Cryptographic Message Syntax (CMS)
RFC 3369

Versions
08


Document	Type	RFC - Proposed Standard (September 2002; Errata) Obsoleted by RFC 3852 Obsoletes RFC 3211, RFC 2630 Was draft-ietf-smime-rfc2630bis (smime WG)
	Last updated	2012-02-26
	Stream	IETF
	Formats	plain text pdf html bibtex
Stream	WG state	(None)
	Document shepherd	No shepherd assigned
IESG	IESG state	RFC 3369 (Proposed Standard)
	Consensus Boilerplate	Unknown
	Telechat date
	Responsible AD	Jeffrey Schiller
	IESG note	Responsible: RFC Editor
	Send notices to	<turners@ieca.com>, <blake@brutesquadlabs.com>

Email authors IPR 2 References Referenced by Nits

Network Working Group                                         R. Housley
Request for Comments: 3369                              RSA Laboratories
Obsoletes: 2630, 3211                                        August 2002
Category: Standards Track

                   Cryptographic Message Syntax (CMS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes the Cryptographic Message Syntax (CMS).  This
   syntax is used to digitally sign, digest, authenticate, or encrypt
   arbitrary message content.

Table of Contents

   1.   Introduction ................................................  3
   1.1  Changes Since RFC 2630 ......................................  3
   1.2  Terminology .................................................  4
   2.   General Overview ............................................  4
   3.   General Syntax ..............................................  5
   4.   Data Content Type ...........................................  5
   5.   Signed-data Content Type ....................................  6
   5.1  SignedData Type .............................................  7
   5.2  EncapsulatedContentInfo Type ................................  9
   5.2.1  Compatibility with PKCS #7 ................................  9
   5.3  SignerInfo Type ............................................. 11
   5.4  Message Digest Calculation Process .......................... 13
   5.5  Signature Generation Process ................................ 14
   5.6  Signature Verification Process .............................. 14
   6.   Enveloped-data Content Type ................................. 14
   6.1  EnvelopedData Type .......................................... 16
   6.2  RecipientInfo Type .......................................... 18
   6.2.1  KeyTransRecipientInfo Type ................................ 19
   6.2.2  KeyAgreeRecipientInfo Type ................................ 20
   6.2.3  KEKRecipientInfo Type ..................................... 22

Housley                     Standards Track                     [Page 1]
RFC 3369              Cryptographic Message Syntax           August 2002

   6.2.4  PasswordRecipientInfo Type ................................ 23
   6.2.5  OtherRecipientInfo Type ................................... 24
   6.3  Content-encryption Process .................................. 24
   6.4  Key-encryption Process ...................................... 25
   7.   Digested-data Content Type .................................. 25
   8.   Encrypted-data Content Type ................................. 26
   9.   Authenticated-data Content Type ............................. 27
   9.1  AuthenticatedData Type ...................................... 28
   9.2  MAC Generation .............................................. 29
   9.3  MAC Verification ............................................ 31
   10.  Useful Types ................................................ 31
   10.1  Algorithm Identifier Types ................................. 31
   10.1.1  DigestAlgorithmIdentifier ................................ 31
   10.1.2  SignatureAlgorithmIdentifier ............................. 32
   10.1.3  KeyEncryptionAlgorithmIdentifier ......................... 32
   10.1.4  ContentEncryptionAlgorithmIdentifier ..................... 32
   10.1.5  MessageAuthenticationCodeAlgorithm ....................... 32
   10.1.6  KeyDerivationAlgorithmIdentifier ......................... 33
   10.2  Other Useful Types ......................................... 33
   10.2.1  CertificateRevocationLists ............................... 33
   10.2.2  CertificateChoices ....................................... 33
   10.2.3  CertificateSet ........................................... 34
   10.2.4  IssuerAndSerialNumber .................................... 34
   10.2.5  CMSVersion ............................................... 35
   10.2.6  UserKeyingMaterial ....................................... 35
   10.2.7  OtherKeyAttribute ........................................ 35
   11.  Useful Attributes ........................................... 35
   11.1  Content Type ............................................... 36
   11.2  Message Digest ............................................. 36
   11.3  Signing Time ............................................... 37
   11.4  Countersignature ........................................... 39

Show full document text

Cryptographic Message Syntax (CMS)RFC 3369

Cryptographic Message Syntax (CMS)
RFC 3369