draft-ietf-smime-cms-rsa-kem-04.txt   draft-ietf-smime-cms-rsa-kem-05.txt 
S/MIME Working Group J. Randall S/MIME Working Group J. Randall
Internet Draft RSA Internet Draft RSA
Document: draft-ietf-smime-cms-rsa-kem-04.txt B.Kaliski Document: draft-ietf-smime-cms-rsa-kem-05.txt B.Kaliski
Category: Standards EMC Corp. Category: Standards EMC Corp.
Expires: March 2008 September 2007
Use of the RSA-KEM Key Transport Algorithm in CMS Use of the RSA-KEM Key Transport Algorithm in CMS
<draft-ietf-smime-cms-rsa-kem-04.txt> <draft-ietf-smime-cms-rsa-kem-04.txt>
Intellectual Property Intellectual Property
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
skipping to change at page 9, line 38 skipping to change at page 9, line 34
6. Acknowledgments 6. Acknowledgments
This document is one part of a strategy to align algorithm standards This document is one part of a strategy to align algorithm standards
produced by ASC X9, ISO/IEC JTC1 SC27, NIST, and the IETF. We would produced by ASC X9, ISO/IEC JTC1 SC27, NIST, and the IETF. We would
like to thank the members of the ASC X9F1 working group for their like to thank the members of the ASC X9F1 working group for their
contributions to drafts of ANS X9.44 which led to this specification. contributions to drafts of ANS X9.44 which led to this specification.
Our thanks to Russ Housley as well for his guidance and Our thanks to Russ Housley as well for his guidance and
encouragement. We also appreciate the helpful direction we've encouragement. We also appreciate the helpful direction we've
received from Blake Ramsdell and Jim Schaad in bringing this document received from Blake Ramsdell and Jim Schaad in bringing this document
to fruition. to fruition. A special thanks to Magnus Nystrom for his assistance on
Appendix B.
7. Authors' Addresses 7. Authors' Addresses
James Randall James Randall
RSA, The Security Division of EMC RSA, The Security Division of EMC
174 Middlesex Turnpike 174 Middlesex Turnpike
Bedford, MA 01730 Bedford, MA 01730
USA USA
e-mail: jrandall@rsasecurity.com e-mail: jrandall@rsa.com
Burt Kaliski Burt Kaliski
EMC EMC
176 South Street 176 South Street
Hopkinton, MA 01748 Hopkinton, MA 01748
USA USA
e-mail: kaliski_burt@emc.com e-mail: kaliski_burt@emc.com
Appendix A. RSA-KEM Key Transport Algorithm Appendix A. RSA-KEM Key Transport Algorithm
The RSA-KEM Key Transport Algorithm is a one-pass (store-and-forward) The RSA-KEM Key Transport Algorithm is a one-pass (store-and-forward)
mechanism for transporting keying data to a recipient using the mechanism for transporting keying data to a recipient using the
recipient's RSA public key. recipient's RSA public key.
With this type of algorithm, a sender encrypts the keying data using With this type of algorithm, a sender encrypts the keying data using
the recipient's public key to obtain encrypted keying data. The the recipient's public key to obtain encrypted keying data. The
recipient decrypts the encrypted keying data using the recipient's recipient decrypts the encrypted keying data using the recipient's
private key to recover the keying data. private key to recover the keying data.
A.1 Underlying Components A.1 Underlying Components
skipping to change at page 15, line 11 skipping to change at page 15, line 4
symmetric key-wrapping schemes take the role of data encapsulation symmetric key-wrapping schemes take the role of data encapsulation
mechanisms in the RSA-KEM Key Transport Algorithm. ISO/IEC 18033-2 mechanisms in the RSA-KEM Key Transport Algorithm. ISO/IEC 18033-2
allows only three specific data encapsulation mechanisms, not allows only three specific data encapsulation mechanisms, not
including any of these symmetric key-wrapping schemes. However, the including any of these symmetric key-wrapping schemes. However, the
ASN.1 syntax in that document expects that additional algorithms will ASN.1 syntax in that document expects that additional algorithms will
be allowed. be allowed.
B.2 Selected Underlying Components B.2 Selected Underlying Components
B.2.1 Key Derivation Functions B.2.1 Key Derivation Functions
The object identifier for KDF2 (see [ANS X9.44]) is: The object identifier for KDF2 (see [ANS X9.44]) is:
id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) }
The associated parameters identify the underlying hash function. For The associated parameters identify the underlying hash function. For
alignment with ANS X9.44, the hash function MUST be an ASC alignment with ANS X9.44, the hash function MUST be an ASC
X9-approved hash function. However, other hash functions MAY be used X9-approved hash function. However, other hash functions MAY be used
with CMS. with CMS.
kdf2 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF2-HashFunction }} kdf2 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF2-HashFunction }
KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}}
KDF2-HashFunctions ALGORITHM ::= { KDF2-HashFunctions ALGORITHM ::= {
X9-HashFunctions, X9-HashFunctions,
... -- implementations may define other methods ... -- implementations may define other methods
} }
X9-HashFunctions ALGORITHM ::= { X9-HashFunctions ALGORITHM ::= {
sha1 | sha224 | sha256 | sha384 | sha512, sha1 | sha224 | sha256 | sha384 | sha512,
skipping to change at page 16, line 5 skipping to change at page 15, line 47
id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) }
id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) }
id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) }
There has been some confusion over whether the various SHA object There has been some confusion over whether the various SHA object
identifiers have a NULL parameter, or no associated parameters. As identifiers have a NULL parameter, or no associated parameters. As
also discussed in [PKCS1], implementations SHOULD generate algorithm also discussed in [PKCS1], implementations SHOULD generate algorithm
identifiers without parameters, and MUST accept algorithm identifiers identifiers without parameters, and MUST accept algorithm identifiers
either without parameters, or with NULL parameters. either without parameters, or with NULL parameters.
sha1 ALGORITHM ::= {{ OID id-sha1 }} -- NULLParms MUST be sha1 ALGORITHM ::= { OID id-sha1 } -- NULLParms MUST be
sha224 ALGORITHM ::= {{ OID id-sha224 }} -- accepted for these sha224 ALGORITHM ::= { OID id-sha224 } -- accepted for these
sha256 ALGORITHM ::= {{ OID id-sha256 }} -- OIDs sha256 ALGORITHM ::= { OID id-sha256 } -- OIDs
sha384 ALGORITHM ::= {{ OID id-sha384 }} -- "" sha384 ALGORITHM ::= { OID id-sha384 } -- ""
sha512 ALGORITHM ::= {{ OID id-sha512 }} -- "" sha512 ALGORITHM ::= { OID id-sha512 } -- ""
The object identifier for KDF3 (see [ANS X9.44]) is: The object identifier for KDF3 (see [ANS X9.44]) is:
id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) }
The associated parameters identify the underlying hash function. For The associated parameters identify the underlying hash function. For
alignment with the draft ANS X9.44, the hash function MUST be an ASC alignment with the draft ANS X9.44, the hash function MUST be an ASC
X9-approved hash function. (See Note.) However, other hash functions X9-approved hash function. (See Note.) However, other hash functions
MAY be used with CMS. MAY be used with CMS.
kdf3 ALGORITHM ::= {{ OID id-kdf-kdf3 PARMS KDF3-HashFunction }} kdf3 ALGORITHM ::= { OID id-kdf-kdf3 PARMS KDF3-HashFunction }
KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}} KDF3-HashFunction ::= AlgorithmIdentifier { KDF3-HashFunctions }
KDF3-HashFunctions ALGORITHM ::= { KDF3-HashFunctions ALGORITHM ::= {
X9-HashFunctions, X9-HashFunctions,
... -- implementations may define other methods ... -- implementations may define other methods
} }
B.2.2 Symmetric Key-Wrapping Schemes B.2.2 Symmetric Key-Wrapping Schemes
The object identifiers for the AES Key Wrap depends on the size of The object identifiers for the AES Key Wrap depends on the size of
the key encrypting key. There are three object identifiers (see the key encrypting key. There are three object identifiers (see
[AES-WRAP]): [AES-WRAP]):
id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) }
id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) }
id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) }
These object identifiers have no associated parameters. These object identifiers have no associated parameters.
aes128-Wrap ALGORITHM ::= {{ OID id-aes128-wrap }} aes128-Wrap ALGORITHM ::= { OID id-aes128-Wrap }
aes192-Wrap ALGORITHM ::= {{ OID id-aes192-wrap }} aes192-Wrap ALGORITHM ::= { OID id-aes192-Wrap }
aes256-Wrap ALGORITHM ::= {{ OID id-aes256-wrap }} aes256-Wrap ALGORITHM ::= { OID id-aes256-Wrap }
The object identifier for the Triple-DES Key Wrap (see [3DES-WRAP]) The object identifier for the Triple-DES Key Wrap (see [3DES-WRAP])
is is
id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) alg(3) 6 smime(16) alg(3) 6
} }
This object identifier has a NULL parameter. This object identifier has a NULL parameter.
tdes-Wrap ALGORITHM ::= tdes-Wrap ALGORITHM ::=
{{ OID id-alg-CMS3DESwrap PARMS NullParms }} { OID id-alg-CMS3DESwrap PARMS NullParms }
NOTE: As of this writing, the AES Key Wrap and the Triple-DES Key NOTE: As of this writing, the AES Key Wrap and the Triple-DES Key
Wrap are in the process of being approved by ASC X9. Wrap are in the process of being approved by ASC X9.
The object identifiers for the Camillia Key Wrap depends on the size The object identifiers for the Camillia Key Wrap depends on the size
of the key encrypting key. There are three object identifiers: of the key encrypting key. There are three object identifiers:
id-camellia128-Wrap OBJECT IDENTIFIER ::= id-camellia128-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
skipping to change at page 17, line 26 skipping to change at page 17, line 16
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) } camellia192-wrap(3) }
id-camellia256-Wrap OBJECT IDENTIFIER ::= id-camellia256-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) } camellia256-wrap(4) }
These object identifiers have no associated parameters. These object identifiers have no associated parameters.
camellia128-Wrap ALGORITHM ::= {{ OID id-camellia128-wrap }} camellia128-Wrap ALGORITHM ::= { OID id-camellia128-Wrap }
camellia192-Wrap ALGORITHM ::= {{ OID id-camellia192-wrap }} camellia192-Wrap ALGORITHM ::= { OID id-camellia192-Wrap }
camellia256-Wrap ALGORITHM ::= {{ OID id-camellia256-wrap }} camellia256-Wrap ALGORITHM ::= { OID id-camellia256-Wrap }
B.3 ASN.1 module B.3 ASN.1 module
CMS-RSA-KEM CMS-RSA-KEM
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) cms-rsa-kem(21) } [[check]] pkcs-9(9) smime(16) modules(0) cms-rsa-kem(21) }
DEFINITIONS ::=
BEGIN BEGIN
-- EXPORTS ALL -- EXPORTS ALL
-- IMPORTS None -- IMPORTS None
-- Useful types and definitions -- Useful types and definitions
OID ::= OBJECT IDENTIFIER -- alias OID ::= OBJECT IDENTIFIER -- alias
skipping to change at page 18, line 34 skipping to change at page 18, line 29
pkcs-1 OID ::= { pkcs-1 OID ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
} }
-- RSA-KEM Key Transport Algorithm, based on Generic Hybrid Cipher -- RSA-KEM Key Transport Algorithm, based on Generic Hybrid Cipher
id-ac-generic-hybrid OID ::= { id-ac-generic-hybrid OID ::= {
is18033-2 asymmetric-cipher(1) generic-hybrid(2) is18033-2 asymmetric-cipher(1) generic-hybrid(2)
} }
GenericHybridParameters ::= { GenericHybridParameters ::= SEQUENCE {
kem KeyEncapsulationMechanism, kem KeyEncapsulationMechanism,
dem DataEncapsulationMechanism dem DataEncapsulationMechanism
} }
KeyEncapsulationMechanism ::= AlgorithmIdentifier {{KEMAlgorithms}}
KEMAlgorithms ALGORITHM ::= {
... -- Don't know what you want in here
}
id-kem-rsa OID ::= { id-kem-rsa OID ::= {
is18033-2 key-encapsulation-mechanism(2) rsa(4) is18033-2 key-encapsulation-mechanism(2) rsa(4)
} }
RsaKemParameters ::= { RsaKemParameters ::= SEQUENCE {
keyDerivationFunction KeyDerivationFunction, keyDerivationFunction KeyDerivationFunction,
keyLength KeyLength keyLength KeyLength
} }
KeyDerivationFunction ::= AlgorithmIdentifier {{KDFAlgorithms}} KeyDerivationFunction ::= AlgorithmIdentifier {{KDFAlgorithms}}
KDFAlgorithms ALGORITHMS ::= { KDFAlgorithms ALGORITHM ::= {
kdf2 | kdf3, kdf2 | kdf3,
... -- implementations may define other methods ... -- implementations may define other methods
} }
KeyLength ::= INTEGER (1..MAX) KeyLength ::= INTEGER (1..MAX)
DataEncapsulationMechanism ::= AlgorithmIdentifier {{DEMAlgorithms}} DataEncapsulationMechanism ::= AlgorithmIdentifier {{DEMAlgorithms}}
DEMAlgorithms ALGORITHM ::= { DEMAlgorithms ALGORITHM ::= {
X9-SymmetricKeyWrappingSchemes, X9-SymmetricKeyWrappingSchemes |
Camillia-KeyWrappingSchemes, Camillia-KeyWrappingSchemes,
... -- implementations may define other methods ... -- implementations may define other methods
} }
X9-SymmetricKeyWrappingSchemes ALGORITHM ::= { X9-SymmetricKeyWrappingSchemes ALGORITHM ::= {
aes128-Wrap | aes192-Wrap | aes256-Wrap | tdes-Wrap, aes128-Wrap | aes192-Wrap | aes256-Wrap | tdes-Wrap,
... -- allows for future expansion ... -- allows for future expansion
} }
X9-SymmetricKeyWrappingScheme ::=
AlgorithmIdentifier {{ X9-SymmetricKeyWrappingSchemes }}
Camillia-KeyWrappingSchemes ALGORITHM ::= { Camillia-KeyWrappingSchemes ALGORITHM ::= {
camillia128-Wrap | camillia192-Wrap | camillia128-Wrap camellia128-Wrap | camellia192-Wrap | camellia256-Wrap,
... -- allows for future expansion
} }
Camillia-KeyWrappingScheme ::=
AlgorithmIdentifier {{ Camillia-KeyWrappingSchemes }}
-- Key Derivation Functions -- Key Derivation Functions
id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) }
kdf2 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF2-HashFunction }} -- Base arc
x9-44 OID ::= {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-44(44)
}
x9-44-components OID ::= { x9-44 components(1) }
kdf2 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF2-HashFunction }
KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}}
KDF2-HashFunctions ALGORITHM ::= { KDF2-HashFunctions ALGORITHM ::= {
X9-HashFunctions, X9-HashFunctions,
... -- implementations may define other methods ... -- implementations may define other methods
} }
-- id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } -- id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) }
kdf3 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF3-HashFunction }} kdf3 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF3-HashFunction }
KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}} KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}}
KDF3-HashFunctions ALGORITHM ::= { KDF3-HashFunctions ALGORITHM ::= {
X9-HashFunctions, X9-HashFunctions,
... -- implementations may define other methods ... -- implementations may define other methods
} }
-- Hash Functions -- Hash Functions
X9-HashFunctions ALGORITHM ::= { X9-HashFunctions ALGORITHM ::= {
sha1 | sha224 | sha256 | sha384 | sha512, sha1 | sha224 | sha256 | sha384 | sha512,
... -- allows for future expansion ... -- allows for future expansion
skipping to change at page 20, line 4 skipping to change at page 20, line 20
X9-HashFunctions ALGORITHM ::= { X9-HashFunctions ALGORITHM ::= {
sha1 | sha224 | sha256 | sha384 | sha512, sha1 | sha224 | sha256 | sha384 | sha512,
... -- allows for future expansion ... -- allows for future expansion
} }
id-sha1 OID ::= { id-sha1 OID ::= {
iso(1) identified-organization(3) oiw(14) secsig(3) iso(1) identified-organization(3) oiw(14) secsig(3)
algorithms(2) sha1(26) algorithms(2) sha1(26)
} }
id-sha224 OID ::= { nistAlgorithm hashAlgs(2) sha256(4) } id-sha224 OID ::= { nistAlgorithm hashAlgs(2) sha256(4) }
id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) }
id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) }
id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) }
sha1 ALGORITHM ::= {{ OID id-sha1 }} -- NullParms MUST be sha1 ALGORITHM ::= { OID id-sha1 } -- NullParms MUST be
sha224 ALGORITHM ::= {{ OID id-sha224 }} -- accepted for these sha224 ALGORITHM ::= { OID id-sha224 } -- accepted for these
sha256 ALGORITHM ::= {{ OID id-sha256 }} -- OIDs sha256 ALGORITHM ::= { OID id-sha256 } -- OIDs
sha384 ALGORITHM ::= {{ OID id-sha384 }} -- "" sha384 ALGORITHM ::= { OID id-sha384 } -- ""
sha512 ALGORITHM ::= {{ OID id-sha512 }} -- "" sha512 ALGORITHM ::= { OID id-sha512 } -- ""
-- Symmetric Key-Wrapping Schemes -- Symmetric Key-Wrapping Schemes
id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) }
id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) }
id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) }
aes128-Wrap ALGORITHM ::= {{ OID id-aes128-wrap }} aes128-Wrap ALGORITHM ::= { OID id-aes128-Wrap }
aes192-Wrap ALGORITHM ::= {{ OID id-aes192-wrap }} aes192-Wrap ALGORITHM ::= { OID id-aes192-Wrap }
aes256-Wrap ALGORITHM ::= {{ OID id-aes256-wrap }} aes256-Wrap ALGORITHM ::= { OID id-aes256-Wrap }
id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) alg(3) 6 smime(16) alg(3) 6
} }
tdes-Wrap ALGORITHM ::= {{ OID id-alg-CMS3DESwrap PARMS NullParms }} tdes-Wrap ALGORITHM ::= { OID id-alg-CMS3DESwrap PARMS NullParms }
id-camellia128-Wrap OBJECT IDENTIFIER ::= id-camellia128-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) } camellia128-wrap(2) }
id-camellia192-Wrap OBJECT IDENTIFIER ::= id-camellia192-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) } camellia192-wrap(3) }
id-camellia256-Wrap OBJECT IDENTIFIER ::= id-camellia256-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) } camellia256-wrap(4) }
skipping to change at page 20, line 47 skipping to change at page 21, line 14
id-camellia192-Wrap OBJECT IDENTIFIER ::= id-camellia192-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) } camellia192-wrap(3) }
id-camellia256-Wrap OBJECT IDENTIFIER ::= id-camellia256-Wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1) { iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3) algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) } camellia256-wrap(4) }
camellia128-Wrap ALGORITHM ::= {{ OID id-camellia128-wrap }} camellia128-Wrap ALGORITHM ::= { OID id-camellia128-Wrap }
camellia192-Wrap ALGORITHM ::= {{ OID id-camellia192-wrap }} camellia192-Wrap ALGORITHM ::= { OID id-camellia192-Wrap }
camellia256-Wrap ALGORITHM ::= {{ OID id-camellia256-wrap }} camellia256-Wrap ALGORITHM ::= { OID id-camellia256-Wrap }
END
B.4 Examples B.4 Examples
As an example, if the key derivation function is KDF2 based on As an example, if the key derivation function is KDF2 based on
SHA-256 and the symmetric key-wrapping scheme is the AES Key Wrap SHA-256 and the symmetric key-wrapping scheme is the AES Key Wrap
with a 128-bit KEK, the AlgorithmIdentifier for the RSA-KEM Key with a 128-bit KEK, the AlgorithmIdentifier for the RSA-KEM Key
Transport Algorithm will have the following value: Transport Algorithm will have the following value:
SEQUENCE { SEQUENCE {
id-ac-generic-hybrid, -- generic cipher id-ac-generic-hybrid, -- generic cipher
 End of changes. 32 change blocks. 
42 lines changed or deleted 69 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/