draft-ietf-smime-examples-00.txt   draft-ietf-smime-examples-01.txt 
Internet Draft Editor: Paul Hoffman Internet Draft Editor: Paul Hoffman
draft-ietf-smime-examples-00.txt Internet Mail Consortium draft-ietf-smime-examples-01.txt Internet Mail Consortium
February 25, 1999 June 25, 1999
Expires in six months Expires in six months
Examples of CMS Message Bodies Examples of S/MIME Messages
Status of this memo Status of this memo
Internet-Drafts are working documents of the Internet Engineering Task Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other groups Force (IETF), its areas, and its working groups. Note that other
may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and Internet-Drafts are draft documents valid for a maximum of six months
may be updated, replaced, or obsoleted by other documents at any time. It and may be updated, replaced, or obsoleted by other documents at any
is inappropriate to use Internet- Drafts as reference material or to cite time. It is inappropriate to use Internet- Drafts as reference
them other than as "work in progress." material or to cite them other than as "work in progress."
To view the list Internet-Draft Shadow Directories, see To view the list Internet-Draft Shadow Directories, see
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This document is an Internet-Draft and is in full conformance with all This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026. provisions of Section 10 of RFC2026.
Abstract Abstract
This document gives examples of message bodies formatted using the This document gives examples of message bodies formatted using S/MIME.
Cryptographic Message Syntax (CMS). It includes examples of most or all Specifically, it has examples of Cryptographic Message Syntax (CMS)
common formats; in addition, it gives examples that show common pitfalls in objects, S/MIME messages (including the MIME formatting), and Enhanced
implementing CMS. The purpose of this document is to help increase Security Services for S/MIME (ESS). It includes examples of most or all
interoperability for S/MIME and other protocols that rely on CMS. common CMS and ESS formats; in addition, it gives examples that show
common pitfalls in implementing CMS. The purpose of this document is to
help increase interoperability for S/MIME and other protocols that rely
on CMS.
This draft is being discussed on the 'ietf-smime' mailing list. To join This draft is being discussed on the 'ietf-smime' mailing list. To
the list, send a message to <ietf-smime-request@imc.org> with the single join the list, send a message to <ietf-smime-request@imc.org> with the
word "subscribe" in the body of the message. Also, there is a Web site for single word "subscribe" in the body of the message. Also, there is a
the mailing list at <http://www.imc.org/ietf-smime/>. Web site for the mailing list at <http://www.imc.org/ietf-smime/>.
1. Introduction 1. Introduction
The examples in this document show the structure and format of CMS message The examples in this document show the structure and format of CMS
bodies, as described in [CMS]. They are useful to implementors who use message bodies, as described in [CMS]. They are useful to implementors
protocols that rely on CMS, such as the S/MIME message format who use protocols that rely on CMS, such as the S/MIME message format
protocol [SMIME-MSG]. protocol. There are also examples of simple S/MIME messages [SMIME-MSG]
(including the MIME headers), and ESS messages [SMIME-ESS].
Every example in this document has been checked by two different Every example in this document has been checked by two different
implementors. This strongly indicates (but does not assure) that the implementors. This strongly indicates (but does not assure) that the
examples are correct. All CMS implementors must read the CMS document examples are correct. All CMS implementors must read the CMS document
carefully before implementing from it. No one should use the examples in carefully before implementing from it. No one should use the examples
this document as stand-alone explanations of how to create CMS message in this document as stand-alone explanations of how to create CMS
bodies. message bodies.
This document explicitly does not attempt to cover many PKIX [PKIX] This document explicitly does not attempt to cover many PKIX [PKIX]
examples, nor does it cover any ESS [ESS] examples. Documents with examples examples. Documents with examples of that format may be forthcoming.
of those formats may be forthcoming.
2. Contributions To This Document 2. Contributions To This Document
The examples shown here were created and validated by many different people. The examples shown here were created and validated by many different
In the example listings, there is a tag with the initials of the creator people. In the example listings, there is a tag with the initials of
of the example, and one or more tags for the people who validated the creator of the example, and one or more tags for the people who
the example. validated the example.
Some of the examples are of mis-implementations of CMS. That is, if a Some of the examples are of mis-implementations of CMS and ESS. That
developer reading the CMS specification created a message body that was is, if a developer reading the CMS or ESS specification created a
illegal, and another developer agreed that the mis-reading was potentially message body that was illegal, and another developer agreed that the
a pitfall for later developers, that message body is also included here. mis-reading was potentially a pitfall for later developers, that
To make it clear which examples are bad, they are all put into a message body is also included here. To make it clear which examples are
single section of this document with (hopefully) explicit headings. bad, they are all put into a single section of this document with
(hopefully) explicit headings.
To contribute an implementation of an unimplemented example listed To contribute an implementation of an unimplemented example listed in
in this document, to verify that you got the same results as an example this document, to verify that you got the same results as an example
listed here, or to suggest a new example that should be listed, please listed here, or to suggest a new example that should be listed, please
contact the document author at the address listed near the end of the contact the document author at the address listed near the end of the
document. document.
3. Constants Used in the Examples 3. Constants Used in the Examples
This section defines the data used in the rest of the document. The names This section defines the data used in the rest of the document. The names
of the constants indicate their use. For example, AlicePrivDSSSign is the of the constants indicate their use. For example, AlicePrivDSSSign is the
private part of Alice's DSS signing key. private part of Alice's DSS signing key.
skipping to change at line 110 skipping to change at line 114
The MD5 hash of ExContent is The MD5 hash of ExContent is
9898 cac8 fab7 691f f89d c207 24e7 4a04 9898 cac8 fab7 691f f89d c207 24e7 4a04
The SHA-1 hash of ExContent is The SHA-1 hash of ExContent is
406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48 406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48
3.2 Keys 3.2 Keys
The following keys are needed to create the samples. Note that The following keys are needed to create the samples. Note that
BobPubDHEncrypt and DianePubDHEncrypt do *not* share Diffie-Hellman BobPubDHEncrypt and DianePubDHEncrypt do *not* share Diffie-Hellman
parameters. For the example of a common UKM, the BobPubDHSharedEncrypt and parameters; however, Bob and Erica share Diffie-Hellman parameters.
DianePubDHSharedEncrypt keys are defined in that example.
AlicePrivDSSSign = XXXXX AlicePrivDSSSign = XXXXX
AlicePrivRSASign = XXXXX AlicePrivRSASign = XXXXX
AlicePubDSSSign = XXXXX AlicePubDSSSign = XXXXX
AlicePubRSASign = XXXXX AlicePubRSASign = XXXXX
BobPrivDHEncrypt = XXXXX BobPrivDHEncrypt = XXXXX
BobPrivRSAEncrypt = XXXXX BobPrivRSAEncrypt = XXXXX
BobPubDHEncrypt = XXXXX BobPubDHEncrypt = XXXXX
BobPubRSAEncrypt = XXXXX BobPubRSAEncrypt = XXXXX
CarlPrivDSSSign = XXXXX CarlPrivDSSSign = XXXXX
CarlPrivRSASign = XXXXX CarlPrivRSASign = XXXXX
CarlPubDSSSign = XXXXX CarlPubDSSSign = XXXXX
CarlPubRSASign = XXXXX CarlPubRSASign = XXXXX
DianePubDSSSign = XXXXX DianePubDSSSign = XXXXX
DianePubRSASign = XXXXX DianePubRSASignEncrypt = XXXXX
DianePubDHEncrypt = XXXXX DianePubDHEncrypt = XXXXX
DianePubRSAEncrypt = XXXXX EricaPubDHEncryptBobParam = XXXXX
EricaPrivDHEncryptBobParam = XXXXX
MailListTripleDES = XXXXX MailListTripleDES = XXXXX
MailListRC2 = XXXXX MailListRC2 = XXXXX
3.3 Certificates 3.3 Certificates
AliceDSSSignByCarl = XXXXX AliceDSSSignByCarlNoInherit = XXXXX
AliceRSASignByCarl = XXXXX AliceRSASignByCarl = XXXXX
BobDHEncryptByCarl = XXXXX BobDHEncryptByCarl = XXXXX
CarlDSSSelf = XXXXX CarlDSSSelf = XXXXX
CarlRSASelf = XXXXX CarlRSASelf = XXXXX
DianeDSSSignByCarl = XXXXX DianeDSSSignByCarlInherit = XXXXX
DianeRSASignByCarl = XXXXX DianeDHEncryptByCarl = XXXXX
DianeRSASignEncryptByCarl = XXXXX
EricaDHEncryptByCarl = XXXXX
3.4 CRLs 3.4 CRLs
CarlCRL is a CRL from Carl that contains three revocations. CarlCRL is a CRL from Carl that contains three revocations.
CarlCRL = XXXXX CarlCRL = XXXXX
4. Trivial Examples 4. Trivial Examples
This section covers examples of small CMS types. This section covers examples of small CMS types.
4.1 ContentInfo with Data type, BER 4.1 ContentInfo with Data type, BER
The object is a ContentInfo containing a Data object in BER format that is The object is a ContentInfo containing a Data object in BER format that is
ExContent. ExContent.
XXXXX XXXXX
4.1 ContentInfo with Data type, DER 4.2 ContentInfo with Data type, DER
The object is a ContentInfo containing a Data object in DER format that is The object is a ContentInfo containing a Data object in DER format that is
ExContent. ExContent.
DataTypeDER.bin: DataTypeDER.bin:
XXXXX XXXXX
5. Signed-data 5. Signed-data
5.1 Basic signed content, DSS 5.1 Basic signed content, DSS
A SignedData with no attribute certificates, signed by Alice using DH-DSS, A SignedData with no attribute certificates, signed by Alice using
just her certificate (not Carl's root cert), no CRL. The message is DH-DSS, just her certificate (not Carl's root cert), no CRL. The
ExContent, and is included in the eContent. There are no signed or unsigned message is ExContent, and is included in the eContent. There are no
attributes. signed or unsigned attributes.
XXXXX XXXXX
5.2 Basic signed content, RSA 5.2 Basic signed content, RSA
Same as 5.1, except using RSA signatures. A SignedData with no attribute Same as 5.1, except using RSA signatures. A SignedData with no
certificates, signed by Alice using RSA, just her certificate (not Carl's attribute certificates, signed by Alice using RSA, just her certificate
root cert), no CRL. The message is ExContent, and is included in the (not Carl's root cert), no CRL. The message is ExContent, and is
eContent. There are no signed or unsigned attributes. included in the eContent. There are no signed or unsigned attributes.
XXXXX XXXXX
5.3 Basic signed content, detached content 5.3 Basic signed content, detached content
Same as 5.1, except with no eContent. A SignedData with no attribute Same as 5.1, except with no eContent. A SignedData with no attribute
certificates, signed by Alice using DH-DSS, just her certificate (not certificates, signed by Alice using DH-DSS, just her certificate (not
Carl's root cert), no CRL. The message is ExContent, but the eContent is Carl's root cert), no CRL. The message is ExContent, but the eContent
not included. There are no signed or unsigned attributes. is not included. There are no signed or unsigned attributes.
XXXXX XXXXX
5.4 Fancier signed content 5.4 Fancier signed content
Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and
unsigned attributes (Countersignature by Diane). A SignedData with no unsigned attributes (Countersignature by Diane). A SignedData with no
attribute certificates, signed by Alice using DH-DSS, her certificate and attribute certificates, signed by Alice using DH-DSS, her certificate
Carl's root cert, Carl's DSS CRL. The message is ExContent, and is included and Carl's root cert, Carl's DSS CRL. The message is ExContent, and is
in the eContent. The signed attributes are Content Type, Message Digest and included in the eContent. The signed attributes are Content Type,
Signing Time; the unsigned attributes are XXXXX. Message Digest and Signing Time; the unsigned attributes are XXXXX.
XXXXX XXXXX
5.6 All RSA signed message 5.5 All RSA signed message
Same as 5.2, but includes Carl's RSA root cert (but no CRL). A SignedData Same as 5.2, but includes Carl's RSA root cert (but no CRL). A
with no attribute certificates, signed by Alice using RSA, her certificate SignedData with no attribute certificates, signed by Alice using RSA,
and Carl's root cert, no CRL. The message is ExContent, and is included in her certificate and Carl's root cert, no CRL. The message is ExContent,
the eContent. There are no signed or unsigned attributes. and is included in the eContent. There are no signed or unsigned
attributes.
XXXXX XXXXX
5.7 Multiple signers 5.6 Multiple signers
Similar to 5.1, but the message is also signed by Diane. Two SignedDatas Similar to 5.1, but the message is also signed by Diane. Two
(one for Alice, one for Diane) with no attribute certificates, each signed SignedDatas (one for Alice, one for Diane) with no attribute
using DH-DSS, Alice's and Diane's certificate (not Carl's root cert), no certificates, each signed using DH-DSS, Alice's and Diane's certificate
CRL. The message is ExContent, and is included in the eContent. There are (not Carl's root cert), no CRL. The message is ExContent, and is
no signed or unsigned attributes. included in the eContent. There are no signed or unsigned attributes.
XXXXX XXXXX
5.8 Signing using SKI 5.7 Signing using SKI
Same as 5.1, but the signature uses the SKI instead of the issuer/serial Same as 5.1, but the signature uses the SKI instead of the
number in the cert. A SignedData with no attribute certificates, signed by issuer/serial number in the cert. A SignedData with no attribute
Alice using DH-DSS, just her certificate (not Carl's root cert), identified certificates, signed by Alice using DH-DSS, just her certificate (not
by the SKI, no CRL. The message is ExContent, and is included in the Carl's root cert), identified by the SKI, no CRL. The message is
eContent. There are no signed or unsigned attributes. ExContent, and is included in the eContent. There are no signed or
unsigned attributes.
XXXXX
5.8 S/MIME multipart/signed message
A full S/MIME message, including MIME, that includes the body part from
5.3 and the body containing the content of the message.
XXXXX
5.9 S/MIME application/pkcs7-mime signed message
A full S/MIME message, including MIME, that includes the body part from
5.1.
XXXXX XXXXX
6. Enveloped-data 6. Enveloped-data
6.1 Basic encrypted content, TripleDES and DH 6.1 Basic encrypted content, TripleDES and DH
An EnvelopedData from Alice to Bob of ExContent using TripleDES for An EnvelopedData from Alice to Bob of ExContent using TripleDES for
encrypting and Diffie-Hellman for key management. Does not have a encrypting and Diffie-Hellman for key management. Does not have a
OriginatorInfo or any attributes. OriginatorInfo or any attributes.
XXXXX XXXXX
6.2 Basic encrypted content, TripleDES and RSA 6.2 Basic encrypted content, TripleDES and RSA
Same as 6.1, except with RSA for key management. An EnvelopedData from Same as 6.1, except with RSA for key management. An EnvelopedData from
Alice to Bob of ExContent using TripleDES for encrypting and RSA for key Alice to Bob of ExContent using TripleDES for encrypting and RSA for
management. Does not have a OriginatorInfo or any attributes. key management. Does not have a OriginatorInfo or any attributes.
XXXXX XXXXX
6.3 Basic encrypted content, RC2/40 and RSA 6.3 Basic encrypted content, RC2/40 and RSA
Same as 6.1, except using RC2/40 for encryption and RSA for key management. Same as 6.1, except using RC2/40 for encryption and RSA for key
An EnvelopedData from Alice to Bob of ExContent using RC2/40 for encrypting management. An EnvelopedData from Alice to Bob of ExContent using
and RSA for key management. Does not have a OriginatorInfo or any RC2/40 for encrypting and RSA for key management. Does not have a
attributes. OriginatorInfo or any attributes.
XXXXX XXXXX
6.4 Encrypted content, two recipients, no shared keying material 6.4 Encrypted content, two recipients, no shared keying material
Same as 6.1, except sent to both Bob and Diane. Same as 6.1, except sent to both Bob and Diane. An EnvelopedData from
An EnvelopedData from Alice to Bob and Diane of ExContent using TripleDES for Alice to Bob and Diane of ExContent using TripleDES for encrypting and
encrypting and Diffie-Hellman for key management. Does not have a Diffie-Hellman for key management. Does not have a OriginatorInfo or
OriginatorInfo or any attributes. any attributes.
