draft-ietf-smime-cmsalg-04.txt   draft-ietf-smime-cmsalg-05.txt 
S/MIME Working Group R. Housley S/MIME Working Group R. Housley
Internet Draft RSA Laboratories Internet Draft RSA Laboratories
expires in six months September 2001 expires in six months September 2001
Cryptographic Message Syntax (CMS) Algorithms Cryptographic Message Syntax (CMS) Algorithms
<draft-ietf-smime-cmsalg-04.txt> <draft-ietf-smime-cmsalg-05.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 4, line 14 skipping to change at page 4, line 14
report, but by then many people thought that algorithm parameters report, but by then many people thought that algorithm parameters
were mandatory. Because of this history some implementations encode were mandatory. Because of this history some implementations encode
parameters as a NULL element and others omit them entirely. The parameters as a NULL element and others omit them entirely. The
correct encoding is to omit the parameters field; however, correct encoding is to omit the parameters field; however,
implementations MUST also handle a SHA-1 AlgorithmIdentifier implementations MUST also handle a SHA-1 AlgorithmIdentifier
parameters field which contains a NULL. parameters field which contains a NULL.
The AlgorithmIdentifier parameters field is OPTIONAL. If present, The AlgorithmIdentifier parameters field is OPTIONAL. If present,
the parameters field MUST contain a NULL. Implementations MUST the parameters field MUST contain a NULL. Implementations MUST
accept SHA-1 AlgorithmIdentifiers with absent parameters. accept SHA-1 AlgorithmIdentifiers with absent parameters.
Implementations MUST accept SHA-1 AlgorithmIdentifiers with absent Implementations MUST accept SHA-1 AlgorithmIdentifiers with NULL
parameters. Implementations SHOULD generate SHA-1 parameters. Implementations SHOULD generate SHA-1
AlgorithmIdentifiers with absent parameters. AlgorithmIdentifiers with absent parameters.
2.2 MD5 2.2 MD5
The MD5 digest algorithm is defined in RFC 1321 [MD5]. The algorithm The MD5 digest algorithm is defined in RFC 1321 [MD5]. The algorithm
identifier for MD5 is: identifier for MD5 is:
md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) digestAlgorithm(2) 5 } rsadsi(113549) digestAlgorithm(2) 5 }
skipping to change at page 5, line 48 skipping to change at page 5, line 48
When signing, the DSA algorithm generates two values, commonly called When signing, the DSA algorithm generates two values, commonly called
r and s. To transfer these two values as one signature, they MUST be r and s. To transfer these two values as one signature, they MUST be
encoded using the Dss-Sig-Value type: encoded using the Dss-Sig-Value type:
Dss-Sig-Value ::= SEQUENCE { Dss-Sig-Value ::= SEQUENCE {
r INTEGER, r INTEGER,
s INTEGER } s INTEGER }
3.2 RSA 3.2 RSA
The RSA signature algorithm is defined in RFC 2437 [NEWPKCS#1]. RFC The RSA (PKCS #1 v1.5) signature algorithm is defined in RFC 2437
2437 specifies the use of the RSA signature algorithm with the SHA-1 [NEWPKCS#1]. RFC 2437 specifies the use of the RSA signature
and MD5 message digest algorithms. algorithm with the SHA-1 and MD5 message digest algorithms.
The algorithm identifier for RSA subject public keys in certificates The algorithm identifier for RSA subject public keys in certificates
is: is:
rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
When the rsaEncryption algorithm identifier is used, When the rsaEncryption algorithm identifier is used,
AlgorithmIdentifier parameters field MUST contain NULL. AlgorithmIdentifier parameters field MUST contain NULL.
When the rsaEncryption algorithm identifier is used, the RSA public When the rsaEncryption algorithm identifier is used, the RSA public
key, which is composed of a modulus and a public exponent, MUST be key, which is composed of a modulus and a public exponent, MUST be
encoded using the RSAPublicKey type. The output of this encoding is encoded using the RSAPublicKey type. The output of this encoding is
carried in the certificate subject public key. carried in the certificate subject public key.
RSAPublicKey ::= SEQUENCE { RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n modulus INTEGER, -- n
publicExponent INTEGER } - e publicExponent INTEGER } -- e
CMS implementations that include the RSA (PKCS #1 v1.5) signature CMS implementations that include the RSA (PKCS #1 v1.5) signature
algorithm MUST also implement the SHA-1 message digest algorithm. algorithm MUST also implement the SHA-1 message digest algorithm.
Such implementations SHOULD also support MD5 message digest Such implementations SHOULD also support MD5 message digest
algorithm. algorithm.
The rsaEncryption algorithm identifier is used to identify RSA (PKCS
#1 v1.5) signature values regardless of the message digest algorithm
employed. CMS implementations that include the RSA (PKCS #1 v1.5)
signature algorithm MUST support the rsaEncryption signature value
algorithm identifier, and CMS implementations MAY support RSA (PKCS
#1 v1.5) signature value algorithm identifiers that specify both the
RSA (PKCS #1 v1.5) signature algorithm and the message digest
algorithm.
The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature The algorithm identifier for RSA (PKCS #1 v1.5) with SHA-1 signature
values is: values is:
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 } us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }
The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature
values is: values is:
md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 } us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
When either the sha1WithRSAEncryption algorithm identifier or the When the rsaEncryption, sha1WithRSAEncryption, or
md5WithRSAEncryption algorithm identifier is used, the md5WithRSAEncryption signature value algorithm identifiers are used,
AlgorithmIdentifier parameters field MUST be NULL. the AlgorithmIdentifier parameters field MUST be NULL.
When signing, the RSA algorithm generates a single value, and that When signing, the RSA algorithm generates a single value, and that
value is used directly as the signature value. value is used directly as the signature value.
4 Key Management Algorithms 4 Key Management Algorithms
CMS accommodates the following general key management techniques: key CMS accommodates the following general key management techniques: key
agreement, key transport, previously distributed symmetric key- agreement, key transport, previously distributed symmetric key-
encryption keys, and passwords. encryption keys, and passwords.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/