draft-ietf-smime-cms-rsa-kem-04.txt | draft-ietf-smime-cms-rsa-kem-05.txt | |||
---|---|---|---|---|

S/MIME Working Group J. Randall | S/MIME Working Group J. Randall | |||

Internet Draft RSA | Internet Draft RSA | |||

Document: draft-ietf-smime-cms-rsa-kem-04.txt B.Kaliski | Document: draft-ietf-smime-cms-rsa-kem-05.txt B.Kaliski | |||

Category: Standards EMC Corp. | Category: Standards EMC Corp. | |||

Expires: March 2008 September 2007 | ||||

Use of the RSA-KEM Key Transport Algorithm in CMS | Use of the RSA-KEM Key Transport Algorithm in CMS | |||

<draft-ietf-smime-cms-rsa-kem-04.txt> | <draft-ietf-smime-cms-rsa-kem-04.txt> | |||

Intellectual Property | Intellectual Property | |||

By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||

applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||

have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||

aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||

skipping to change at page 9, line 38 | skipping to change at page 9, line 34 | |||

6. Acknowledgments | 6. Acknowledgments | |||

This document is one part of a strategy to align algorithm standards | This document is one part of a strategy to align algorithm standards | |||

produced by ASC X9, ISO/IEC JTC1 SC27, NIST, and the IETF. We would | produced by ASC X9, ISO/IEC JTC1 SC27, NIST, and the IETF. We would | |||

like to thank the members of the ASC X9F1 working group for their | like to thank the members of the ASC X9F1 working group for their | |||

contributions to drafts of ANS X9.44 which led to this specification. | contributions to drafts of ANS X9.44 which led to this specification. | |||

Our thanks to Russ Housley as well for his guidance and | Our thanks to Russ Housley as well for his guidance and | |||

encouragement. We also appreciate the helpful direction we've | encouragement. We also appreciate the helpful direction we've | |||

received from Blake Ramsdell and Jim Schaad in bringing this document | received from Blake Ramsdell and Jim Schaad in bringing this document | |||

to fruition. | to fruition. A special thanks to Magnus Nystrom for his assistance on | |||

Appendix B. | ||||

7. Authors' Addresses | 7. Authors' Addresses | |||

James Randall | James Randall | |||

RSA, The Security Division of EMC | RSA, The Security Division of EMC | |||

174 Middlesex Turnpike | 174 Middlesex Turnpike | |||

Bedford, MA 01730 | Bedford, MA 01730 | |||

USA | USA | |||

e-mail: jrandall@rsasecurity.com | e-mail: jrandall@rsa.com | |||

Burt Kaliski | Burt Kaliski | |||

EMC | EMC | |||

176 South Street | 176 South Street | |||

Hopkinton, MA 01748 | Hopkinton, MA 01748 | |||

USA | USA | |||

e-mail: kaliski_burt@emc.com | e-mail: kaliski_burt@emc.com | |||

Appendix A. RSA-KEM Key Transport Algorithm | Appendix A. RSA-KEM Key Transport Algorithm | |||

The RSA-KEM Key Transport Algorithm is a one-pass (store-and-forward) | The RSA-KEM Key Transport Algorithm is a one-pass (store-and-forward) | |||

mechanism for transporting keying data to a recipient using the | mechanism for transporting keying data to a recipient using the | |||

recipient's RSA public key. | recipient's RSA public key. | |||

With this type of algorithm, a sender encrypts the keying data using | With this type of algorithm, a sender encrypts the keying data using | |||

the recipient's public key to obtain encrypted keying data. The | the recipient's public key to obtain encrypted keying data. The | |||

recipient decrypts the encrypted keying data using the recipient's | recipient decrypts the encrypted keying data using the recipient's | |||

private key to recover the keying data. | private key to recover the keying data. | |||

A.1 Underlying Components | A.1 Underlying Components | |||

skipping to change at page 15, line 11 | skipping to change at page 15, line 4 | |||

symmetric key-wrapping schemes take the role of data encapsulation | symmetric key-wrapping schemes take the role of data encapsulation | |||

mechanisms in the RSA-KEM Key Transport Algorithm. ISO/IEC 18033-2 | mechanisms in the RSA-KEM Key Transport Algorithm. ISO/IEC 18033-2 | |||

allows only three specific data encapsulation mechanisms, not | allows only three specific data encapsulation mechanisms, not | |||

including any of these symmetric key-wrapping schemes. However, the | including any of these symmetric key-wrapping schemes. However, the | |||

ASN.1 syntax in that document expects that additional algorithms will | ASN.1 syntax in that document expects that additional algorithms will | |||

be allowed. | be allowed. | |||

B.2 Selected Underlying Components | B.2 Selected Underlying Components | |||

B.2.1 Key Derivation Functions | B.2.1 Key Derivation Functions | |||

The object identifier for KDF2 (see [ANS X9.44]) is: | The object identifier for KDF2 (see [ANS X9.44]) is: | |||

id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } | id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } | |||

The associated parameters identify the underlying hash function. For | The associated parameters identify the underlying hash function. For | |||

alignment with ANS X9.44, the hash function MUST be an ASC | alignment with ANS X9.44, the hash function MUST be an ASC | |||

X9-approved hash function. However, other hash functions MAY be used | X9-approved hash function. However, other hash functions MAY be used | |||

with CMS. | with CMS. | |||

kdf2 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF2-HashFunction }} | kdf2 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF2-HashFunction } | |||

KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} | KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} | |||

KDF2-HashFunctions ALGORITHM ::= { | KDF2-HashFunctions ALGORITHM ::= { | |||

X9-HashFunctions, | X9-HashFunctions, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

X9-HashFunctions ALGORITHM ::= { | X9-HashFunctions ALGORITHM ::= { | |||

sha1 | sha224 | sha256 | sha384 | sha512, | sha1 | sha224 | sha256 | sha384 | sha512, | |||

skipping to change at page 16, line 5 | skipping to change at page 15, line 47 | |||

id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } | id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } | |||

id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } | id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } | |||

id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } | id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } | |||

There has been some confusion over whether the various SHA object | There has been some confusion over whether the various SHA object | |||

identifiers have a NULL parameter, or no associated parameters. As | identifiers have a NULL parameter, or no associated parameters. As | |||

also discussed in [PKCS1], implementations SHOULD generate algorithm | also discussed in [PKCS1], implementations SHOULD generate algorithm | |||

identifiers without parameters, and MUST accept algorithm identifiers | identifiers without parameters, and MUST accept algorithm identifiers | |||

either without parameters, or with NULL parameters. | either without parameters, or with NULL parameters. | |||

sha1 ALGORITHM ::= {{ OID id-sha1 }} -- NULLParms MUST be | sha1 ALGORITHM ::= { OID id-sha1 } -- NULLParms MUST be | |||

sha224 ALGORITHM ::= {{ OID id-sha224 }} -- accepted for these | sha224 ALGORITHM ::= { OID id-sha224 } -- accepted for these | |||

sha256 ALGORITHM ::= {{ OID id-sha256 }} -- OIDs | sha256 ALGORITHM ::= { OID id-sha256 } -- OIDs | |||

sha384 ALGORITHM ::= {{ OID id-sha384 }} -- "" | sha384 ALGORITHM ::= { OID id-sha384 } -- "" | |||

sha512 ALGORITHM ::= {{ OID id-sha512 }} -- "" | sha512 ALGORITHM ::= { OID id-sha512 } -- "" | |||

The object identifier for KDF3 (see [ANS X9.44]) is: | The object identifier for KDF3 (see [ANS X9.44]) is: | |||

id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } | id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } | |||

The associated parameters identify the underlying hash function. For | The associated parameters identify the underlying hash function. For | |||

alignment with the draft ANS X9.44, the hash function MUST be an ASC | alignment with the draft ANS X9.44, the hash function MUST be an ASC | |||

X9-approved hash function. (See Note.) However, other hash functions | X9-approved hash function. (See Note.) However, other hash functions | |||

MAY be used with CMS. | MAY be used with CMS. | |||

kdf3 ALGORITHM ::= {{ OID id-kdf-kdf3 PARMS KDF3-HashFunction }} | kdf3 ALGORITHM ::= { OID id-kdf-kdf3 PARMS KDF3-HashFunction } | |||

KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}} | KDF3-HashFunction ::= AlgorithmIdentifier { KDF3-HashFunctions } | |||

KDF3-HashFunctions ALGORITHM ::= { | KDF3-HashFunctions ALGORITHM ::= { | |||

X9-HashFunctions, | X9-HashFunctions, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

B.2.2 Symmetric Key-Wrapping Schemes | B.2.2 Symmetric Key-Wrapping Schemes | |||

The object identifiers for the AES Key Wrap depends on the size of | The object identifiers for the AES Key Wrap depends on the size of | |||

the key encrypting key. There are three object identifiers (see | the key encrypting key. There are three object identifiers (see | |||

[AES-WRAP]): | [AES-WRAP]): | |||

id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } | id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } | |||

id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } | id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } | |||

id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } | id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } | |||

These object identifiers have no associated parameters. | These object identifiers have no associated parameters. | |||

aes128-Wrap ALGORITHM ::= {{ OID id-aes128-wrap }} | aes128-Wrap ALGORITHM ::= { OID id-aes128-Wrap } | |||

aes192-Wrap ALGORITHM ::= {{ OID id-aes192-wrap }} | aes192-Wrap ALGORITHM ::= { OID id-aes192-Wrap } | |||

aes256-Wrap ALGORITHM ::= {{ OID id-aes256-wrap }} | aes256-Wrap ALGORITHM ::= { OID id-aes256-Wrap } | |||

The object identifier for the Triple-DES Key Wrap (see [3DES-WRAP]) | The object identifier for the Triple-DES Key Wrap (see [3DES-WRAP]) | |||

is | is | |||

id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { | id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { | |||

iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||

smime(16) alg(3) 6 | smime(16) alg(3) 6 | |||

} | } | |||

This object identifier has a NULL parameter. | This object identifier has a NULL parameter. | |||

tdes-Wrap ALGORITHM ::= | tdes-Wrap ALGORITHM ::= | |||

{{ OID id-alg-CMS3DESwrap PARMS NullParms }} | { OID id-alg-CMS3DESwrap PARMS NullParms } | |||

NOTE: As of this writing, the AES Key Wrap and the Triple-DES Key | NOTE: As of this writing, the AES Key Wrap and the Triple-DES Key | |||

Wrap are in the process of being approved by ASC X9. | Wrap are in the process of being approved by ASC X9. | |||

The object identifiers for the Camillia Key Wrap depends on the size | The object identifiers for the Camillia Key Wrap depends on the size | |||

of the key encrypting key. There are three object identifiers: | of the key encrypting key. There are three object identifiers: | |||

id-camellia128-Wrap OBJECT IDENTIFIER ::= | id-camellia128-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

skipping to change at page 17, line 26 | skipping to change at page 17, line 16 | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia192-wrap(3) } | camellia192-wrap(3) } | |||

id-camellia256-Wrap OBJECT IDENTIFIER ::= | id-camellia256-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia256-wrap(4) } | camellia256-wrap(4) } | |||

These object identifiers have no associated parameters. | These object identifiers have no associated parameters. | |||

camellia128-Wrap ALGORITHM ::= {{ OID id-camellia128-wrap }} | camellia128-Wrap ALGORITHM ::= { OID id-camellia128-Wrap } | |||

camellia192-Wrap ALGORITHM ::= {{ OID id-camellia192-wrap }} | camellia192-Wrap ALGORITHM ::= { OID id-camellia192-Wrap } | |||

camellia256-Wrap ALGORITHM ::= {{ OID id-camellia256-wrap }} | camellia256-Wrap ALGORITHM ::= { OID id-camellia256-Wrap } | |||

B.3 ASN.1 module | B.3 ASN.1 module | |||

CMS-RSA-KEM | CMS-RSA-KEM | |||

{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | |||

pkcs-9(9) smime(16) modules(0) cms-rsa-kem(21) } [[check]] | pkcs-9(9) smime(16) modules(0) cms-rsa-kem(21) } | |||

DEFINITIONS ::= | ||||

BEGIN | BEGIN | |||

-- EXPORTS ALL | -- EXPORTS ALL | |||

-- IMPORTS None | -- IMPORTS None | |||

-- Useful types and definitions | -- Useful types and definitions | |||

OID ::= OBJECT IDENTIFIER -- alias | OID ::= OBJECT IDENTIFIER -- alias | |||

skipping to change at page 18, line 34 | skipping to change at page 18, line 29 | |||

pkcs-1 OID ::= { | pkcs-1 OID ::= { | |||

iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) | iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) | |||

} | } | |||

-- RSA-KEM Key Transport Algorithm, based on Generic Hybrid Cipher | -- RSA-KEM Key Transport Algorithm, based on Generic Hybrid Cipher | |||

id-ac-generic-hybrid OID ::= { | id-ac-generic-hybrid OID ::= { | |||

is18033-2 asymmetric-cipher(1) generic-hybrid(2) | is18033-2 asymmetric-cipher(1) generic-hybrid(2) | |||

} | } | |||

GenericHybridParameters ::= { | GenericHybridParameters ::= SEQUENCE { | |||

kem KeyEncapsulationMechanism, | kem KeyEncapsulationMechanism, | |||

dem DataEncapsulationMechanism | dem DataEncapsulationMechanism | |||

} | } | |||

KeyEncapsulationMechanism ::= AlgorithmIdentifier {{KEMAlgorithms}} | ||||

KEMAlgorithms ALGORITHM ::= { | ||||

... -- Don't know what you want in here | ||||

} | ||||

id-kem-rsa OID ::= { | id-kem-rsa OID ::= { | |||

is18033-2 key-encapsulation-mechanism(2) rsa(4) | is18033-2 key-encapsulation-mechanism(2) rsa(4) | |||

} | } | |||

RsaKemParameters ::= { | RsaKemParameters ::= SEQUENCE { | |||

keyDerivationFunction KeyDerivationFunction, | keyDerivationFunction KeyDerivationFunction, | |||

keyLength KeyLength | keyLength KeyLength | |||

} | } | |||

KeyDerivationFunction ::= AlgorithmIdentifier {{KDFAlgorithms}} | KeyDerivationFunction ::= AlgorithmIdentifier {{KDFAlgorithms}} | |||

KDFAlgorithms ALGORITHMS ::= { | KDFAlgorithms ALGORITHM ::= { | |||

kdf2 | kdf3, | kdf2 | kdf3, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

KeyLength ::= INTEGER (1..MAX) | KeyLength ::= INTEGER (1..MAX) | |||

DataEncapsulationMechanism ::= AlgorithmIdentifier {{DEMAlgorithms}} | DataEncapsulationMechanism ::= AlgorithmIdentifier {{DEMAlgorithms}} | |||

DEMAlgorithms ALGORITHM ::= { | DEMAlgorithms ALGORITHM ::= { | |||

X9-SymmetricKeyWrappingSchemes, | X9-SymmetricKeyWrappingSchemes | | |||

Camillia-KeyWrappingSchemes, | Camillia-KeyWrappingSchemes, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

X9-SymmetricKeyWrappingSchemes ALGORITHM ::= { | X9-SymmetricKeyWrappingSchemes ALGORITHM ::= { | |||

aes128-Wrap | aes192-Wrap | aes256-Wrap | tdes-Wrap, | aes128-Wrap | aes192-Wrap | aes256-Wrap | tdes-Wrap, | |||

... -- allows for future expansion | ... -- allows for future expansion | |||

} | } | |||

X9-SymmetricKeyWrappingScheme ::= | ||||

AlgorithmIdentifier {{ X9-SymmetricKeyWrappingSchemes }} | ||||

Camillia-KeyWrappingSchemes ALGORITHM ::= { | Camillia-KeyWrappingSchemes ALGORITHM ::= { | |||

camillia128-Wrap | camillia192-Wrap | camillia128-Wrap | camellia128-Wrap | camellia192-Wrap | camellia256-Wrap, | |||

... -- allows for future expansion | ||||

} | } | |||

Camillia-KeyWrappingScheme ::= | ||||

AlgorithmIdentifier {{ Camillia-KeyWrappingSchemes }} | ||||

-- Key Derivation Functions | -- Key Derivation Functions | |||

id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } | id-kdf-kdf2 OID ::= { x9-44-components kdf2(1) } | |||

kdf2 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF2-HashFunction }} | -- Base arc | |||

x9-44 OID ::= { | ||||

iso(1) identified-organization(3) tc68(133) country(16) x9(840) | ||||

x9Standards(9) x9-44(44) | ||||

} | ||||

x9-44-components OID ::= { x9-44 components(1) } | ||||

kdf2 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF2-HashFunction } | ||||

KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} | KDF2-HashFunction ::= AlgorithmIdentifier {{KDF2-HashFunctions}} | |||

KDF2-HashFunctions ALGORITHM ::= { | KDF2-HashFunctions ALGORITHM ::= { | |||

X9-HashFunctions, | X9-HashFunctions, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

-- id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } | -- id-kdf-kdf3 OID ::= { x9-44-components kdf3(2) } | |||

kdf3 ALGORITHM ::= {{ OID id-kdf-kdf2 PARMS KDF3-HashFunction }} | kdf3 ALGORITHM ::= { OID id-kdf-kdf2 PARMS KDF3-HashFunction } | |||

KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}} | KDF3-HashFunction ::= AlgorithmIdentifier {{KDF3-HashFunctions}} | |||

KDF3-HashFunctions ALGORITHM ::= { | KDF3-HashFunctions ALGORITHM ::= { | |||

X9-HashFunctions, | X9-HashFunctions, | |||

... -- implementations may define other methods | ... -- implementations may define other methods | |||

} | } | |||

-- Hash Functions | -- Hash Functions | |||

X9-HashFunctions ALGORITHM ::= { | X9-HashFunctions ALGORITHM ::= { | |||

sha1 | sha224 | sha256 | sha384 | sha512, | sha1 | sha224 | sha256 | sha384 | sha512, | |||

... -- allows for future expansion | ... -- allows for future expansion | |||

skipping to change at page 20, line 4 | skipping to change at page 20, line 20 | |||

X9-HashFunctions ALGORITHM ::= { | X9-HashFunctions ALGORITHM ::= { | |||

sha1 | sha224 | sha256 | sha384 | sha512, | sha1 | sha224 | sha256 | sha384 | sha512, | |||

... -- allows for future expansion | ... -- allows for future expansion | |||

} | } | |||

id-sha1 OID ::= { | id-sha1 OID ::= { | |||

iso(1) identified-organization(3) oiw(14) secsig(3) | iso(1) identified-organization(3) oiw(14) secsig(3) | |||

algorithms(2) sha1(26) | algorithms(2) sha1(26) | |||

} | } | |||

id-sha224 OID ::= { nistAlgorithm hashAlgs(2) sha256(4) } | id-sha224 OID ::= { nistAlgorithm hashAlgs(2) sha256(4) } | |||

id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } | id-sha256 OID ::= { nistAlgorithm hashAlgs(2) sha256(1) } | |||

id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } | id-sha384 OID ::= { nistAlgorithm hashAlgs(2) sha384(2) } | |||

id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } | id-sha512 OID ::= { nistAlgorithm hashAlgs(2) sha512(3) } | |||

sha1 ALGORITHM ::= {{ OID id-sha1 }} -- NullParms MUST be | sha1 ALGORITHM ::= { OID id-sha1 } -- NullParms MUST be | |||

sha224 ALGORITHM ::= {{ OID id-sha224 }} -- accepted for these | sha224 ALGORITHM ::= { OID id-sha224 } -- accepted for these | |||

sha256 ALGORITHM ::= {{ OID id-sha256 }} -- OIDs | sha256 ALGORITHM ::= { OID id-sha256 } -- OIDs | |||

sha384 ALGORITHM ::= {{ OID id-sha384 }} -- "" | sha384 ALGORITHM ::= { OID id-sha384 } -- "" | |||

sha512 ALGORITHM ::= {{ OID id-sha512 }} -- "" | sha512 ALGORITHM ::= { OID id-sha512 } -- "" | |||

-- Symmetric Key-Wrapping Schemes | -- Symmetric Key-Wrapping Schemes | |||

id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } | id-aes128-Wrap OID ::= { nistAlgorithm aes(1) aes128-Wrap(5) } | |||

id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } | id-aes192-Wrap OID ::= { nistAlgorithm aes(1) aes192-Wrap(25) } | |||

id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } | id-aes256-Wrap OID ::= { nistAlgorithm aes(1) aes256-Wrap(45) } | |||

aes128-Wrap ALGORITHM ::= {{ OID id-aes128-wrap }} | aes128-Wrap ALGORITHM ::= { OID id-aes128-Wrap } | |||

aes192-Wrap ALGORITHM ::= {{ OID id-aes192-wrap }} | aes192-Wrap ALGORITHM ::= { OID id-aes192-Wrap } | |||

aes256-Wrap ALGORITHM ::= {{ OID id-aes256-wrap }} | aes256-Wrap ALGORITHM ::= { OID id-aes256-Wrap } | |||

id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { | id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { | |||

iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||

smime(16) alg(3) 6 | smime(16) alg(3) 6 | |||

} | } | |||

tdes-Wrap ALGORITHM ::= {{ OID id-alg-CMS3DESwrap PARMS NullParms }} | tdes-Wrap ALGORITHM ::= { OID id-alg-CMS3DESwrap PARMS NullParms } | |||

id-camellia128-Wrap OBJECT IDENTIFIER ::= | id-camellia128-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia128-wrap(2) } | camellia128-wrap(2) } | |||

id-camellia192-Wrap OBJECT IDENTIFIER ::= | id-camellia192-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia192-wrap(3) } | camellia192-wrap(3) } | |||

id-camellia256-Wrap OBJECT IDENTIFIER ::= | id-camellia256-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia256-wrap(4) } | camellia256-wrap(4) } | |||

skipping to change at page 20, line 47 | skipping to change at page 21, line 14 | |||

id-camellia192-Wrap OBJECT IDENTIFIER ::= | id-camellia192-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia192-wrap(3) } | camellia192-wrap(3) } | |||

id-camellia256-Wrap OBJECT IDENTIFIER ::= | id-camellia256-Wrap OBJECT IDENTIFIER ::= | |||

{ iso(1) member-body(2) 392 200011 61 security(1) | { iso(1) member-body(2) 392 200011 61 security(1) | |||

algorithm(1) key-wrap-algorithm(3) | algorithm(1) key-wrap-algorithm(3) | |||

camellia256-wrap(4) } | camellia256-wrap(4) } | |||

camellia128-Wrap ALGORITHM ::= {{ OID id-camellia128-wrap }} | camellia128-Wrap ALGORITHM ::= { OID id-camellia128-Wrap } | |||

camellia192-Wrap ALGORITHM ::= {{ OID id-camellia192-wrap }} | camellia192-Wrap ALGORITHM ::= { OID id-camellia192-Wrap } | |||

camellia256-Wrap ALGORITHM ::= {{ OID id-camellia256-wrap }} | camellia256-Wrap ALGORITHM ::= { OID id-camellia256-Wrap } | |||

END | ||||

B.4 Examples | B.4 Examples | |||

As an example, if the key derivation function is KDF2 based on | As an example, if the key derivation function is KDF2 based on | |||

SHA-256 and the symmetric key-wrapping scheme is the AES Key Wrap | SHA-256 and the symmetric key-wrapping scheme is the AES Key Wrap | |||

with a 128-bit KEK, the AlgorithmIdentifier for the RSA-KEM Key | with a 128-bit KEK, the AlgorithmIdentifier for the RSA-KEM Key | |||

Transport Algorithm will have the following value: | Transport Algorithm will have the following value: | |||

SEQUENCE { | SEQUENCE { | |||

id-ac-generic-hybrid, -- generic cipher | id-ac-generic-hybrid, -- generic cipher | |||

End of changes. 32 change blocks. | ||||

42 lines changed or deleted | | 69 lines changed or added | ||

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |