Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification
RFC 3851
Document | Type |
RFC - Proposed Standard
(July 2004; No errata)
Obsoleted by RFC 5751
Obsoletes RFC 2633
|
|
---|---|---|---|
Author | Blake Ramsdell | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3851 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | turners@ieca.com |
Network Working Group B. Ramsdell, Editor Request for Comments: 3851 Sendmail, Inc. Obsoletes: 2633 July 2004 Category: Standards Track Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). Abstract This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 3.1. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 2633. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Specification Overview . . . . . . . . . . . . . . . . . 3 1.2. Terminology. . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Definitions. . . . . . . . . . . . . . . . . . . . . . . 4 1.4. Compatibility with Prior Practice of S/MIME. . . . . . . 5 1.5. Changes Since S/MIME v3. . . . . . . . . . . . . . . . . 5 2. CMS Options. . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. DigestAlgorithmIdentifier. . . . . . . . . . . . . . . . 5 2.2. SignatureAlgorithmIdentifier . . . . . . . . . . . . . . 6 2.3. KeyEncryptionAlgorithmIdentifier . . . . . . . . . . . . 6 2.4. General Syntax . . . . . . . . . . . . . . . . . . . . . 6 2.5. Attributes and the SignerInfo Type . . . . . . . . . . . 7 2.6. SignerIdentifier SignerInfo Type . . . . . . . . . . . . 11 2.7. ContentEncryptionAlgorithmIdentifier . . . . . . . . . . 12 3. Creating S/MIME Messages . . . . . . . . . . . . . . . . . . . 14 Ramsdell Standards Track [Page 1] RFC 3851 S/MIME 3.1 Message Specification July 2004 3.1. Preparing the MIME Entity for Signing, Enveloping or Compressing . . . . . . . . . . . . . . . . . . . . . 14 3.2. The application/pkcs7-mime Type. . . . . . . . . . . . . 19 3.3. Creating an Enveloped-only Message . . . . . . . . . . . 21 3.4. Creating a Signed-only Message . . . . . . . . . . . . . 22 3.5. Creating an Compressed-only Message. . . . . . . . . . . 26 3.6. Multiple Operations. . . . . . . . . . . . . . . . . . . 27 3.7. Creating a Certificate Management Messagetoc . . . . . . 27 3.8. Registration Requests. . . . . . . . . . . . . . . . . . 28 3.9. Identifying an S/MIME Message. . . . . . . . . . . . . . 28 4. Certificate Processing . . . . . . . . . . . . . . . . . . . . 29 4.1. Key Pair Generation. . . . . . . . . . . . . . . . . . . 29 5. Security Considerations. . . . . . . . . . . . . . . . . . . . 29 A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 31 B. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 B.1. Normative References . . . . . . . . . . . . . . . . . . 32 B.2. Informative References . . . . . . . . . . . . . . . . . 34 C. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 35 D. Editor's Address . . . . . . . . . . . . . . . . . . . . . . . 35 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 36 1. Introduction S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a consistent way to send and receive secure MIME data. Based on the popular Internet MIME standard, S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures), and data confidentiality (using encryption). S/MIME can be used by traditional mail user agents (MUAs) to add cryptographic security services to mail that is sent, and to interpret cryptographic security services in mail that is received. However, S/MIME is not restricted to mail; it can be used with any transport mechanism that transports MIME data, such as HTTP. As such, S/MIME takes advantage of the object-based features of MIME and allows secure messages to be exchanged in mixed-transport systems. Further, S/MIME can be used in automated message transfer agents that use cryptographic security services that do not require any humanShow full document text