietf-smime-aes-alg-07.txt 
S/MIME Working Group J. Schaad S/MIME Working Group J. Schaad
Internet Draft Soaring Hawk Consulting Internet Draft Soaring Hawk Consulting
Document: draft-ietf-smime-aes-alg-06.txt Document: draft-ietf-smime-aes-alg-07.txt
Expires: July 2003 January 2003 Expires: November 2003 May 2003
Use of the AES Encryption Algorithm in CMS Use of the AES Encryption Algorithm in CMS
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. all provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that other
other groups may also distribute working documents as Internet-
Drafts. Internet-Drafts are draft documents valid for a maximum of groups may also distribute working documents as Internet-Drafts.
six months and may be updated, replaced, or obsoleted by other Internet-Drafts are draft documents valid for a maximum of six months
documents at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
Comments or suggestions for improvement may be made on the "ietf- Comments or suggestions for improvement may be made on the "ietf-
smime" mailing list, or directly to the author. smime" mailing list, or directly to the author.
Abstract Abstract
This document specifies the conventions for using the Advanced This document specifies the conventions for using the Advanced
Encryption Standard (AES) algorithm [AES] for encryption with the Encryption Standard (AES) algorithm [AES] for encryption with the
Cryptographic Message Syntax (CMS) [CMS]. Cryptographic Message Syntax (CMS) [CMS].
Conventions used in this document Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
this document are to be interpreted as described in RFC 2119
[MUSTSHOULD]. document are to be interpreted as described in RFC 2119 [MUSTSHOULD].
1 Overview 1 Overview
This document specifies the conventions for using Advanced Encryption This document specifies the conventions for using Advanced Encryption
Standard (AES) content encryption algorithm with the Cryptographic Standard (AES) content encryption algorithm with the Cryptographic
Message Syntax [CMS] enveloped-data and encrypted-data content types. Message Syntax [CMS] enveloped-data and encrypted-data content types.
CMS values are generated using ASN.1 [X.208-88], using the Basic CMS values are generated using ASN.1 [X.208-88], using the Basic
Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules
skipping to change at line 56 skipping to change at line 58
This document specifies the conventions for using Advanced Encryption This document specifies the conventions for using Advanced Encryption
Standard (AES) content encryption algorithm with the Cryptographic Standard (AES) content encryption algorithm with the Cryptographic
Message Syntax [CMS] enveloped-data and encrypted-data content types. Message Syntax [CMS] enveloped-data and encrypted-data content types.
CMS values are generated using ASN.1 [X.208-88], using the Basic CMS values are generated using ASN.1 [X.208-88], using the Basic
Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules
(DER) [X.509-88]. (DER) [X.509-88].
1.1 AES 1.1 AES
Schaad 1 Schaad 1
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
The Advanced Encryption Standard (AES) [AES] was developed to replace The Advanced Encryption Standard (AES) [AES] was developed to replace
DES [DES]. The AES Federal Information Processing Standard (FIPS) DES [DES]. The AES Federal Information Processing Standard (FIPS)
Publication specifies a cryptographic algorithm for use by U.S. Publication specifies a cryptographic algorithm for use by U.S.
Government organizations. However, the AES will also be widely used Government organizations. However, the AES will also be widely used
by organizations, institutions, and individuals outside of the U.S. by organizations, institutions, and individuals outside of the U.S.
Government. Government.
Two researchers who developed and submitted the Rijndael algorithm Two researchers who developed and submitted the Rijndael algorithm
skipping to change at line 118 skipping to change at line 121
AES can be used with the enveloped-data content type using any of the AES can be used with the enveloped-data content type using any of the
following key management techniques defined in [CMS] Section 6. following key management techniques defined in [CMS] Section 6.
1) Key Transport: The AES CEK is uniquely wrapped for each recipient 1) Key Transport: The AES CEK is uniquely wrapped for each recipient
using the recipient's public RSA key and other values. Section 2.2 using the recipient's public RSA key and other values. Section 2.2
provides additional details. provides additional details.
Schaad 2 Schaad 2
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
2) Key Agreement: The AES CEK is uniquely wrapped for each recipient 2) Key Agreement: The AES CEK is uniquely wrapped for each recipient
using a pairwise symmetric key-encryption key (KEK) generated using using a pairwise symmetric key-encryption key (KEK) generated using
an originator's randomly generated private key (ES-DH [DH]) or an originator's randomly generated private key (ES-DH [DH]) or
previously generated private key (SS-DH [DH]), the recipient's public previously generated private key (SS-DH [DH]), the recipient's public
DH key, and other values. Section 2.3 provides additional details. DH key, and other values. Section 2.3 provides additional details.
3) Previously Distributed Symmetric KEK: The AES CEK is wrapped 3) Previously Distributed Symmetric KEK: The AES CEK is wrapped
using a previously distributed symmetric KEK (such as a Mail List using a previously distributed symmetric KEK (such as a Mail List
skipping to change at line 182 skipping to change at line 185
RecipientIdentifier is the CHOICE issuerAndSerialNumber, then the RecipientIdentifier is the CHOICE issuerAndSerialNumber, then the
version MUST be 0. If the RecipientIdentifier is version MUST be 0. If the RecipientIdentifier is
subjectKeyIdentifier, then the version MUST be 2. subjectKeyIdentifier, then the version MUST be 2.
The KeyTransRecipientInfo RecipientIdentifier provides two The KeyTransRecipientInfo RecipientIdentifier provides two
alternatives for specifying the recipient's certificate, and thereby alternatives for specifying the recipient's certificate, and thereby
the recipient's public key. The recipient's certificate MUST contain the recipient's public key. The recipient's certificate MUST contain
a RSA public key. The CEK is encrypted with the recipient's RSA a RSA public key. The CEK is encrypted with the recipient's RSA
Schaad 3 Schaad 3
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
public key. The issuerAndSerialNumber alternative identifies the public key. The issuerAndSerialNumber alternative identifies the
recipient's certificate by the issuer's distinguished name and the recipient's certificate by the issuer's distinguished name and the
certificate serial number; the subjectKeyIdentifier identifies the certificate serial number; the subjectKeyIdentifier identifies the
recipient's certificate by the X.509 subjectKeyIdentifier extension recipient's certificate by the X.509 subjectKeyIdentifier extension
value. value.
The KeyTransRecipientInfo keyEncryptionAlgorithm field specifies the The KeyTransRecipientInfo keyEncryptionAlgorithm field specifies the
key transport algorithm (i.e. RSAES-OAEP [RSA-OAEP]), and the key transport algorithm (i.e. RSAES-OAEP [RSA-OAEP]), and the
associated parameters used to encrypt the CEK for the recipient. associated parameters used to encrypt the CEK for the recipient.
skipping to change at line 239 skipping to change at line 242
No partyAInfo is used. No partyAInfo is used.
Consequently, the input to SHA-1 is: Consequently, the input to SHA-1 is:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ
30 1b 30 1b
30 11 30 11
06 09 60 86 48 01 65 03 04 01 05 ; AES-128 wrap OID 06 09 60 86 48 01 65 03 04 01 05 ; AES-128 wrap OID
Schaad 4 Schaad 4
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
04 04 04 04
00 00 00 01 ; Counter 00 00 00 01 ; Counter
a2 06 a2 06
04 04 04 04
00 00 00 80 ; key length 00 00 00 80 ; key length
And the output is the 32 bytes: And the output is the 32 bytes:
d6 d6 b0 94 c1 02 7a 7d e6 e3 11 72 94 a3 53 64 49 08 50 f9 d6 d6 b0 94 c1 02 7a 7d e6 e3 11 72 94 a3 53 64 49 08 50 f9
skipping to change at line 275 skipping to change at line 278
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
Consequently, the input to first invocation of SHA-1 is: Consequently, the input to first invocation of SHA-1 is:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ
30 5f 30 5f
30 11 30 11
06 09 60 86 48 01 65 03 04 01 2c ; AES-256 wrap OID 06 09 60 86 48 01 65 03 04 01 2d ; AES-256 wrap OID
04 04 04 04
00 00 00 01 ; Counter 00 00 00 01 ; Counter
a0 42 a0 42
04 40 04 40
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 ; partyAInfo 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 ; partyAInfo
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
a2 06 a2 06
04 04 04 04
00 00 01 00 ; key length 00 00 01 00 ; key length
And the output is the 20 bytes: And the output is the 20 bytes:
6f da b9 fa 67 09 30 3e 7e 2f 68 50 29 6f 28 fb 1b a6 4e 2a 88 90 58 5C 4E 28 1A 5C 11 67 CA A5 30 BE D5 9B 32 30 D8 93
The input to second invocation of SHA-1 is: The input to second invocation of SHA-1 is:
00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 ; ZZ
Schaad 5 Schaad 5
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
30 5f 30 5f
30 11 30 11
06 09 60 86 48 01 65 03 04 01 2c ; AES-256 wrap OID 06 09 60 86 48 01 65 03 04 01 2d ; AES-256 wrap OID
