Cryptographic Message Syntax (CMS) Algorithms
RFC 3370
Document | Type | RFC - Proposed Standard (September 2002; Errata) | |
---|---|---|---|
Author | Russ Housley | ||
Last updated | 2020-01-21 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized with errata bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3370 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Jeffrey Schiller | ||
IESG note | Responsible: RFC Editor | ||
Send notices to | <turners@ieca.com>, <blake@brutesquadlabs.com> |
Network Working Group R. Housley Request for Comments: 3370 RSA Laboratories Obsoletes: 2630, 3211 August 2002 Category: Standards Track Cryptographic Message Syntax (CMS) Algorithms Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2002). All Rights Reserved. Abstract This document describes the conventions for using several cryptographic algorithms with the Cryptographic Message Syntax (CMS). The CMS is used to digitally sign, digest, authenticate, or encrypt arbitrary message contents. Table of Contents 1 Introduction ............................................... 2 1.1 Changes Since RFC 2630 ..................................... 2 1.2 Terminology ................................................ 2 2 Message Digest Algorithms .................................. 3 2.1 SHA-1 ...................................................... 3 2.2 MD5 ........................................................ 3 3 Signature Algorithms ....................................... 4 3.1 DSA ........................................................ 4 3.2 RSA ........................................................ 5 4 Key Management Algorithms .................................. 6 4.1 Key Agreement Algorithms ................................... 6 4.1.1 X9.42 Ephemeral-Static Diffie-Hellman ...................... 7 4.1.2 X9.42 Static-Static Diffie-Hellman ......................... 8 4.2 Key Transport Algorithms ................................... 9 4.2.1 RSA (PKCS #1 v1.5) ......................................... 10 4.3 Symmetric Key-Encryption Key Algorithms .................... 10 4.3.1 Triple-DES Key Wrap ........................................ 11 4.3.2 RC2 Key Wrap ............................................... 12 4.4 Key Derivation Algorithms .................................. 12 Housley Standards Track [Page 1] RFC 3370 CMS Algorithms August 2002 4.4.1 PBKDF2 ..................................................... 13 5 Content Encryption Algorithms .............................. 13 5.1 Triple-DES CBC ............................................. 14 5.2 RC2 CBC .................................................... 14 6 Message Authentication Code (MAC) Algorithms ............... 15 6.1 HMAC with SHA-1 ............................................ 15 7 ASN.1 Module ............................................... 16 8 References ................................................. 18 9 Security Considerations .................................... 20 10 Acknowledgments ............................................ 22 11 Author's Address ........................................... 23 12 Full Copyright Statement ................................... 24 1 Introduction The Cryptographic Message Syntax (CMS) [CMS] is used to digitally sign, digest, authenticate, or encrypt arbitrary message contents. This companion specification describes the use of common cryptographic algorithms with the CMS. Implementations of the CMS may support these algorithms; implementations of the CMS may also support other algorithms as well. However, if an implementation chooses to support one of the algorithms discussed in this document, then the implementation MUST do so as described in this document. The CMS values are generated using ASN.1 [X.208-88], using BER- encoding [X.209-88]. Algorithm identifiers (which include ASN.1 object identifiers) identify cryptographic algorithms, and some algorithms require additional parameters. When needed, parameters are specified with an ASN.1 structure. The algorithm identifier for each algorithm is specified, and when needed, the parameter structure is specified. The fields in the CMS employed by each algorithm are identified. 1.1 Changes Since RFC 2630 This document obsoletes section 12 of RFC 2630 [OLDCMS]. RFC 3369 [CMS] obsoletes the rest of RFC 2630. Separation of the protocol and algorithm specifications allows each one to be updated without impacting the other. However, the conventions for using additional algorithms with the CMS are likely to be specified in separate documents. 1.2 Terminology In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD,Show full document text