Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification
RFC 3851
| Document | Type |
RFC - Proposed Standard
(July 2004; No errata)
Obsoleted by RFC 5751
Obsoletes RFC 2633
|
|
|---|---|---|---|
| Last updated | 2015-10-14 | ||
| Stream | IETF | ||
| Formats | plain text pdf html bibtex | ||
| Stream | WG state | (None) | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | RFC 3851 (Proposed Standard) | |
| Consensus Boilerplate | Unknown | ||
| Telechat date | |||
| Responsible AD | Russ Housley | ||
| Send notices to | turners@ieca.com | ||
Network Working Group B. Ramsdell, Editor
Request for Comments: 3851 Sendmail, Inc.
Obsoletes: 2633 July 2004
Category: Standards Track
Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1
Message Specification
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004).
Abstract
This document defines Secure/Multipurpose Internet Mail Extensions
(S/MIME) version 3.1. S/MIME provides a consistent way to send and
receive secure MIME data. Digital signatures provide authentication,
message integrity, and non-repudiation with proof of origin.
Encryption provides data confidentiality. Compression can be used to
reduce data size. This document obsoletes RFC 2633.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Specification Overview . . . . . . . . . . . . . . . . . 3
1.2. Terminology. . . . . . . . . . . . . . . . . . . . . . . 3
1.3. Definitions. . . . . . . . . . . . . . . . . . . . . . . 4
1.4. Compatibility with Prior Practice of S/MIME. . . . . . . 5
1.5. Changes Since S/MIME v3. . . . . . . . . . . . . . . . . 5
2. CMS Options. . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. DigestAlgorithmIdentifier. . . . . . . . . . . . . . . . 5
2.2. SignatureAlgorithmIdentifier . . . . . . . . . . . . . . 6
2.3. KeyEncryptionAlgorithmIdentifier . . . . . . . . . . . . 6
2.4. General Syntax . . . . . . . . . . . . . . . . . . . . . 6
2.5. Attributes and the SignerInfo Type . . . . . . . . . . . 7
2.6. SignerIdentifier SignerInfo Type . . . . . . . . . . . . 11
2.7. ContentEncryptionAlgorithmIdentifier . . . . . . . . . . 12
3. Creating S/MIME Messages . . . . . . . . . . . . . . . . . . . 14
Ramsdell Standards Track [Page 1]
RFC 3851 S/MIME 3.1 Message Specification July 2004
3.1. Preparing the MIME Entity for Signing, Enveloping
or Compressing . . . . . . . . . . . . . . . . . . . . . 14
3.2. The application/pkcs7-mime Type. . . . . . . . . . . . . 19
3.3. Creating an Enveloped-only Message . . . . . . . . . . . 21
3.4. Creating a Signed-only Message . . . . . . . . . . . . . 22
3.5. Creating an Compressed-only Message. . . . . . . . . . . 26
3.6. Multiple Operations. . . . . . . . . . . . . . . . . . . 27
3.7. Creating a Certificate Management Messagetoc . . . . . . 27
3.8. Registration Requests. . . . . . . . . . . . . . . . . . 28
3.9. Identifying an S/MIME Message. . . . . . . . . . . . . . 28
4. Certificate Processing . . . . . . . . . . . . . . . . . . . . 29
4.1. Key Pair Generation. . . . . . . . . . . . . . . . . . . 29
5. Security Considerations. . . . . . . . . . . . . . . . . . . . 29
A. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . . 31
B. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32
B.1. Normative References . . . . . . . . . . . . . . . . . . 32
B.2. Informative References . . . . . . . . . . . . . . . . . 34
C. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 35
D. Editor's Address . . . . . . . . . . . . . . . . . . . . . . . 35
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 36
1. Introduction
S/MIME (Secure/Multipurpose Internet Mail Extensions) provides a
consistent way to send and receive secure MIME data. Based on the
popular Internet MIME standard, S/MIME provides the following
cryptographic security services for electronic messaging
applications: authentication, message integrity and non-repudiation
of origin (using digital signatures), and data confidentiality (using
encryption).
S/MIME can be used by traditional mail user agents (MUAs) to add
cryptographic security services to mail that is sent, and to
interpret cryptographic security services in mail that is received.
However, S/MIME is not restricted to mail; it can be used with any
transport mechanism that transports MIME data, such as HTTP. As
such, S/MIME takes advantage of the object-based features of MIME and
allows secure messages to be exchanged in mixed-transport systems.
Further, S/MIME can be used in automated message transfer agents that
use cryptographic security services that do not require any human
Show full document text