draft-ietf-smime-rfc2630bis-04.txt   draft-ietf-smime-rfc2630bis-05.txt 
S/MIME Working Group R. Housley S/MIME Working Group R. Housley
Internet Draft RSA Laboratories Internet Draft RSA Laboratories
expires in six months September 2001 expires in six months September 2001
Cryptographic Message Syntax Cryptographic Message Syntax
<draft-ietf-smime-rfc2630bis-04.txt> <draft-ietf-smime-rfc2630bis-05.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html
To view the entire list of current Internet-Drafts, please check the To view the entire list of current Internet-Drafts, please check the
"1id-abstracts.txt" listing contained in the Internet-Drafts Shadow "1id-abstracts.txt" listing contained in the Internet-Drafts Shadow
Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern Directories on ftp.is.co.za (Africa), ftp.nordu.net (Northern
Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific Europe), ftp.nis.garr.it (Southern Europe), munnari.oz.au (Pacific
Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast). Rim), ftp.ietf.org (US East Coast), or ftp.isi.edu (US West Coast).
Abstract Abstract
This document describes the Cryptographic Message Syntax (CMS). This This document describes the Cryptographic Message Syntax (CMS). This
skipping to change at page 3, line 16 skipping to change at page 3, line 16
Status of this Memo ................................................ 1 Status of this Memo ................................................ 1
Abstract ........................................................... 1 Abstract ........................................................... 1
Table of Contents .................................................. 3 Table of Contents .................................................. 3
1 Introduction ................................................... 5 1 Introduction ................................................... 5
2 General Overview ............................................... 5 2 General Overview ............................................... 5
3 General Syntax ................................................. 6 3 General Syntax ................................................. 6
4 Data Content Type .............................................. 6 4 Data Content Type .............................................. 6
5 Signed-data Content Type ....................................... 7 5 Signed-data Content Type ....................................... 7
5.1 SignedData Type ........................................... 8 5.1 SignedData Type ........................................... 8
5.2 EncapsulatedContentInfo Type .............................. 9 5.2 EncapsulatedContentInfo Type .............................. 10
5.2.1 Compatibility with PKCS #7 ......................... 10 5.2.1 Compatibility with PKCS #7 ......................... 10
5.3 SignerInfo Type ........................................... 10 5.3 SignerInfo Type ........................................... 12
5.4 Message Digest Calculation Process ........................ 12 5.4 Message Digest Calculation Process ........................ 14
5.5 Message Signature Generation Process ...................... 13 5.5 Message Signature Generation Process ...................... 15
5.6 Message Signature Verification Process .................... 13 5.6 Message Signature Verification Process .................... 15
6 Enveloped-data Content Type .................................... 14 6 Enveloped-data Content Type .................................... 15
6.1 EnvelopedData Type ........................................ 15 6.1 EnvelopedData Type ........................................ 17
6.2 RecipientInfo Type ........................................ 17 6.2 RecipientInfo Type ........................................ 19
6.2.1 KeyTransRecipientInfo Type ......................... 18 6.2.1 KeyTransRecipientInfo Type ......................... 19
6.2.2 KeyAgreeRecipientInfo Type ......................... 19 6.2.2 KeyAgreeRecipientInfo Type ......................... 20
6.2.3 KEKRecipientInfo Type .............................. 21 6.2.3 KEKRecipientInfo Type .............................. 21
6.2.4 PasswordRecipientInfo Type ......................... 22 6.2.4 PasswordRecipientInfo Type ......................... 24
6.2.5 OtherRecipientInfo Type ............................ 22 6.2.5 OtherRecipientInfo Type ............................ 24
6.3 Content-encryption Process ................................ 23 6.3 Content-encryption Process ................................ 25
6.4 Key-encryption Process .................................... 23 6.4 Key-encryption Process .................................... 25
7 Digested-data Content Type ..................................... 24 7 Digested-data Content Type ..................................... 26
8 Encrypted-data Content Type .................................... 25 8 Encrypted-data Content Type .................................... 25
