Use of the CAST-128 Encryption Algorithm in CMS
RFC 2984
|
| Document |
Type |
|
RFC - Proposed Standard
(October 2000; No errata)
|
|
Author |
|
Carlisle Adams
|
|
Last updated |
|
2013-03-02
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
| Stream |
WG state
|
|
(None)
|
|
Document shepherd |
|
No shepherd assigned
|
| IESG |
IESG state |
|
RFC 2984 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Unknown
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
(None)
|
Network Working Group C. Adams
Request for Comments: 2984 Entrust Technologies
Category: Standards Track October 2000
Use of the CAST-128 Encryption Algorithm in CMS
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document specifies how to incorporate CAST-128 (RFC2144) into
the S/MIME Cryptographic Message Syntax (CMS) as an additional
algorithm for symmetric encryption. The relevant OIDs and processing
steps are provided so that CAST-128 may be included in the CMS
specification (RFC2630) for symmetric content and key encryption.
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase,
as shown) are to be interpreted as described in [RFC2119].
1. Motivation
S/MIME (Secure/Multipurpose Internet Mail Extensions) [SMIME2,
SMIME3] is a set of specifications for the secure transport of MIME
objects. In the current (S/MIME v3) specifications the mandatory-
to-implement symmetric algorithm for content encryption and key
encryption is triple-DES (3DES). While this is perfectly acceptable
in many cases because the security of 3DES is generally considered to
be high, for some environments 3DES may be seen to be too slow. In
part to help alleviate such performance concerns, S/MIME has allowed
any number of (optional) additional algorithms to be used for
symmetric content and key encryption.
The CAST-128 encryption algorithm [RFC2144, Adams] is a well-studied
symmetric cipher that has a number of appealing features, including
relatively high performance and a variable key size (from 40 bits to
128 bits). It is available royalty-free and license-free for
Adams Standards Track [Page 1]
RFC 2984 CAST-128 in CMS October 2000
commercial and non-commercial uses worldwide [IPR], and therefore is
widely used in a number of applications around the Internet. It thus
seems to be a suitable optional encryption algorithm for S/MIME.
This document describes how to use CAST-128 within the S/MIME CMS
specification.
2. Specification
This section provides the OIDs and processing information necessary
for CAST-128 to be used for content and key encryption in CMS.
2.1 OIDs for Content and Key Encryption
CAST-128 is added to the set of optional symmetric encryption
algorithms in CMS by providing two unique object identifiers (OIDs).
One OID defines the content encryption algorithm and the other
defines the key encryption algorithm. Thus a CMS agent can apply
CAST-128 either for content or key encryption by selecting the
corresponding object identifier, supplying the required parameter,
and starting the program code.
For content encryption the use of CAST-128 in cipher block chaining
(CBC) mode is RECOMMENDED. The key length is variable (from 40 to
128 bits in 1-octet increments).
The CAST-128 content-encryption algorithm in CBC mode has the
following object identifier:
cast5CBC OBJECT IDENTIFIER ::= {iso(1) member-body(2)
us(840) nt(113533) nsn(7) algorithms(66) 10}
The parameter associated with this object identifier contains the
initial vector IV and the key length:
cast5CBCParameters ::= SEQUENCE {
iv OCTET STRING DEFAULT 0,
-- Initialization vector
keyLength INTEGER
-- Key length, in bits
}
Comments regarding the use of the IV may be found in [RFC2144].
The key-wrap/unwrap procedures used to encrypt/decrypt a CAST-128
content-encryption key with a CAST-128 key-encryption key are
specified in Section 2.2. Generation and distribution of key-
encryption keys are beyond the scope of this document.
Adams Standards Track [Page 2]
RFC 2984 CAST-128 in CMS October 2000
The CAST-128 key-encryption algorithm has the following object
identifier:
cast5CMSkeywrap OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) nt(113533) nsn(7)
algorithms(66) 15}
The parameter associated with this object identifier contains only
the key length (because the key wrapping procedure itself defines how
and when to use an IV):
cast5CMSkeywrapParameter ::= INTEGER
-- key length, in bits
2.2 Key Wrapping and Unwrapping
Show full document text