04 04 04 04
00 00 00 02 ; Counter 00 00 00 02 ; Counter
a0 42 a0 42
04 40 04 40
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 ; partyAInfo 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 ; partyAInfo
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01 01 23 45 67 89 ab cd ef fe dc ba 98 76 54 32 01
a2 06 a2 06
04 04 04 04
00 00 01 00 ; key length 00 00 01 00 ; key length
And the output is the 20 bytes: And the output is the 20 bytes:
73 36 a5 ae 90 33 31 39 cb 3f 0e 90 cd d8 03 96 66 36 61 b0 CB A8 F9 22 BD 1B 56 A0 71 C9 6F 90 36 C6 04 2C AA 20 94 37
Consequently, Consequently,
K = 6f da b9 fa 67 09 30 3e 7e 2f 68 50 29 6f 28 fb 1b a6 4e 2a K = 88 90 58 5C 4E 28 1A 5C 11 67 CA A5 30 BE D5 9B
73 36 a5 ae 90 33 31 39 cb 3f 0e 90 32 30 D8 93 CB A8 F9 22 BD 1B 56 A0
2.3.2 AES CEK Wrap Process 2.3.2 AES CEK Wrap Process
The AES key wrap algorithm encrypts one AES key in another AES key. The AES key wrap algorithm encrypts one AES key in another AES key.
The algorithm produces an output 64-bits longer than the input AES The algorithm produces an output 64-bits longer than the input AES
CEK, the additional bits are a checksum. The algorithm uses 6*n AES CEK, the additional bits are a checksum. The algorithm uses 6*n AES
encryption/decryption operations where n is number of 64-bit blocks encryption/decryption operations where n is number of 64-bit blocks
in the AES CEK. Full details of the AES key wrap algorithm are in the AES CEK. Full details of the AES key wrap algorithm are
available at [AES-WRAP]. available at [AES-WRAP].
skipping to change at line 354 skipping to change at line 357
length. If different lengths are supported, the KEK MUST be of equal length. If different lengths are supported, the KEK MUST be of equal
or greater length than the CEK. or greater length than the CEK.
2.4 KEKRecipientInfo Fields 2.4 KEKRecipientInfo Fields
This section describes the conventions for using AES with the CMS This section describes the conventions for using AES with the CMS
enveloped-data content type to support previously distributed enveloped-data content type to support previously distributed
symmetric KEKs. When a previously distributed symmetric KEK is used symmetric KEKs. When a previously distributed symmetric KEK is used
to wrap the AES CEK, then the RecipientInfo KEKRecipientInfo CHOICE to wrap the AES CEK, then the RecipientInfo KEKRecipientInfo CHOICE
MUST be used. The methods used to generate and distribute the
Schaad 6 Schaad 6
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
MUST be used. The methods used to generate and distribute the
symmetric KEK are beyond the scope of this document. One possible symmetric KEK are beyond the scope of this document. One possible
method of distributing keys is documented in [SYMKEYDIST]. method of distributing keys is documented in [SYMKEYDIST].
The KEKRecipientInfo fields MUST be populated as specified in [CMS] The KEKRecipientInfo fields MUST be populated as specified in [CMS]
Section 6.2.3, KEKRecipientInfo Type. Section 6.2.3, KEKRecipientInfo Type.
The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST be The KEKRecipientInfo keyEncryptionAlgorithm algorithm field MUST be
one of the OIDs defined in section 2.3.2 indicating that the AES wrap one of the OIDs defined in section 2.3.2 indicating that the AES wrap
function is used to wrap the AES CEK. The KEKRecipientInfo function is used to wrap the AES CEK. The KEKRecipientInfo
skipping to change at line 415 skipping to change at line 418
See [CMS] section 9.1 for the algorithm to determine this value. See [CMS] section 9.1 for the algorithm to determine this value.
The EncryptedData encryptedContentInfo contentEncryptionAlgorithm The EncryptedData encryptedContentInfo contentEncryptionAlgorithm
field MUST specify a symmetric encryption algorithm. Implementations field MUST specify a symmetric encryption algorithm. Implementations
MUST support encryption using AES, but implementations MAY support MUST support encryption using AES, but implementations MAY support
other algorithms as well. other algorithms as well.
The EncryptedData unprotectedAttrs MAY be present. The EncryptedData unprotectedAttrs MAY be present.
Schaad 7 Schaad 7
Use of the AES Algorithm in CMS July 2002 Use of the AES Algorithm in CMS May 2003
4 Algorithm Identifiers and Parameters 4 Algorithm Identifiers and Parameters
This section specified algorithm identifiers for the AES encryption This section specified algorithm identifiers for the AES encryption
algorithm. algorithm.
4.1 AES Algorithm Identifiers and Parameters 4.1 AES Algorithm Identifiers and Parameters
The AES algorithm is defined in [AES]. RSAES-OAEP [RSA-OAEP] MAY be The AES algorithm is defined in [AES]. RSAES-OAEP [RSA-OAEP] MAY be
used to transport AES keys. used to transport AES keys.
skipping to change at line 473 skipping to change at line 477
RFC 2633 [MSG], Section 2.5.2 defines the SMIMECapabilities signed RFC 2633 [MSG], Section 2.5.2 defines the SMIMECapabilities signed
attribute (defined as a SEQUENCE of SMIMECapability SEQUENCEs) to be attribute (defined as a SEQUENCE of SMIMECapability SEQUENCEs) to be
used to specify a partial list of algorithms that the software used to specify a partial list of algorithms that the software
announcing the SMIMECapabilities can support. announcing the SMIMECapabilities can support.
5.1 AES S/MIME Capability Attributes 5.1 AES S/MIME Capability Attributes
If an S/MIME client is required to support symmetric encryption with If an S/MIME client is required to support symmetric encryption with
AES, the capabilities attribute MUST contain the AES object AES, the capabilities attribute MUST contain the AES object
identifier specified above in the category of symmetric algorithms. identifier specified above in the category of symmetric algorithms.
The parameter associated with this object identifier MUST is The parameter with this encoding MUST be absent.
AESSMimeCapability.
Schaad 8
Use of the AES Algorithm in CMS July 2002
AESSMimeCapabilty ::= NULL
The encodings for the mandatory key sizes are: The encodings for the mandatory key sizes are:
Schaad 8
Use of the AES Algorithm in CMS May 2003
Key Size Capability Key Size Capability
128 30 0D 06 09 60 86 48 01 65 03 04 01 02 30 00 128 30 0B 06 09 60 86 48 01 65 03 04 01 02
196 30 0D 06 09 60 86 48 01 65 03 04 01 16 30 00 196 30 0B 06 09 60 86 48 01 65 03 04 01 16
256 30 0D 06 09 60 86 48 01 65 03 04 01 2A 30 00 256 30 0B 06 09 60 86 48 01 65 03 04 01 2A
When a sending agent creates an encrypted message, it has to decide When a sending agent creates an encrypted message, it has to decide
which type of encryption algorithm to use. In general the decision which type of encryption algorithm to use. In general the decision
process involves information obtained from the capabilities lists process involves information obtained from the capabilities lists
included in messages received from the recipient, as well as other included in messages received from the recipient, as well as other
information such as private agreements, user preferences, legal information such as private agreements, user preferences, legal
restrictions, and so on. If users require AES for symmetric restrictions, and so on. If users require AES for symmetric
encryption, the S/MIME clients on both the sending and receiving side encryption, the S/MIME clients on both the sending and receiving side
MUST support it, and it MUST be set in the user preferences. MUST support it, and it MUST be set in the user preferences.
6 Security Considerations 6 Security Considerations
If RSA-OAEP [PKCS#1v2.0] and RSA PKCS #1 v1.5 [PKCS#1v1.5] are both If RSA-OAEP [PKCS#1v2.0] and RSA PKCS #1 v1.5 [PKCS#1v1.5] are both
used to transport the same CEK, then an attacker can still use the used to transport the same CEK, then an attacker can still use the
Bleichenbacher attack against the RSA PKCS #1 v1.5 encrypted key. Bleichenbacher attack against the RSA PKCS #1 v1.5 encrypted key. It
It is generally unadvisable to mix both RSA-OAEP and RSA PKCS#1 v1.5
in the same set of recipients. is generally unadvisable to mix both RSA-OAEP and RSA PKCS#1 v1.5 in
the same set of recipients.
Implementations must protect the RSA private key and the CEK. Implementations must protect the RSA private key and the CEK.
Compromise of the RSA private key may result in the disclosure of all Compromise of the RSA private key may result in the disclosure of all
messages protected with that key. Compromise of the CEK may result messages protected with that key. Compromise of the CEK may result
in disclosure of the associated encrypted content. in disclosure of the associated encrypted content.
The generation of AES CEKs relies on random numbers. The use of The generation of AES CEKs relies on random numbers. The use of
inadequate pseudo-random number generators (PRNGs) to generate these inadequate pseudo-random number generators (PRNGs) to generate these
values can result in little or no security. An attacker may find it values can result in little or no security. An attacker may find it
skipping to change at line 534 skipping to change at line 536
weakest point in an encryption system. This would be the smaller of weakest point in an encryption system. This would be the smaller of
the two key sizes for a brute force attack. the two key sizes for a brute force attack.
Normative References Normative References
AES National Institute of Standards. AES National Institute of Standards.
FIPS Pub 197: Advanced Encryption Standard (AES). FIPS Pub 197: Advanced Encryption Standard (AES).
26 November 2001. 26 November 2001.
CMS Housley, R., "Cryptographic Message Syntax (CMS)", RFC CMS Housley, R., "Cryptographic Message Syntax (CMS)", RFC
Schaad 9
Use of the AES Algorithm in CMS July 2002
3369, August 2002. 3369, August 2002.
AES-WRAP Schaad, J., R. Housley, "Advanced Encryption Standard (AES) AES-WRAP Schaad, J., R. Housley, "Advanced Encryption Standard (AES)
Key Wrap Algorithm", RFC 3394, September 2002 Key Wrap Algorithm", RFC 3394, September 2002
Schaad 9
Use of the AES Algorithm in CMS May 2003
CMSALG Housley, R., "Cryptographic Message Syntax (CMS) CMSALG Housley, R., "Cryptographic Message Syntax (CMS)
Algorithms, RFC 3370, August 2002. Algorithms, RFC 3370, August 2002.
DES National Institute of Standards and Technology. DES National Institute of Standards and Technology.
FIPS Pub 46: Data Encryption Standard. 15 January 1977. FIPS Pub 46: Data Encryption Standard. 15 January 1977.
DH Rescorla, E., Diffie-Hellman Key Agreement Method, RFC DH Rescorla, E., Diffie-Hellman Key Agreement Method, RFC
2631, June 1999. 2631, June 1999.
skipping to change at line 587 skipping to change at line 588
RANDOM Eastlake, D., S. Crocker, and J. Schiller. Randomness RANDOM Eastlake, D., S. Crocker, and J. Schiller. Randomness
Recommendations for Security. RFC 1750. December 1994. Recommendations for Security. RFC 1750. December 1994.
SYMKEYDIST Turner, S. CMS Symmetric Key Management and Distribution. SYMKEYDIST Turner, S. CMS Symmetric Key Management and Distribution.
RFC TDB. Date TBD. RFC TDB. Date TBD.
<draft-ietf-smime-symkeydist-06.txt> <draft-ietf-smime-symkeydist-06.txt>
Acknowledgements Acknowledgements
Schaad 10 This document is the result of contributions from many professionals.
Use of the AES Algorithm in CMS July 2002
This document is the result of contributions from many We appreciate the hard work of all members of the IETF S/MIME Working
professionals. We appreciate the hard work of all members of the
IETF S/MIME Working Group. Group.
Author's Addresses Author's Addresses
Schaad 10
Use of the AES Algorithm in CMS May 2003
Jim Schaad Jim Schaad
Soaring Hawk Consulting Soaring Hawk Consulting
Email: jimsch@exmsft.com Email: jimsch@exmsft.com
Appendix A ASN.1 Module Appendix A ASN.1 Module
CMSAesRsaesOaep {iso(1) member-body(2) us(840) rsadsi(113549) CMSAesRsaesOaep {iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes(19) } pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes(19) }
skipping to change at line 632 skipping to change at line 635
-- AES using CBC-chaining mode for key sizes of 128, 192, 256 -- AES using CBC-chaining mode for key sizes of 128, 192, 256
id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 } id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }
id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 } id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }
id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 } id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }
-- AES-IV is a the parameter for all the above object identifiers. -- AES-IV is a the parameter for all the above object identifiers.
AES-IV ::= OCTET STRING (SIZE(16)) AES-IV ::= OCTET STRING (SIZE(16))
AESSMimeCapability ::= NULL
-- AES Key Wrap Algorithm Identifiers - Parameter is absent -- AES Key Wrap Algorithm Identifiers - Parameter is absent
id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
Schaad 11
Use of the AES Algorithm in CMS July 2002
END END
Schaad 12 Schaad 11
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/