Cryptographic Message Syntax (CMS)
RFC 3369
Document | Type |
RFC - Proposed Standard
(September 2002; Errata)
Obsoleted by RFC 3852
|
|
---|---|---|---|
Author | Russ Housley | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3369 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Jeffrey Schiller | ||
IESG note | Responsible: RFC Editor | ||
Send notices to | <turners@ieca.com>, <blake@brutesquadlabs.com> |
Network Working Group R. Housley Request for Comments: 3369 RSA Laboratories Obsoletes: 2630, 3211 August 2002 Category: Standards Track Cryptographic Message Syntax (CMS) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. Table of Contents 1. Introduction ................................................ 3 1.1 Changes Since RFC 2630 ...................................... 3 1.2 Terminology ................................................. 4 2. General Overview ............................................ 4 3. General Syntax .............................................. 5 4. Data Content Type ........................................... 5 5. Signed-data Content Type .................................... 6 5.1 SignedData Type ............................................. 7 5.2 EncapsulatedContentInfo Type ................................ 9 5.2.1 Compatibility with PKCS #7 ................................ 9 5.3 SignerInfo Type ............................................. 11 5.4 Message Digest Calculation Process .......................... 13 5.5 Signature Generation Process ................................ 14 5.6 Signature Verification Process .............................. 14 6. Enveloped-data Content Type ................................. 14 6.1 EnvelopedData Type .......................................... 16 6.2 RecipientInfo Type .......................................... 18 6.2.1 KeyTransRecipientInfo Type ................................ 19 6.2.2 KeyAgreeRecipientInfo Type ................................ 20 6.2.3 KEKRecipientInfo Type ..................................... 22 Housley Standards Track [Page 1] RFC 3369 Cryptographic Message Syntax August 2002 6.2.4 PasswordRecipientInfo Type ................................ 23 6.2.5 OtherRecipientInfo Type ................................... 24 6.3 Content-encryption Process .................................. 24 6.4 Key-encryption Process ...................................... 25 7. Digested-data Content Type .................................. 25 8. Encrypted-data Content Type ................................. 26 9. Authenticated-data Content Type ............................. 27 9.1 AuthenticatedData Type ...................................... 28 9.2 MAC Generation .............................................. 29 9.3 MAC Verification ............................................ 31 10. Useful Types ................................................ 31 10.1 Algorithm Identifier Types ................................. 31 10.1.1 DigestAlgorithmIdentifier ................................ 31 10.1.2 SignatureAlgorithmIdentifier ............................. 32 10.1.3 KeyEncryptionAlgorithmIdentifier ......................... 32 10.1.4 ContentEncryptionAlgorithmIdentifier ..................... 32 10.1.5 MessageAuthenticationCodeAlgorithm ....................... 32 10.1.6 KeyDerivationAlgorithmIdentifier ......................... 33 10.2 Other Useful Types ......................................... 33 10.2.1 CertificateRevocationLists ............................... 33 10.2.2 CertificateChoices ....................................... 33 10.2.3 CertificateSet ........................................... 34 10.2.4 IssuerAndSerialNumber .................................... 34 10.2.5 CMSVersion ............................................... 35 10.2.6 UserKeyingMaterial ....................................... 35 10.2.7 OtherKeyAttribute ........................................ 35 11. Useful Attributes ........................................... 35 11.1 Content Type ............................................... 36 11.2 Message Digest ............................................. 36 11.3 Signing Time ............................................... 37 11.4 Countersignature ........................................... 39 12. ASN.1 Modules ............................................... 40 12.1 CMS ASN.1 Module ........................................... 40 12.2 Version 1 Attribute Certificate ASN.1 Module ............... 46Show full document text