Cryptographic Message Syntax
RFC 2630
Document Type RFC - Proposed Standard (June 1999; Errata)
Obsoleted by RFC 3369, RFC 3370
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2630 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR 2 References Referenced by Nits 
Network Working Group                                        R. Housley
Request for Comments: 2630                                       SPYRUS
Category: Standards Track                                     June 1999

                      Cryptographic Message Syntax

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This document describes the Cryptographic Message Syntax.  This
   syntax is used to digitally sign, digest, authenticate, or encrypt
   arbitrary messages.

   The Cryptographic Message Syntax is derived from PKCS #7 version 1.5
   as specified in RFC 2315 [PKCS#7].  Wherever possible, backward
   compatibility is preserved; however, changes were necessary to
   accommodate attribute certificate transfer and key agreement
   techniques for key management.

Housley                     Standards Track                     [Page 1]
RFC 2630              Cryptographic Message Syntax             June 1999

Table of Contents

   1   Introduction .................................................  4
   2   General Overview .............................................  4
   3   General Syntax ...............................................  5
   4   Data Content Type ............................................  5
   5   Signed-data Content Type .....................................  6
       5.1  SignedData Type .........................................  7
       5.2  EncapsulatedContentInfo Type ............................  8
       5.3  SignerInfo Type .........................................  9
       5.4  Message Digest Calculation Process ...................... 11
       5.5  Message Signature Generation Process .................... 12
       5.6  Message Signature Verification Process .................. 12
   6   Enveloped-data Content Type .................................. 12
       6.1  EnvelopedData Type ...................................... 14
       6.2  RecipientInfo Type ...................................... 15
            6.2.1  KeyTransRecipientInfo Type ....................... 16
            6.2.2  KeyAgreeRecipientInfo Type ....................... 17
            6.2.3  KEKRecipientInfo Type ............................ 19
       6.3  Content-encryption Process .............................. 20
       6.4  Key-encryption Process .................................. 20
   7   Digested-data Content Type ................................... 21
   8   Encrypted-data Content Type .................................. 22
   9   Authenticated-data Content Type .............................. 23
       9.1  AuthenticatedData Type .................................. 23
       9.2  MAC Generation .......................................... 25
       9.3  MAC Verification ........................................ 26
   10  Useful Types ................................................. 27
       10.1  Algorithm Identifier Types ............................. 27
             10.1.1  DigestAlgorithmIdentifier ...................... 27
             10.1.2  SignatureAlgorithmIdentifier ................... 27
             10.1.3  KeyEncryptionAlgorithmIdentifier ............... 28
             10.1.4  ContentEncryptionAlgorithmIdentifier ........... 28
             10.1.5  MessageAuthenticationCodeAlgorithm ............. 28
       10.2  Other Useful Types ..................................... 28
             10.2.1  CertificateRevocationLists ..................... 28
             10.2.2  CertificateChoices ............................. 29
             10.2.3  CertificateSet ................................. 29
             10.2.4  IssuerAndSerialNumber .......................... 30
             10.2.5  CMSVersion ..................................... 30
             10.2.6  UserKeyingMaterial ............................. 30
             10.2.7  OtherKeyAttribute .............................. 30

Housley                     Standards Track                     [Page 2]
RFC 2630              Cryptographic Message Syntax             June 1999

   11  Useful Attributes ............................................ 31
       11.1  Content Type ........................................... 31
       11.2  Message Digest ......................................... 32
       11.3  Signing Time ........................................... 32
       11.4  Countersignature ....................................... 34
   12  Supported Algorithms ......................................... 35
       12.1  Digest Algorithms ...................................... 35
             12.1.1  SHA-1 .......................................... 35
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools