%% You should probably cite rfc9709 instead of this I-D. @techreport{ietf-lamps-cms-cek-hkdf-sha256-05, number = {draft-ietf-lamps-cms-cek-hkdf-sha256-05}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-cek-hkdf-sha256/05/}, author = {Russ Housley}, title = {{Encryption Key Derivation in the Cryptographic Message Syntax (CMS) using HKDF with SHA-256}}, pagetotal = 14, year = 2024, month = sep, day = 19, abstract = {This document specifies the derivation of the content-encryption key or the content-authenticated-encryption key in the Cryptographic Message Syntax (CMS) using HMAC-based Extract-and-Expand Key Derivation Function (HKDF) with SHA-256. The use of this mechanism provides protection against where the attacker manipulates the content-encryption algorithm identifier or the content-authenticated- encryption algorithm identifier.}, }