 1/draftietfsmimecmsalg04.txt 20060205 01:51:21.000000000 +0100
+++ 2/draftietfsmimecmsalg05.txt 20060205 01:51:21.000000000 +0100
@@ 1,18 +1,18 @@
S/MIME Working Group R. Housley
Internet Draft RSA Laboratories
expires in six months September 2001
Cryptographic Message Syntax (CMS) Algorithms

+
Status of this Memo
This document is an InternetDraft and is in full conformance with
all provisions of Section 10 of RFC2026. InternetDrafts are working
documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute
working documents as InternetDrafts.
InternetDrafts are draft documents valid for a maximum of six months
@@ 136,21 +136,21 @@
report, but by then many people thought that algorithm parameters
were mandatory. Because of this history some implementations encode
parameters as a NULL element and others omit them entirely. The
correct encoding is to omit the parameters field; however,
implementations MUST also handle a SHA1 AlgorithmIdentifier
parameters field which contains a NULL.
The AlgorithmIdentifier parameters field is OPTIONAL. If present,
the parameters field MUST contain a NULL. Implementations MUST
accept SHA1 AlgorithmIdentifiers with absent parameters.
 Implementations MUST accept SHA1 AlgorithmIdentifiers with absent
+ Implementations MUST accept SHA1 AlgorithmIdentifiers with NULL
parameters. Implementations SHOULD generate SHA1
AlgorithmIdentifiers with absent parameters.
2.2 MD5
The MD5 digest algorithm is defined in RFC 1321 [MD5]. The algorithm
identifier for MD5 is:
md5 OBJECT IDENTIFIER ::= { iso(1) memberbody(2) us(840)
rsadsi(113549) digestAlgorithm(2) 5 }
@@ 215,62 +215,71 @@
When signing, the DSA algorithm generates two values, commonly called
r and s. To transfer these two values as one signature, they MUST be
encoded using the DssSigValue type:
DssSigValue ::= SEQUENCE {
r INTEGER,
s INTEGER }
3.2 RSA
 The RSA signature algorithm is defined in RFC 2437 [NEWPKCS#1]. RFC
 2437 specifies the use of the RSA signature algorithm with the SHA1
 and MD5 message digest algorithms.
+ The RSA (PKCS #1 v1.5) signature algorithm is defined in RFC 2437
+ [NEWPKCS#1]. RFC 2437 specifies the use of the RSA signature
+ algorithm with the SHA1 and MD5 message digest algorithms.
The algorithm identifier for RSA subject public keys in certificates
is:
rsaEncryption OBJECT IDENTIFIER ::= { iso(1) memberbody(2)
us(840) rsadsi(113549) pkcs(1) pkcs1(1) 1 }
When the rsaEncryption algorithm identifier is used,
AlgorithmIdentifier parameters field MUST contain NULL.
When the rsaEncryption algorithm identifier is used, the RSA public
key, which is composed of a modulus and a public exponent, MUST be
encoded using the RSAPublicKey type. The output of this encoding is
carried in the certificate subject public key.
RSAPublicKey ::= SEQUENCE {
modulus INTEGER,  n
 publicExponent INTEGER }  e
+ publicExponent INTEGER }  e
CMS implementations that include the RSA (PKCS #1 v1.5) signature
algorithm MUST also implement the SHA1 message digest algorithm.
Such implementations SHOULD also support MD5 message digest
algorithm.
+ The rsaEncryption algorithm identifier is used to identify RSA (PKCS
+ #1 v1.5) signature values regardless of the message digest algorithm
+ employed. CMS implementations that include the RSA (PKCS #1 v1.5)
+ signature algorithm MUST support the rsaEncryption signature value
+ algorithm identifier, and CMS implementations MAY support RSA (PKCS
+ #1 v1.5) signature value algorithm identifiers that specify both the
+ RSA (PKCS #1 v1.5) signature algorithm and the message digest
+ algorithm.
+
The algorithm identifier for RSA (PKCS #1 v1.5) with SHA1 signature
values is:
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) memberbody(2)
us(840) rsadsi(113549) pkcs(1) pkcs1(1) 5 }
The algorithm identifier for RSA (PKCS #1 v1.5) with MD5 signature
values is:
md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) memberbody(2)
us(840) rsadsi(113549) pkcs(1) pkcs1(1) 4 }
 When either the sha1WithRSAEncryption algorithm identifier or the
 md5WithRSAEncryption algorithm identifier is used, the
 AlgorithmIdentifier parameters field MUST be NULL.
+ When the rsaEncryption, sha1WithRSAEncryption, or
+ md5WithRSAEncryption signature value algorithm identifiers are used,
+ the AlgorithmIdentifier parameters field MUST be NULL.
When signing, the RSA algorithm generates a single value, and that
value is used directly as the signature value.
4 Key Management Algorithms
CMS accommodates the following general key management techniques: key
agreement, key transport, previously distributed symmetric key
encryption keys, and passwords.