Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification
RFC 3851

 
Document Type RFC - Proposed Standard (July 2004; No errata)
Obsoleted by RFC 5751
Obsoletes RFC 2633
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 3851 (Proposed Standard)
Telechat date
Responsible AD Russ Housley
Send notices to turners@ieca.com, blake@sendmail.com
Network Working Group                                B. Ramsdell, Editor
Request for Comments: 3851                                Sendmail, Inc.
Obsoletes: 2633                                                July 2004
Category: Standards Track

   Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
                         Message Specification

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).

Abstract

   This document defines Secure/Multipurpose Internet Mail Extensions
   (S/MIME) version 3.1.  S/MIME provides a consistent way to send and
   receive secure MIME data.  Digital signatures provide authentication,
   message integrity, and non-repudiation with proof of origin.
   Encryption provides data confidentiality.  Compression can be used to
   reduce data size.  This document obsoletes RFC 2633.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  2
       1.1.  Specification Overview . . . . . . . . . . . . . . . . .  3
       1.2.  Terminology. . . . . . . . . . . . . . . . . . . . . . .  3
       1.3.  Definitions. . . . . . . . . . . . . . . . . . . . . . .  4
       1.4.  Compatibility with Prior Practice of S/MIME. . . . . . .  5
       1.5.  Changes Since S/MIME v3. . . . . . . . . . . . . . . . .  5
   2.  CMS Options. . . . . . . . . . . . . . . . . . . . . . . . . .  5
       2.1.  DigestAlgorithmIdentifier. . . . . . . . . . . . . . . .  5
       2.2.  SignatureAlgorithmIdentifier . . . . . . . . . . . . . .  6
       2.3.  KeyEncryptionAlgorithmIdentifier . . . . . . . . . . . .  6
       2.4.  General Syntax . . . . . . . . . . . . . . . . . . . . .  6
       2.5.  Attributes and the SignerInfo Type . . . . . . . . . . .  7
       2.6.  SignerIdentifier SignerInfo Type . . . . . . . . . . . . 11
       2.7.  ContentEncryptionAlgorithmIdentifier . . . . . . . . . . 12
   3.  Creating S/MIME Messages . . . . . . . . . . . . . . . . . . . 14

Ramsdell                    Standards Track                     [Page 1]
RFC 3851            S/MIME 3.1 Message Specification           July 2004

       3.1.  Preparing the MIME Entity for Signing, Enveloping
             or Compressing . . . . . . . . . . . . . . . . . . . . . 14
       3.2.  The application/pkcs7-mime Type. . . . . . . . . . . . . 19
       3.3.  Creating an Enveloped-only Message . . . . . . . . . . . 21
       3.4.  Creating a Signed-only Message . . . . . . . . . . . . . 22
       3.5.  Creating an Compressed-only Message. . . . . . . . . . . 26
       3.6.  Multiple Operations. . . . . . . . . . . . . . . . . . . 27
       3.7.  Creating a Certificate Management Messagetoc . . . . . . 27
       3.8.  Registration Requests. . . . . . . . . . . . . . . . . . 28
       3.9.  Identifying an S/MIME Message. . . . . . . . . . . . . . 28
   4.  Certificate Processing . . . . . . . . . . . . . . . . . . . . 29
       4.1.  Key Pair Generation. . . . . . . . . . . . . . . . . . . 29
   5.  Security Considerations. . . . . . . . . . . . . . . . . . . . 29
   A.  ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 31
   B.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 32
       B.1.  Normative References . . . . . . . . . . . . . . . . . . 32
       B.2.  Informative References . . . . . . . . . . . . . . . . . 34
   C.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 35
   D.  Editor's Address . . . . . . . . . . . . . . . . . . . . . . . 35
       Full Copyright Statement . . . . . . . . . . . . . . . . . . . 36

1.  Introduction

   S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a
   consistent way to send and receive secure MIME data.  Based on the
   popular Internet MIME standard, S/MIME provides the following
   cryptographic security services for electronic messaging
   applications:  authentication, message integrity and non-repudiation
   of origin (using digital signatures), and data confidentiality (using
   encryption).

   S/MIME can be used by traditional mail user agents (MUAs) to add
   cryptographic security services to mail that is sent, and to
   interpret cryptographic security services in mail that is received.
   However, S/MIME is not restricted to mail; it can be used with any
   transport mechanism that transports MIME data, such as HTTP.  As
   such, S/MIME takes advantage of the object-based features of MIME and
   allows secure messages to be exchanged in mixed-transport systems.
Show full document text