datatracker.ietf.org
Sign in
Version 5.6.4.p1, 2014-10-20
Report a bug

Cryptographic Message Syntax (CMS)
RFC 3852

Document type: RFC - Proposed Standard (July 2004; Errata)
Obsoleted by RFC 5652
Updated by RFC 4853, RFC 5083
Obsoletes RFC 3369
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

This information refers to IESG processing after the RFC was initially published:
IESG State: RFC 3852 (Proposed Standard)
Responsible AD: Tim Polk
IESG Note: This RFC this has been approved for publications; as a draft to track, this has been replaced with draft-ietf-smime-rfc3852bis
Send notices to: smime-chairs@tools.ietf.org, housley@vigilsec.com

Network Working Group                                         R. Housley
Request for Comments: 3852                                Vigil Security
Obsoletes: 3369                                                July 2004
Category: Standards Track

                   Cryptographic Message Syntax (CMS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document describes the Cryptographic Message Syntax (CMS).  This
   syntax is used to digitally sign, digest, authenticate, or encrypt
   arbitrary message content.

Table of Contents

   1.   Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
        1.1.   Evolution of the CMS . . . . . . . . . . . . . . . . .  3
               1.1.1.  Changes Since PKCS #7 Version 1.5. . . . . . .  3
               1.1.2.  Changes Since RFC 2630 . . . . . . . . . . . .  4
               1.1.3.  Changes Since RFC 3369 . . . . . . . . . . . .  4
        1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . .  5
        1.3.  Version Numbers . . . . . . . . . . . . . . . . . . . .  5
   2.   General Overview. . . . . . . . . . . . . . . . . . . . . . .  5
   3.   General Syntax  . . . . . . . . . . . . . . . . . . . . . . .  6
   4.   Data Content Type . . . . . . . . . . . . . . . . . . . . . .  6
   5.   Signed-data Content Type. . . . . . . . . . . . . . . . . . .  7
        5.1.   SignedData Type. . . . . . . . . . . . . . . . . . . .  8
        5.2.   EncapsulatedContentInfo Type . . . . . . . . . . . . . 10
               5.2.1.   Compatibility with PKCS #7. . . . . . . . . . 11
        5.3.   SignerInfo Type. . . . . . . . . . . . . . . . . . . . 12
        5.4.   Message Digest Calculation Process . . . . . . . . . . 14
        5.5.   Signature Generation Process . . . . . . . . . . . . . 15
        5.6.   Signature Verification Process . . . . . . . . . . . . 15
   6.   Enveloped-data Content Type . . . . . . . . . . . . . . . . . 16
        6.1.   EnvelopedData Type . . . . . . . . . . . . . . . . . . 17

Housley                     Standards Track                     [Page 1]
RFC 3852              Cryptographic Message Syntax             July 2004

        6.2.   RecipientInfo Type . . . . . . . . . . . . . . . . . . 19
               6.2.1.   KeyTransRecipientInfo Type. . . . . . . . . . 20
               6.2.2.   KeyAgreeRecipientInfo Type. . . . . . . . . . 21
               6.2.3.   KEKRecipientInfo Type . . . . . . . . . . . . 24
               6.2.4.   PasswordRecipientInfo Type. . . . . . . . . . 25
               6.2.5.   OtherRecipientInfo Type . . . . . . . . . . . 26
        6.3.   Content-encryption Process . . . . . . . . . . . . . . 26
        6.4.   Key-encryption Process . . . . . . . . . . . . . . . . 27
   7.   Digested-data Content Type. . . . . . . . . . . . . . . . . . 27
   8.   Encrypted-data Content Type . . . . . . . . . . . . . . . . . 28
   9.   Authenticated-data Content Type . . . . . . . . . . . . . . . 29
        9.1.   AuthenticatedData Type . . . . . . . . . . . . . . . . 30
        9.2.   MAC Generation . . . . . . . . . . . . . . . . . . . . 32
        9.3.   MAC Verification . . . . . . . . . . . . . . . . . . . 33
   10.  Useful Types. . . . . . . . . . . . . . . . . . . . . . . . . 33
        10.1.  Algorithm Identifier Types . . . . . . . . . . . . . . 33
               10.1.1.  DigestAlgorithmIdentifier . . . . . . . . . . 34
               10.1.2.  SignatureAlgorithmIdentifier. . . . . . . . . 34
               10.1.3.  KeyEncryptionAlgorithmIdentifier. . . . . . . 34
               10.1.4.  ContentEncryptionAlgorithmIdentifier. . . . . 34
               10.1.5.  MessageAuthenticationCodeAlgorithm. . . . . . 35
               10.1.6.  KeyDerivationAlgorithmIdentifier. . . . . . . 35
        10.2.  Other Useful Types . . . . . . . . . . . . . . . . . . 35
               10.2.1.  RevocationInfoChoices . . . . . . . . . . . . 35
               10.2.2.  CertificateChoices. . . . . . . . . . . . . . 36
               10.2.3.  CertificateSet. . . . . . . . . . . . . . . . 37
               10.2.4.  IssuerAndSerialNumber . . . . . . . . . . . . 37
               10.2.5.  CMSVersion. . . . . . . . . . . . . . . . . . 38
               10.2.6.  UserKeyingMaterial. . . . . . . . . . . . . . 38
               10.2.7.  OtherKeyAttribute . . . . . . . . . . . . . . 38
   11.  Useful Attributes . . . . . . . . . . . . . . . . . . . . . . 38
        11.1.  Content Type . . . . . . . . . . . . . . . . . . . . . 39

[include full document text]