XXXXX XXXXX
6.5 Encrypted content, two recipients, shared keying material 6.5 Encrypted content, two recipients, shared keying material
Same as 6.4, except using keys that have shared parameters so the result Same as 6.4, except sent to Bob and Erica using keys that have shared
does not include the UKMs. An EnvelopedData from Alice to Bob and Diane of parameters so the result does not include the UKMs. An EnvelopedData
ExContent using TripleDES for encrypting and Diffie-Hellman for key from Alice to Bob and Erica of ExContent using TripleDES for encrypting
management. Does not have a OriginatorInfo or any attributes. Uses and Diffie-Hellman for key management. Does not have a OriginatorInfo
BobPubDHSharedEncrypt and DianePubDHSharedEncrypt for keys. or any attributes. Uses BobPubDHSharedEncrypt and
DianePubDHSharedEncrypt for keys.
BobPubDHSharedEncrypt = XXXXX
DianePubDHSharedEncrypt = XXXXX
XXXXX XXXXX
6.6 Encrypted content, TripleDES and DH, previously-distributed keys 6.6 Encrypted content, TripleDES and DH, previously-distributed keys
Same as 6.1, except sent using a previously-distributed key. Same as 6.1, except sent using a previously-distributed key. An
An EnvelopedData from Alice to Bob of ExContent using TripleDES for EnvelopedData from Alice to Bob of ExContent using TripleDES for
encrypting and Diffie-Hellman for key management, using the encrypting and Diffie-Hellman for key management, using the
MailListTripleDES key. Does not have a MailListTripleDES key. Does not have a OriginatorInfo or any
OriginatorInfo or any attributes. attributes.
XXXXX XXXXX
6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys
Same as 6.1, except sent using a previously-distributed key. Same as 6.1, except sent using a previously-distributed key. An
An EnvelopedData from Alice to Bob of ExContent using TripleDES for EnvelopedData from Alice to Bob of ExContent using TripleDES for
encrypting and RSA for key management, using the encrypting and RSA for key management, using the MailListRC2 key. Does
MailListRC2 key. Does not have a not have a OriginatorInfo or any attributes.
OriginatorInfo or any attributes.
XXXXX
6.8 S/MIME application/pkcs7-mime encrypted message
A full S/MIME message, including MIME, that includes the body part from
6.1.
XXXXX XXXXX
7. Digested-data 7. Digested-data
A DigestedData from Alice to Bob of ExContent using SHA-1. A DigestedData from Alice to Bob of ExContent using SHA-1.
XXXXX XXXXX
8. Encrypted-data 8. Encrypted-data
An EncryptedData from Alice to Bob of ExContent with no An EncryptedData from Alice to Bob of ExContent with no attributes.
attributes.
XXXXX XXXXX
9. Authenticated-data 9. Authenticated-data
9.1 Authenticated data with no autenticated attributes 9.1 Authenticated data with no autenticated attributes
An AutenticatedData from Alice to Bob using XXXXXXXXXX with An AutenticatedData from Alice to Bob using XXXXXXXXXX with no
no authenticated attributes. authenticated attributes.
XXXXX XXXXX
9.2 Authenticated data with autenticated attributes 9.2 Authenticated data with autenticated attributes
An AutenticatedData from Alice to Bob using XXXXXXXXXX with An AutenticatedData from Alice to Bob using XXXXXXXXXX with the
the content-type and message-digest authenticated attributes. content-type and message-digest authenticated attributes.
XXXXX XXXXX
A. References 10. Key Wrapping
[CMS] Cryptographic Message Syntax, draft-ietf-smime-cms. This section shows the steps needed to wrap keys, as described in
section 12.6 of [CMS].
[ESS] Enhanced Security Services for S/MIME, draft-ietf-ietf-ess. 10.1 Wrapping RC2
This example shows how to wrap an RC2 key.
The CEK to be wrapped is
b70a 25fb c9d8 6a86 050c e0d7 11ea d4d9
The hash of the CEK is
0a6f f19f db40 4988
The random value used is
4845 cce7 fd12 50
The CEK initialization vector is
c7d9 0059 b29e 97f7
The KEK is
fd04 fd08 0607 07fb 0003 feff fd02 fe05
The "Pre Encrypt #1" is
10b7 0a25 fbc9 d86a 8605 0ce0 d711 ead4
d9 4845 cce7 fd12 500a 6ff1 9fdb 4049 88
The "Pre Encrypt #2" is
a7f7 1fa3 078a a99f 3299 8eff 9ed7 8cac
b870 ce04 f555 8ce4 6012 9337 59a2 1da0
f797 9eb2 5900 d9c7
The wrapped CEK is
70e6 99fb 5701 f783 3330 fb71 e87c 85a4
20bd c99a f05d 22af 5a0e 48d3 5f31 3898
6cba afb4 b28d 4f35
10.2 Wrapping TripleDES
XXXXX
11. ESS Examples
11.1 ReceiptRequest
Alice asks Bob for a reciept on the message in 5.1.
XXXXX
11.2 Receipt
Bob gives Alice a receipt for the message in 11.1.
XXXXX
11.3 eSSSecurityLabel
Alice includes a security label in the message in 5.1.
XXXXX
11.4 EquivalentLabels
Alice uses an EquivalentLabels in the message in 11.3.
XXXXX
11.5 mlExpansionHistory
The mailing list sends a message with a mlExpansionHistory attribute.
XXXXX
11.6 SigningCertificate
Alice uses a SigningCertificate attribute in the message in 5.1.
XXXXX
12. Security Considerations
Because this document shows examples of S/MIME, CMS, and ESS messages,
this document also inherits all of the security considerations from
[SMIME-MSG], [CMS], and [SMIME-ESS].
The Perl script in Appendix B writes to the user's local hard drive. A
malicious attacker could modify the Perl script in this document. Be
sure to read the Perl code carefully before executing it.
A. References
[CMS] Cryptographic Message Syntax, RFC 2630.
[PKIX] PKIX Certificate and CRL Profile, RFC 2459. [PKIX] PKIX Certificate and CRL Profile, RFC 2459.
[SMIME-MSG] S/MIME Version 3 Message Specification. [SMIME-MSG] S/MIME Version 3 Message Specification. RFC 2633.
draft-ietf-smime-msg.
[SMIME-ESS] Enhanced Security Services for S/MIME, RFC 2634.
B. Binaries of the Examples B. Binaries of the Examples
This section contains the binaries of the examples shown in the rest of This section contains the binaries of the examples shown in the rest of
the document. The binaries are stored in a modified Base64 format. There is the document. The binaries are stored in a modified Base64 format.
a Perl program that, when run over the contents of this document, will There is a Perl program that, when run over the contents of this
extract the following binaries and write them out to disk. The program document, will extract the following binaries and write them out to
works with Perl for Unix and Windows 95/98/NT (and possibly Macintosh). disk. The program works with Perl for Unix and Windows 95/98/NT (and
possibly Macintosh).
B.1 How the binaries and extractor works B.1 How the binaries and extractor works
The program in the next section looks for lines that begin with a '|' The program in the next section looks for lines that begin with a '|'
character (or some whitespace followed by a '|'), ignoring all other lines. character (or some whitespace followed by a '|'), ignoring all other
If the line begins with '|', the second character tells what kind of line lines. If the line begins with '|', the second character tells what
it is: kind of line it is:
|* is a comment A line that begins with |* is a comment
|> gives the name of a new file to start A line that begins with |> gives the name of a new file to start
|< tells to end the file (and checks the file name for sanity) A line that begins with |< tells to end the file (and checks the
|anythingelse is a Base64 line file name for sanity)
A line that begins with |anythingelse is a Base64 line
The program writes out a series of files, so you should run this in an The program writes out a series of files, so you should run this in an
empty directory. The program will overwrite files (if it can), but won't empty directory. The program will overwrite files (if it can), but won't
delete other files already in the directory. delete other files already in the directory.
Run this program with this document as the standard input, such as: Run this program with this document as the standard input, such as:
extractsample <draft-ietf-smime-examples extractsample <draft-ietf-smime-examples
If you want to extract without the program, copy all the lines between If you want to extract without the program, copy all the lines between
the "|>" and "|<" markers, remove any page breaks, and remove the "|" the "|>" and "|<" markers, remove any page breaks, and remove the "|"
skipping to change at line 458 skipping to change at line 574
$Upper4 = ($ThisVal & 60); $Upper4 = ($ThisVal & 60);
$OutString .= chr($LeftOver + ($Upper4/4)); $OutString .= chr($LeftOver + ($Upper4/4));
$LeftOver = (($ThisVal - $Upper4) * 64); $LeftOver = (($ThisVal - $Upper4) * 64);
$NextPos = 2; $NextPos = 2;
} elsif ($NextPos == 6) { } elsif ($NextPos == 6) {
# Add upper 2 bits of $ThisVal to $LeftOver and output # Add upper 2 bits of $ThisVal to $LeftOver and output
$Upper2 = ($ThisVal & 48); $Upper2 = ($ThisVal & 48);
$OutString .= chr($LeftOver + ($Upper2/16)); $OutString .= chr($LeftOver + ($Upper2/16));
$LeftOver = (($ThisVal - $Upper2) * 16); $LeftOver = (($ThisVal - $Upper2) * 16);
$NextPos = 4; $NextPos = 4;
} else { die "\$NextPos has an illegal value." } } else { die "\$NextPos has an illegal value: $NextPos." }
} }
} }
B.3 Examples by section B.3 Examples by section
B.3.1 Examples from section 3.1 B.3.1 Examples from section 3.1
|* ExContent is just the message; creator: [PH] |* ExContent is just the message; creator: [PH]
|>ExContent.bin |>ExContent.bin
|VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg== |VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg==
skipping to change at line 484 skipping to change at line 600
|>AlicePrivDSSSign.key |>AlicePrivDSSSign.key
|blablahblah |blablahblah
|moreblahblahblah |moreblahblahblah
|<AlicePrivDSSSign.key |<AlicePrivDSSSign.key
|>AlicePrivRSASign.key |>AlicePrivRSASign.key
|BlablahblaH |BlablahblaH
|MoreblahblahBlah |MoreblahblahBlah
|<AlicePrivRSASign.key |<AlicePrivRSASign.key
. . . . . .
B.10.1 Examples from section 10.1
|* The CEK to be wrapped
|>RC2CEK.bin
|<RC2CEK.bin
|* The hash of the CEK
|>RC2CEKHash.bin
|<RC2CEKHash.bin
|* The random value used
|>RC2Rand.bin
|<RC2Rand.bin
|* The CEK initialization vector
|>RC2CEKIV.bin
|<RC2CEKIV.bin
|* The KEK
|>RC2KEK.bin
|<RC2KEK.bin
|* The "Pre Encrypt #1"
|>RC2Pre1.bin
|<RC2Pre1.bin
|* The "Pre Encrypt #2"
|>RC2Pre2.bin
|<RC2Pre2.bin
|* The wrapped CEK
|>RC2Wrapped.bin
|<RC2Wrapped.bin
C. Acknowledgments C. Acknowledgments
The following people contributed ideas and/or examples to this document. The following people contributed ideas and/or examples to this
They are listed by their real names, with the initials used in the examples document. They are listed by their real names, with the initials used
after their names. in the examples after their names.
Blake Ramsdell [BR] Blake Ramsdell [BR]
Paul Hoffman [PH] Paul Hoffman [PH]
Jim Schaad [JS] Jim Schaad [JS]
. . . . . .
The examples are displayed with a modified version of Peter Gutmann's The examples are displayed with a modified version of Peter Gutmann's
"dumpasn1" program. "dumpasn1" program.
D. Editor's Address D. Differences between -00 and -01
Title, Abstract, Intro: Added examples of S/MIME messages (including
the MIME) and ESS messages to the general description.
3.2: Changed Diane's RSA key to be for both signing and encrypting.
Added Erica's DH keys, which share Bob's parameters.
3.3: Changed Alice's DSS cert to explicitly not inherit Carl's DSS
parameters. Changed Diane's DSS cert to explicitly inherit Carl's DSS
parameters. Changed Diane's RSA cert to be for both signing and
encrypting. Gave Erica a DH cert.
5.6, 5.7, 5.8: Renumbered to 5.5, 5.6, 5.7.
5.8, 5.9: New examples of signed S/MIME messages.
6.4: Removed the keys that were used in only that section.
6.8: New example of encrypted S/MIME message.
10: Added entire section.
11: Added entire section.
12: Added entire section.
E. Editor's Address
Paul Hoffman Paul Hoffman
Internet Mail Consortium Internet Mail Consortium
127 Segre Place 127 Segre Place
Santa Cruz, CA 95060 USA Santa Cruz, CA 95060 USA
phoffman@imc.org phoffman@imc.org
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/