📄 rfc3370.txt
字号:
RFC 3370 CMS Algorithms August 2002
Key derivation algorithm identifiers are located in the EnvelopedData
RecipientInfos PasswordRecipientInfo keyDerivationAlgorithm and
AuthenticatedData RecipientInfos PasswordRecipientInfo
keyDerivationAlgorithm fields.
The key-encryption key that is derived from the password is used to
encrypt the content-encryption key.
The content-encryption keys encrypted with password-derived key-
encryption keys are located in the EnvelopedData RecipientInfos
PasswordRecipientInfo encryptedKey field. The message-authentication
keys encrypted with password-derived key-encryption keys are located
in the AuthenticatedData RecipientInfos PasswordRecipientInfo
encryptedKey field.
4.4.1 PBKDF2
The PBKDF2 key derivation algorithm is specified in RFC 2898
[PKCS#5]. The KeyDerivationAlgorithmIdentifer identifies the key-
derivation algorithm, and any associated parameters used to derive
the key-encryption key from the user-supplied password. The
algorithm identifier for the PBKDF2 key derivation algorithm is:
id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-5(5) 12 }
The AlgorithmIdentifier parameter field MUST be PBKDF2-params:
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier },
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier
DEFAULT { algorithm hMAC-SHA1, parameters NULL } }
Within the PBKDF2-params, the salt MUST use the specified OCTET
STRING.
5 Content Encryption Algorithms
This section specifies the conventions employed by CMS
implementations that support content encryption using Three-Key
Triple-DES in CBC mode, Two-Key Triple-DES in CBC mode, or RC2 in CBC
mode.
Housley Standards Track [Page 13]
RFC 3370 CMS Algorithms August 2002
Content encryption algorithm identifiers are located in the
EnvelopedData EncryptedContentInfo contentEncryptionAlgorithm and the
EncryptedData EncryptedContentInfo contentEncryptionAlgorithm fields.
Content encryption algorithms are used to encipher the content
located in the EnvelopedData EncryptedContentInfo encryptedContent
field and the EncryptedData EncryptedContentInfo encryptedContent
field.
5.1 Triple-DES CBC
The Triple-DES algorithm is described in ANSI X9.52 [3DES]. The
Triple-DES is composed from three sequential DES [DES] operations:
encrypt, decrypt, and encrypt. Three-Key Triple-DES uses a different
key for each DES operation. Two-Key Triple-DES uses one key for the
two encrypt operations and a different key for the decrypt operation.
The same algorithm identifiers are used for Three-Key Triple-DES and
Two-Key Triple-DES. The algorithm identifier for Triple-DES in
Cipher Block Chaining (CBC) mode is:
des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
The AlgorithmIdentifier parameters field MUST be present, and the
parameters field must contain a CBCParameter:
CBCParameter ::= IV
IV ::= OCTET STRING -- exactly 8 octets
5.2 RC2 CBC
The RC2 algorithm is described in RFC 2268 [RC2]. The algorithm
identifier for RC2 in CBC mode is:
rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) encryptionAlgorithm(3) 2 }
The AlgorithmIdentifier parameters field MUST be present, and the
parameters field MUST contain a RC2CBCParameter:
RC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER,
iv OCTET STRING } -- exactly 8 octets
Housley Standards Track [Page 14]
RFC 3370 CMS Algorithms August 2002
The RC2 effective-key-bits (key size) greater than 32 and less than
256 is encoded in the rc2ParameterVersion. For the effective-key-
bits of 40, 64, and 128, the rc2ParameterVersion values are 160, 120,
and 58 respectively. These values are not simply the RC2 key length.
Note that the value 160 must be encoded as two octets (00 A0), since
the one octet (A0) encoding represents a negative number.
6 Message Authentication Code Algorithms
This section specifies the conventions employed by CMS
implementations that support the HMAC with SHA-1 message
authentication code (MAC).
MAC algorithm identifiers are located in the AuthenticatedData
macAlgorithm field.
MAC values are located in the AuthenticatedData mac field.
6.1 HMAC with SHA-1
The HMAC with SHA-1 algorithm is described in RFC 2104 [HMAC]. The
algorithm identifier for HMAC with SHA-1 is:
hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) 8 1 2 }
There are two possible encodings for the HMAC with SHA-1
AlgorithmIdentifier parameters field. The two alternatives arise
from the fact that when the 1988 syntax for the AlgorithmIdentifier
type was translated into the 1997 syntax, the OPTIONAL associated
with the AlgorithmIdentifier parameters got lost. Later the OPTIONAL
was recovered via a defect report, but by then many people thought
that algorithm parameters were mandatory. Because of this history
some implementations may encode parameters as a NULL while others
omit them entirely.
The AlgorithmIdentifier parameters field is OPTIONAL. If present,
the parameters field MUST contain a NULL. Implementations MUST
accept HMAC with SHA-1 AlgorithmIdentifiers with absent parameters.
Implementations MUST accept HMAC with SHA-1 AlgorithmIdentifiers with
NULL parameters. Implementations SHOULD generate HMAC with SHA-1
AlgorithmIdentifiers with absent parameters.
Housley Standards Track [Page 15]
RFC 3370 CMS Algorithms August 2002
7 ASN.1 Module
CryptographicMessageSyntaxAlgorithms
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) cmsalg-2001(16) }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All
-- The types and values defined in this module are exported for use
-- in the other ASN.1 modules. Other applications may use them for
-- their own purposes.
IMPORTS
-- Imports from RFC 3280 [PROFILE], Appendix A.1
AlgorithmIdentifier
FROM PKIX1Explicit88 { iso(1)
identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) mod(0)
pkix1-explicit(18) } ;
-- Algorithm Identifiers
sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
oiw(14) secsig(3) algorithm(2) 26 }
md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) digestAlgorithm(2) 5 }
id-dsa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
x9-57(10040) x9cm(4) 1 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) x9-57(10040) x9cm(4) 3 }
rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
md5WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }
sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }
dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) ansi-x942(10046) number-type(2) 1 }
Housley Standards Track [Page 16]
RFC 3370 CMS Algorithms August 2002
id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 }
id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) encryptionAlgorithm(3) 2 }
hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-5(5) 12 }
-- Public Key Types
Dss-Pub-Key ::= INTEGER -- Y
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER } -- e
DHPublicKey ::= INTEGER -- y = g^x mod p
-- Signature Value Types
Dss-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER }
-- Algorithm Identifier Parameter Types
Dss-Parms ::= SEQUENCE {
p INTEGER,
q INTEGER,
g INTEGER }
Housley Standards Track [Page 17]
RFC 3370 CMS Algorithms August 2002
DHDomainParameters ::= SEQUENCE {
p INTEGER, -- odd prime, p=jq +1
g INTEGER, -- generator, g
q INTEGER, -- factor of p-1
j INTEGER OPTIONAL, -- subgroup factor
validationParms ValidationParms OPTIONAL }
ValidationParms ::= SEQUENCE {
seed BIT STRING,
pgenCounter INTEGER }
KeyWrapAlgorithm ::= AlgorithmIdentifier
RC2wrapParameter ::= RC2ParameterVersion
RC2ParameterVersion ::= INTEGER
CBCParameter ::= IV
IV ::= OCTET STRING -- exactly 8 octets
RC2CBCParameter ::= SEQUENCE {
rc2ParameterVersion INTEGER,
iv OCTET STRING } -- exactly 8 octets
PBKDF2-params ::= SEQUENCE {
salt CHOICE {
specified OCTET STRING,
otherSource AlgorithmIdentifier },
iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier
DEFAULT { algorithm hMAC-SHA1, parameters NULL } }
END -- of CryptographicMessageSyntaxAlgorithms
8 References
[3DES] American National Standards Institute. ANSI X9.52-1998,
Triple Data Encryption Algorithm Modes of Operation.
1998.
[CERTALGS] Bassham, L., Housley, R. and W. Polk, "Algorithms and
Identifiers for the Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation
List (CRL) Profile", RFC 3279, April 2002.
Housley Standards Track [Page 18]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -