draft-ietf-smime-cmsalg-04.txt | draft-ietf-smime-cmsalg-05.txt | |||
---|---|---|---|---|

S/MIME Working Group R. Housley | S/MIME Working Group R. Housley | |||

Internet Draft RSA Laboratories | Internet Draft RSA Laboratories | |||

expires in six months September 2001 | expires in six months September 2001 | |||

Cryptographic Message Syntax (CMS) Algorithms | Cryptographic Message Syntax (CMS) Algorithms | |||

<draft-ietf-smime-cmsalg-04.txt> | <draft-ietf-smime-cmsalg-05.txt> | |||

Status of this Memo | Status of this Memo | |||

This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||

all provisions of Section 10 of RFC2026. Internet-Drafts are working | all provisions of Section 10 of RFC2026. Internet-Drafts are working | |||

documents of the Internet Engineering Task Force (IETF), its areas, | documents of the Internet Engineering Task Force (IETF), its areas, | |||

and its working groups. Note that other groups may also distribute | and its working groups. Note that other groups may also distribute | |||

working documents as Internet-Drafts. | working documents as Internet-Drafts. | |||

Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||

skipping to change at page 4, line 14 | skipping to change at page 4, line 14 | |||

report, but by then many people thought that algorithm parameters | report, but by then many people thought that algorithm parameters | |||

were mandatory. Because of this history some implementations encode | were mandatory. Because of this history some implementations encode | |||

parameters as a NULL element and others omit them entirely. The | parameters as a NULL element and others omit them entirely. The | |||

correct encoding is to omit the parameters field; however, | correct encoding is to omit the parameters field; however, | |||

implementations MUST also handle a SHA-1 AlgorithmIdentifier | implementations MUST also handle a SHA-1 AlgorithmIdentifier | |||

parameters field which contains a NULL. | parameters field which contains a NULL. | |||

The AlgorithmIdentifier parameters field is OPTIONAL. If present, | The AlgorithmIdentifier parameters field is OPTIONAL. If present, | |||

the parameters field MUST contain a NULL. Implementations MUST | the parameters field MUST contain a NULL. Implementations MUST | |||

accept SHA-1 AlgorithmIdentifiers with absent parameters. | accept SHA-1 AlgorithmIdentifiers with absent parameters. | |||

Implementations MUST accept SHA-1 AlgorithmIdentifiers with absent | Implementations MUST accept SHA-1 AlgorithmIdentifiers with NULL | |||

parameters. Implementations SHOULD generate SHA-1 | parameters. Implementations SHOULD generate SHA-1 | |||

AlgorithmIdentifiers with absent parameters. | AlgorithmIdentifiers with absent parameters. | |||

2.2 MD5 | 2.2 MD5 | |||

The MD5 digest algorithm is defined in RFC 1321 [MD5]. The algorithm | The MD5 digest algorithm is defined in RFC 1321 [MD5]. The algorithm | |||

identifier for MD5 is: | identifier for MD5 is: | |||

md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) | md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) | |||

rsadsi(113549) digestAlgorithm(2) 5 } | rsadsi(113549) digestAlgorithm(2) 5 } | |||

skipping to change at page 5, line 48 | skipping to change at page 5, line 48 | |||

When signing, the DSA algorithm generates two values, commonly called | When signing, the DSA algorithm generates two values, commonly called | |||

r and s. To transfer these two values as one signature, they MUST be | r and s. To transfer these two values as one signature, they MUST be | |||

encoded using the Dss-Sig-Value type: | encoded using the Dss-Sig-Value type: | |||

Dss-Sig-Value ::= SEQUENCE { | Dss-Sig-Value ::= SEQUENCE { | |||

r INTEGER, | r INTEGER, | |||

s INTEGER } | s INTEGER } | |||

3.2 RSA | 3.2 RSA | |||

The RSA signature algorithm is defined in RFC 2437 [NEWPKCS#1]. RFC | The RSA (PKCS #1 v1.5) signature algorithm is defined in RFC 2437 | |||

2437 specifies the use of the RSA signature algorithm with the SHA-1 | [NEWPKCS#1]. RFC 2437 specifies the use of the RSA signature | |||

and MD5 message digest algorithms. | algorithm with the SHA-1 and MD5 message digest algorithms. | |||

The algorithm identifier for RSA subject public keys in certificates | The algorithm identifier for RSA subject public keys in certificates | |||

is: | is: | |||

rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } | us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } | |||

When the rsaEncryption algorithm identifier is used, | When the rsaEncryption algorithm identifier is used, | |||

AlgorithmIdentifier parameters field MUST contain NULL. | AlgorithmIdentifier parameters field MUST contain NULL. | |||

When the rsaEncryption algorithm identifier is used, the RSA public | When the rsaEncryption algorithm identifier is used, the RSA public | |||

key, which is composed of a modulus and a public exponent, MUST be | key, which is composed of a modulus and a public exponent, MUST be | |||

encoded using the RSAPublicKey type. The output of this encoding is | encoded using the RSAPublicKey type. The output of this encoding is | |||

carried in the certificate subject public key. | carried in the certificate subject public key. | |||

RSAPublicKey ::= SEQUENCE { | RSAPublicKey ::= SEQUENCE { | |||

modulus INTEGER, -- n | modulus INTEGER, -- n | |||

publicExponent INTEGER } - e | publicExponent INTEGER } -- e | |||

CMS implementations that include the RSA (PKCS #1 v1.5) signature | CMS implementations that include the RSA (PKCS #1 v1.5) signature | |||

algorithm MUST also implement the SHA-1 message digest algorithm. | algorithm MUST also implement the SHA-1 message digest algorithm. | |||

Such implementations SHOULD also support MD5 message digest | Such implementations SHOULD also support MD5 message digest | |||

algorithm. | algorithm. | |||

The rsaEncryption algorithm identifier is used to identify RSA (PKCS | ||||

#1 v1.5) signature values regardless of the message digest algorithm | ||||

employed. CMS implementations that include the RSA (PKCS #1 v1.5) | ||||

signature algorithm MUST support the rsaEncryption signature value | ||||

algorithm identifier, and CMS implementations MAY support RSA (PKCS | ||||

#1 v1.5) signature value algorithm identifiers that specify both the | ||||

RSA (PKCS #1 v1.5) signature algorithm and the message digest | ||||

algorithm. | ||||

The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature | The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature | |||

values is: | values is: | |||

sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 } | us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 } | |||

The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature | The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature | |||

values is: | values is: | |||

md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) | |||

us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 } | us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 } | |||

When either the sha1WithRSAEncryption algorithm identifier or the | When the rsaEncryption, sha1WithRSAEncryption, or | |||

md5WithRSAEncryption algorithm identifier is used, the | md5WithRSAEncryption signature value algorithm identifiers are used, | |||

AlgorithmIdentifier parameters field MUST be NULL. | the AlgorithmIdentifier parameters field MUST be NULL. | |||

When signing, the RSA algorithm generates a single value, and that | When signing, the RSA algorithm generates a single value, and that | |||

value is used directly as the signature value. | value is used directly as the signature value. | |||

4 Key Management Algorithms | 4 Key Management Algorithms | |||

CMS accommodates the following general key management techniques: key | CMS accommodates the following general key management techniques: key | |||

agreement, key transport, previously distributed symmetric key- | agreement, key transport, previously distributed symmetric key- | |||

encryption keys, and passwords. | encryption keys, and passwords. | |||

End of changes. | ||||

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |