Cryptographic Message Syntax (CMS)
RFC 3369
| Document | Type |
RFC - Proposed Standard
(September 2002; Errata)
Obsoleted by RFC 3852
|
|
|---|---|---|---|
| Author | Russ Housley | ||
| Last updated | 2020-01-21 | ||
| Stream | Internent Engineering Task Force (IETF) | ||
| Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 3369 (Proposed Standard) | |
| Action Holders |
(None)
|
||
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Jeffrey Schiller | ||
| IESG note | Responsible: RFC Editor | ||
| Send notices to | <turners@ieca.com>, <blake@brutesquadlabs.com> | ||
Network Working Group R. Housley
Request for Comments: 3369 RSA Laboratories
Obsoletes: 2630, 3211 August 2002
Category: Standards Track
Cryptographic Message Syntax (CMS)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This document describes the Cryptographic Message Syntax (CMS). This
syntax is used to digitally sign, digest, authenticate, or encrypt
arbitrary message content.
Table of Contents
1. Introduction ................................................ 3
1.1 Changes Since RFC 2630 ...................................... 3
1.2 Terminology ................................................. 4
2. General Overview ............................................ 4
3. General Syntax .............................................. 5
4. Data Content Type ........................................... 5
5. Signed-data Content Type .................................... 6
5.1 SignedData Type ............................................. 7
5.2 EncapsulatedContentInfo Type ................................ 9
5.2.1 Compatibility with PKCS #7 ................................ 9
5.3 SignerInfo Type ............................................. 11
5.4 Message Digest Calculation Process .......................... 13
5.5 Signature Generation Process ................................ 14
5.6 Signature Verification Process .............................. 14
6. Enveloped-data Content Type ................................. 14
6.1 EnvelopedData Type .......................................... 16
6.2 RecipientInfo Type .......................................... 18
6.2.1 KeyTransRecipientInfo Type ................................ 19
6.2.2 KeyAgreeRecipientInfo Type ................................ 20
6.2.3 KEKRecipientInfo Type ..................................... 22
Housley Standards Track [Page 1]
RFC 3369 Cryptographic Message Syntax August 2002
6.2.4 PasswordRecipientInfo Type ................................ 23
6.2.5 OtherRecipientInfo Type ................................... 24
6.3 Content-encryption Process .................................. 24
6.4 Key-encryption Process ...................................... 25
7. Digested-data Content Type .................................. 25
8. Encrypted-data Content Type ................................. 26
9. Authenticated-data Content Type ............................. 27
9.1 AuthenticatedData Type ...................................... 28
9.2 MAC Generation .............................................. 29
9.3 MAC Verification ............................................ 31
10. Useful Types ................................................ 31
10.1 Algorithm Identifier Types ................................. 31
10.1.1 DigestAlgorithmIdentifier ................................ 31
10.1.2 SignatureAlgorithmIdentifier ............................. 32
10.1.3 KeyEncryptionAlgorithmIdentifier ......................... 32
10.1.4 ContentEncryptionAlgorithmIdentifier ..................... 32
10.1.5 MessageAuthenticationCodeAlgorithm ....................... 32
10.1.6 KeyDerivationAlgorithmIdentifier ......................... 33
10.2 Other Useful Types ......................................... 33
10.2.1 CertificateRevocationLists ............................... 33
10.2.2 CertificateChoices ....................................... 33
10.2.3 CertificateSet ........................................... 34
10.2.4 IssuerAndSerialNumber .................................... 34
10.2.5 CMSVersion ............................................... 35
10.2.6 UserKeyingMaterial ....................................... 35
10.2.7 OtherKeyAttribute ........................................ 35
11. Useful Attributes ........................................... 35
11.1 Content Type ............................................... 36
11.2 Message Digest ............................................. 36
11.3 Signing Time ............................................... 37
11.4 Countersignature ........................................... 39
12. ASN.1 Modules ............................................... 40
12.1 CMS ASN.1 Module ........................................... 40
12.2 Version 1 Attribute Certificate ASN.1 Module ............... 46
Show full document text