9 Authenticated-data Content Type ................................ 26 9 Authenticated-data Content Type ................................ 28
9.1 AuthenticatedData Type .................................... 26 9.1 AuthenticatedData Type .................................... 28
9.2 MAC Generation ............................................ 28 9.2 MAC Generation ............................................ 30
9.3 MAC Verification .......................................... 29 9.3 MAC Verification .......................................... 31
10 Useful Types ................................................... 30 10 Useful Types ................................................... 32
10.1 Algorithm Identifier Types ............................... 30 10.1 Algorithm Identifier Types ............................... 32
10.1.1 DigestAlgorithmIdentifier ........................ 30 10.1.1 DigestAlgorithmIdentifier ........................ 32
10.1.2 SignatureAlgorithmIdentifier ..................... 30 10.1.2 SignatureAlgorithmIdentifier ..................... 32
10.1.3 KeyEncryptionAlgorithmIdentifier ................. 30 10.1.3 KeyEncryptionAlgorithmIdentifier ................. 32
10.1.4 ContentEncryptionAlgorithmIdentifier ............. 31 10.1.4 ContentEncryptionAlgorithmIdentifier ............. 33
10.1.5 MessageAuthenticationCodeAlgorithm ............... 31 10.1.5 MessageAuthenticationCodeAlgorithm ............... 33
10.1.6 KeyDerivationAlgorithmIdentifier ................. 31 10.1.6 KeyDerivationAlgorithmIdentifier ................. 33
10.2 Other Useful Types ....................................... 31 10.2 Other Useful Types ....................................... 33
10.2.1 CertificateRevocationLists ....................... 31 10.2.1 CertificateRevocationLists ....................... 34
10.2.2 CertificateChoices ............................... 32 10.2.2 CertificateChoices ............................... 34
10.2.3 CertificateSet ................................... 32 10.2.3 CertificateSet ................................... 35
10.2.4 IssuerAndSerialNumber ............................ 33 10.2.4 IssuerAndSerialNumber ............................ 35
10.2.5 CMSVersion ....................................... 33 10.2.5 CMSVersion ....................................... 35
10.2.6 UserKeyingMaterial ............................... 33 10.2.6 UserKeyingMaterial ............................... 35
10.2.7 OtherKeyAttribute ................................ 34 10.2.7 OtherKeyAttribute ................................ 36
11 Useful Attributes .............................................. 34 11 Useful Attributes .............................................. 36
11.1 Content Type ............................................. 34 11.1 Content Type ............................................. 36
11.2 Message Digest ........................................... 35 11.2 Message Digest ........................................... 37
11.3 Signing Time ............................................. 36 11.3 Signing Time ............................................. 38
11.4 Countersignature ......................................... 37 11.4 Countersignature ......................................... 39
Appendix A: CMS ASN.1 Module ...................................... 39 Appendix A: CMS ASN.1 Module ...................................... 41
Appendix B: Version 1 Attribute Certificate ASN.1 Module .......... 46 Appendix B: Version 1 Attribute Certificate ASN.1 Module .......... 47
References ......................................................... 47 References ......................................................... 48
Security Considerations ............................................ 49 Security Considerations ............................................ 49
Acknowledgments .................................................... 51 Acknowledgments .................................................... 51
Author Address ..................................................... 52 Author Address ..................................................... 51
Full Copyright Statement ........................................... 52 Full Copyright Statement ........................................... 52
1 Introduction 1 Introduction
This document describes the Cryptographic Message Syntax (CMS). This This document describes the Cryptographic Message Syntax (CMS). This
syntax is used to digitally sign, digest, authenticate, or encrypt syntax is used to digitally sign, digest, authenticate, or encrypt
arbitrary messages. arbitrary messages.
The CMS describes an encapsulation syntax for data protection. It The CMS describes an encapsulation syntax for data protection. It
supports digital signatures and encryption. The syntax allows supports digital signatures and encryption. The syntax allows
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/