draft-ietf-smime-rfc2630bis-07.txt   draft-ietf-smime-rfc2630bis-08.txt 
S/MIME Working Group R. Housley S/MIME Working Group R. Housley
Internet Draft RSA Laboratories Internet Draft RSA Laboratories
expires in six months February 2002 expires in six months April 2002
Will Obsolete: RFC 2630 and RFC 3211 Obsoletes: RFC 2630 and RFC 3211
Cryptographic Message Syntax Cryptographic Message Syntax
<draft-ietf-smime-rfc2630bis-07.txt> <draft-ietf-smime-rfc2630bis-08.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 2, line 20 skipping to change at page 2, line 20
1 Introduction ................................................... 4 1 Introduction ................................................... 4
1.1 Changes Since RFC 2630 .................................... 4 1.1 Changes Since RFC 2630 .................................... 4
1.2 Terminology ............................................... 5 1.2 Terminology ............................................... 5
2 General Overview ............................................... 5 2 General Overview ............................................... 5
3 General Syntax ................................................. 6 3 General Syntax ................................................. 6
4 Data Content Type .............................................. 6 4 Data Content Type .............................................. 6
5 Signed-data Content Type ....................................... 7 5 Signed-data Content Type ....................................... 7
5.1 SignedData Type ........................................... 8 5.1 SignedData Type ........................................... 8
5.2 EncapsulatedContentInfo Type .............................. 9 5.2 EncapsulatedContentInfo Type .............................. 9
5.2.1 Compatibility with PKCS #7 ......................... 10 5.2.1 Compatibility with PKCS #7 ......................... 10
5.3 SignerInfo Type ........................................... 11 5.3 SignerInfo Type ........................................... 12
5.4 Message Digest Calculation Process ........................ 13 5.4 Message Digest Calculation Process ........................ 14
5.5 Signature Generation Process .............................. 14 5.5 Signature Generation Process .............................. 15
5.6 Signature Verification Process ............................ 15 5.6 Signature Verification Process ............................ 15
6 Enveloped-data Content Type .................................... 15 6 Enveloped-data Content Type .................................... 15
6.1 EnvelopedData Type ........................................ 16 6.1 EnvelopedData Type ........................................ 17
6.2 RecipientInfo Type ........................................ 19 6.2 RecipientInfo Type ........................................ 19
6.2.1 KeyTransRecipientInfo Type ......................... 19 6.2.1 KeyTransRecipientInfo Type ......................... 20
6.2.2 KeyAgreeRecipientInfo Type ......................... 20 6.2.2 KeyAgreeRecipientInfo Type ......................... 21
6.2.3 KEKRecipientInfo Type .............................. 23 6.2.3 KEKRecipientInfo Type .............................. 23
6.2.4 PasswordRecipientInfo Type ......................... 24 6.2.4 PasswordRecipientInfo Type ......................... 24
6.2.5 OtherRecipientInfo Type ............................ 24 6.2.5 OtherRecipientInfo Type ............................ 25
6.3 Content-encryption Process ................................ 25 6.3 Content-encryption Process ................................ 25
6.4 Key-encryption Process .................................... 25 6.4 Key-encryption Process .................................... 26
7 Digested-data Content Type ..................................... 25 7 Digested-data Content Type ..................................... 26
8 Encrypted-data Content Type .................................... 27 8 Encrypted-data Content Type .................................... 27
9 Authenticated-data Content Type ................................ 27 9 Authenticated-data Content Type ................................ 28
9.1 AuthenticatedData Type .................................... 28 9.1 AuthenticatedData Type .................................... 29
9.2 MAC Generation ............................................ 30 9.2 MAC Generation ............................................ 30
9.3 MAC Verification .......................................... 31 9.3 MAC Verification .......................................... 31
10 Useful Types ................................................... 32 10 Useful Types ................................................... 32
10.1 Algorithm Identifier Types ............................... 32 10.1 Algorithm Identifier Types ............................... 32
10.1.1 DigestAlgorithmIdentifier ........................ 32 10.1.1 DigestAlgorithmIdentifier ........................ 32
10.1.2 SignatureAlgorithmIdentifier ..................... 32 10.1.2 SignatureAlgorithmIdentifier ..................... 32
10.1.3 KeyEncryptionAlgorithmIdentifier ................. 32 10.1.3 KeyEncryptionAlgorithmIdentifier ................. 33
10.1.4 ContentEncryptionAlgorithmIdentifier ............. 33 10.1.4 ContentEncryptionAlgorithmIdentifier ............. 33
10.1.5 MessageAuthenticationCodeAlgorithm ............... 33 10.1.5 MessageAuthenticationCodeAlgorithm ............... 33
10.1.6 KeyDerivationAlgorithmIdentifier ................. 33 10.1.6 KeyDerivationAlgorithmIdentifier ................. 34
10.2 Other Useful Types ....................................... 33 10.2 Other Useful Types ....................................... 34
10.2.1 CertificateRevocationLists ....................... 33 10.2.1 CertificateRevocationLists ....................... 33
10.2.2 CertificateChoices ............................... 34 10.2.2 CertificateChoices ............................... 34
10.2.3 CertificateSet ................................... 34 10.2.3 CertificateSet ................................... 35
10.2.4 IssuerAndSerialNumber ............................ 35 10.2.4 IssuerAndSerialNumber ............................ 35
10.2.5 CMSVersion ....................................... 35 10.2.5 CMSVersion ....................................... 36
10.2.6 UserKeyingMaterial ............................... 35 10.2.6 UserKeyingMaterial ............................... 36
10.2.7 OtherKeyAttribute ................................ 35 10.2.7 OtherKeyAttribute ................................ 36
11 Useful Attributes .............................................. 36 11 Useful Attributes .............................................. 36
11.1 Content Type ............................................. 36 11.1 Content Type ............................................. 36
11.2 Message Digest ........................................... 37 11.2 Message Digest ........................................... 37
11.3 Signing Time ............................................. 38 11.3 Signing Time ............................................. 38
11.4 Countersignature ......................................... 39 11.4 Countersignature ......................................... 39
12 ASN.1 Modules .................................................. 40 12 ASN.1 Modules .................................................. 40
12.1 CMS ASN.1 Module ......................................... 41 12.1 CMS ASN.1 Module ......................................... 41
12.2 Version 1 Attribute Certificate ASN.1 Module ............. 46 12.2 Version 1 Attribute Certificate ASN.1 Module ............. 47
13 References ..................................................... 48 13 References ..................................................... 48
14 Security Considerations ........................................ 49 14 Security Considerations ........................................ 50
15 Acknowledgments ................................................ 51 15 Acknowledgments ................................................ 52
16 Author Address ................................................. 51 16 Author Address ................................................. 52
17 Full Copyright Statement ....................................... 52 17 Full Copyright Statement ....................................... 52
1 Introduction 1 Introduction
This document describes the Cryptographic Message Syntax (CMS). This This document describes the Cryptographic Message Syntax (CMS). This
syntax is used to digitally sign, digest, authenticate, or encrypt syntax is used to digitally sign, digest, authenticate, or encrypt
arbitrary message content. arbitrary message content.
The CMS describes an encapsulation syntax for data protection. It The CMS describes an encapsulation syntax for data protection. It
supports digital signatures and encryption. The syntax allows supports digital signatures and encryption. The syntax allows
skipping to change at page 6, line 48 skipping to change at page 6, line 48
id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
The data content type is intended to refer to arbitrary octet The data content type is intended to refer to arbitrary octet
strings, such as ASCII text files; the interpretation is left to the strings, such as ASCII text files; the interpretation is left to the
application. Such strings need not have any internal structure application. Such strings need not have any internal structure
(although they could have their own ASN.1 definition or other (although they could have their own ASN.1 definition or other
structure). structure).
S/MIME uses id-data to identify MIME encoded content. The use of
this content identifier is specified in RFC 2311 for S/MIME v2
[OLDMSG] and RFC 2633 for S/MIME v3 [MSG].
The data content type is generally encapsulated in the signed-data, The data content type is generally encapsulated in the signed-data,
enveloped-data, digested-data, encrypted-data, or authenticated-data enveloped-data, digested-data, encrypted-data, or authenticated-data
content type. content type.
5 Signed-data Content Type 5 Signed-data Content Type
The signed-data content type consists of a content of any type and The signed-data content type consists of a content of any type and
zero or more signature values. Any number of signers in parallel can zero or more signature values. Any number of signers in parallel can
sign any type of content. sign any type of content.
skipping to change at page 24, line 12 skipping to change at page 24, line 27
information used by the recipient to determine the key-encryption information used by the recipient to determine the key-encryption
key used by the sender. key used by the sender.
6.2.4 PasswordRecipientInfo Type 6.2.4 PasswordRecipientInfo Type
Recipient information using a password or shared secret value is Recipient information using a password or shared secret value is
represented in the type PasswordRecipientInfo. Each instance of represented in the type PasswordRecipientInfo. Each instance of
PasswordRecipientInfo will transfer the content-encryption key to one PasswordRecipientInfo will transfer the content-encryption key to one
or more recipients who possess the password or shared secret value. or more recipients who possess the password or shared secret value.
The PasswordRecipientInfo Type is specified in RFC <TBD> [PWRI]. The The PasswordRecipientInfo Type is specified in RFC 3211 [PWRI]. The
PasswordRecipientInfo structure is repeated here for completeness. PasswordRecipientInfo structure is repeated here for completeness.
PasswordRecipientInfo ::= SEQUENCE { PasswordRecipientInfo ::= SEQUENCE {
version CMSVersion, -- Always set to 0 version CMSVersion, -- Always set to 0
keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
OPTIONAL, OPTIONAL,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey } encryptedKey EncryptedKey }
The fields of type PasswordRecipientInfo have the following meanings: The fields of type PasswordRecipientInfo have the following meanings:
skipping to change at page 33, line 33 skipping to change at page 34, line 7
The MessageAuthenticationCodeAlgorithm type identifies a message The MessageAuthenticationCodeAlgorithm type identifies a message
authentication code (MAC) algorithm. Examples include DES-MAC and authentication code (MAC) algorithm. Examples include DES-MAC and
HMAC-SHA-1. A MAC algorithm supports generation and verification HMAC-SHA-1. A MAC algorithm supports generation and verification
operations. The MAC generation and verification operations use the operations. The MAC generation and verification operations use the
same symmetric key. Context determines which operation is intended. same symmetric key. Context determines which operation is intended.
MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
10.1.6 KeyDerivationAlgorithmIdentifier 10.1.6 KeyDerivationAlgorithmIdentifier
The KeyDerivationAlgorithmIdentifier type is specified in RFC <TBD> The KeyDerivationAlgorithmIdentifier type is specified in RFC 3211
[PWRI]. The KeyDerivationAlgorithmIdentifier definition is repeated [PWRI]. The KeyDerivationAlgorithmIdentifier definition is repeated
here for completeness. here for completeness.
Key derivation algorithms convert a password or shared secret value Key derivation algorithms convert a password or shared secret value
into a key-encryption key. into a key-encryption key.
KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
10.2 Other Useful Types 10.2 Other Useful Types
skipping to change at page 34, line 13 skipping to change at page 34, line 35
information sufficient to determine whether the certificates and information sufficient to determine whether the certificates and
attribute certificates with which the set is associated are revoked. attribute certificates with which the set is associated are revoked.
However, there may be more CRLs than necessary or there MAY be fewer However, there may be more CRLs than necessary or there MAY be fewer
CRLs than necessary. CRLs than necessary.
The CertificateList may contain a CRL, an Authority Revocation List The CertificateList may contain a CRL, an Authority Revocation List
(ARL), a Delta CRL, or an Attribute Certificate Revocation List. All (ARL), a Delta CRL, or an Attribute Certificate Revocation List. All
of these lists share a common syntax. of these lists share a common syntax.
CRLs are specified in X.509 [X.509-97], and they are profiled for use CRLs are specified in X.509 [X.509-97], and they are profiled for use
in the Internet in RFC <TBD> [PROFILE]. in the Internet in RFC 3280 [PROFILE].
The definition of CertificateList is taken from X.509. The definition of CertificateList is taken from X.509.
CertificateRevocationLists ::= SET OF CertificateList CertificateRevocationLists ::= SET OF CertificateList
10.2.2 CertificateChoices 10.2.2 CertificateChoices
The CertificateChoices type gives either a PKCS #6 extended The CertificateChoices type gives either a PKCS #6 extended
certificate [PKCS#6], an X.509 certificate, a version 1 X.509 certificate [PKCS#6], an X.509 certificate, a version 1 X.509
attribute certificate (ACv1) [X.509-97], or a version 2 X.509 attribute certificate (ACv1) [X.509-97], or a version 2 X.509
skipping to change at page 36, line 15 skipping to change at page 36, line 38
should be avoided since it might impede interoperability. should be avoided since it might impede interoperability.
OtherKeyAttribute ::= SEQUENCE { OtherKeyAttribute ::= SEQUENCE {
keyAttrId OBJECT IDENTIFIER, keyAttrId OBJECT IDENTIFIER,
keyAttr ANY DEFINED BY keyAttrId OPTIONAL } keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
11 Useful Attributes 11 Useful Attributes
This section defines attributes that may be used with signed-data, This section defines attributes that may be used with signed-data,
enveloped-data, encrypted-data, or authenticated-data. The syntax of enveloped-data, encrypted-data, or authenticated-data. The syntax of
Attribute is compatible with X.501 [X.501-88] and RFC <TBD> Attribute is compatible with X.501 [X.501-88] and RFC 3280 [PROFILE].
[PROFILE]. Some of the attributes defined in this section were Some of the attributes defined in this section were originally
originally defined in PKCS #9 [PKCS#9]; others were originally defined in PKCS #9 [PKCS#9]; others were originally defined in a
defined in a previous version of this specification [OLDCMS]. The previous version of this specification [OLDCMS]. The attributes are
attributes are not listed in any particular order. not listed in any particular order.
Additional attributes are defined in many places, notably the S/MIME Additional attributes are defined in many places, notably the S/MIME
Version 3 Message Specification [MSG] and the Enhanced Security Version 3 Message Specification [MSG] and the Enhanced Security
Services for S/MIME [ESS], which also include recommendations on the Services for S/MIME [ESS], which also include recommendations on the
placement of these attributes. placement of these attributes.
11.1 Content Type 11.1 Content Type
The content-type attribute type specifies the content type of the The content-type attribute type specifies the content type of the
ContentInfo within signed-data or authenticated-data. The content- ContentInfo within signed-data or authenticated-data. The content-
skipping to change at page 40, line 39 skipping to change at page 41, line 21
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
-- The types and values defined in this module are exported for use in -- The types and values defined in this module are exported for use in
-- the other ASN.1 modules. Other applications may use them for their -- the other ASN.1 modules. Other applications may use them for their
-- own purposes. -- own purposes.
IMPORTS IMPORTS
-- Imports from RFC <TBD> [PROFILE], Appendix A.1 -- Imports from RFC 3280 [PROFILE], Appendix A.1
AlgorithmIdentifier, Certificate, CertificateList, AlgorithmIdentifier, Certificate, CertificateList,
CertificateSerialNumber, Name CertificateSerialNumber, Name
FROM PKIX1Explicit88 { iso(1) FROM PKIX1Explicit88 { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) security(5) mechanisms(5) pkix(7) mod(0)
pkix1-explicit(18) } pkix1-explicit(18) }
-- Imports from RFC <TBD> [ACPROFILE], Appendix B -- Imports from RFC <TBD> [ACPROFILE], Appendix B
AttributeCertificate AttributeCertificate
FROM PKIXAttributeCertificate { iso(1) FROM PKIXAttributeCertificate { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) security(5) mechanisms(5) pkix(7) mod(0)
attribute-cert(12) } attribute-cert(12) }
-- Imports from Appendix B of this document -- Imports from Appendix B of this document
AttributeCertificateV1 AttributeCertificateV1
FROM AttributeCertificateVersion1 { iso(1) member-body(2) FROM AttributeCertificateVersion1 { iso(1) member-body(2)
skipping to change at page 47, line 4 skipping to change at page 47, line 28
12.2 Version 1 Attribute Certificate ASN.1 Module 12.2 Version 1 Attribute Certificate ASN.1 Module
AttributeCertificateVersion1 AttributeCertificateVersion1
{ iso(1) member-body(2) us(840) rsadsi(113549) { iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) } pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
DEFINITIONS IMPLICIT TAGS ::= DEFINITIONS IMPLICIT TAGS ::=
BEGIN BEGIN
-- EXPORTS All -- EXPORTS All
IMPORTS IMPORTS
-- Imports from RFC <TBD> [PROFILE], Appendix A.1 -- Imports from RFC 3280 [PROFILE], Appendix A.1
AlgorithmIdentifier, Attribute, CertificateSerialNumber, AlgorithmIdentifier, Attribute, CertificateSerialNumber,
Extensions, UniqueIdentifier Extensions, UniqueIdentifier
FROM PKIX1Explicit88 { iso(1) FROM PKIX1Explicit88 { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) security(5) mechanisms(5) pkix(7) mod(0)
pkix1-explicit(18) } pkix1-explicit(18) }
-- Imports from RFC <TBD> [PROFILE], Appendix A.2 -- Imports from RFC 3280 [PROFILE], Appendix A.2
GeneralNames GeneralNames
FROM PKIX1Implicit88 { iso(1) FROM PKIX1Implicit88 { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) security(5) mechanisms(5) pkix(7) mod(0)
pkix1-implicit(19) } pkix1-implicit(19) }
-- Imports from RFC <TBD> [ACPROFILE], Appendix B -- Imports from RFC <TBD> [ACPROFILE], Appendix B
AttCertValidityPeriod, IssuerSerial AttCertValidityPeriod, IssuerSerial
FROM PKIXAttributeCertificate { iso(1) FROM PKIXAttributeCertificate { iso(1)
identified-organization(3) dod(6) internet(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0) security(5) mechanisms(5) pkix(7) mod(0)
attribute-cert(12) } ; attribute-cert(12) } ;
-- Definition extracted from X.509-1997 [X.509-97], but -- Definition extracted from X.509-1997 [X.509-97], but
-- different type names are used to avoid collisions. -- different type names are used to avoid collisions.
skipping to change at page 48, line 33 skipping to change at page 49, line 18
MSG Ramsdell, B. S/MIME Version 3 Message Specification. MSG Ramsdell, B. S/MIME Version 3 Message Specification.
RFC 2633. June 1999. RFC 2633. June 1999.
OLDCMS Housley, R., Cryptographic Message Syntax, RFC 2630, OLDCMS Housley, R., Cryptographic Message Syntax, RFC 2630,
June 1999. June 1999.
OLDMSG Dusse, S., P. Hoffman, B. Ramsdell, L. Lundblade, and OLDMSG Dusse, S., P. Hoffman, B. Ramsdell, L. Lundblade, and
L. Repka. S/MIME Version 2 Message Specification. L. Repka. S/MIME Version 2 Message Specification.
RFC 2311. March 1998. RFC 2311. March 1998.
PROFILE Housley, R., W. Ford, W. Polk, and D. Solo. Internet PROFILE Housley, R., W. Polk, W. Ford, and D. Solo. Internet
X.509 Public Key Infrastructure: Certificate and CRL X.509 Public Key Infrastructure: Certificate and CRL
Profile. RFC <TBD>. <Date>. Profile. RFC 3280. April 2002.
[draft-ietf-pkix-new-part1-*.txt]
PKCS#6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax PKCS#6 RSA Laboratories. PKCS #6: Extended-Certificate Syntax
Standard, Version 1.5. November 1993. Standard, Version 1.5. November 1993.
PKCS#7 Kaliski, B. PKCS #7: Cryptographic Message Syntax, PKCS#7 Kaliski, B. PKCS #7: Cryptographic Message Syntax,
Version 1.5. RFC 2315. March 1998. Version 1.5. RFC 2315. March 1998.
PKCS#9 RSA Laboratories. PKCS #9: Selected Attribute Types, PKCS#9 RSA Laboratories. PKCS #9: Selected Attribute Types,
Version 1.1. November 1993. Version 1.1. November 1993.
 End of changes. 

This html diff was produced by rfcdiff 1.25, available from http://www.levkowetz.com/ietf/tools/rfcdiff/