| < draft-ietf-smime-3278bis-07.txt | draft-ietf-smime-3278bis-08.txt > | |||
|---|---|---|---|---|
| S/MIME WG Sean Turner, IECA | S/MIME WG Sean Turner, IECA | |||
| Internet Draft Dan Brown, Certicom | Internet Draft Dan Brown, Certicom | |||
| Intended Status: Informational May 5, 2009 | Intended Status: Informational May 29, 2009 | |||
| Obsoletes: 3278 (once approved) | Obsoletes: 3278 (once approved) | |||
| Expires: November 5, 2009 | Expires: November 29, 2009 | |||
| Use of Elliptic Curve Cryptography (ECC) Algorithms | Use of Elliptic Curve Cryptography (ECC) Algorithms | |||
| in Cryptographic Message Syntax (CMS) | in Cryptographic Message Syntax (CMS) | |||
| draft-ietf-smime-3278bis-07.txt | draft-ietf-smime-3278bis-08.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. This document may contain material | provisions of BCP 78 and BCP 79. This document may contain material | |||
| from IETF Documents or IETF Contributions published or made publicly | from IETF Documents or IETF Contributions published or made publicly | |||
| available before November 10, 2008. The person(s) controlling the | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | copyright in some of this material may not have granted the IETF | |||
| Trust the right to allow modifications of such material outside the | Trust the right to allow modifications of such material outside the | |||
| IETF Standards Process. Without obtaining an adequate license from | IETF Standards Process. Without obtaining an adequate license from | |||
| skipping to change at page 1, line 43 ¶ | skipping to change at page 1, line 43 ¶ | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| This Internet-Draft will expire on November 5, 2009. | This Internet-Draft will expire on November 29, 2009. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 3, line 14 ¶ | skipping to change at page 3, line 14 ¶ | |||
| 7.2. Other Syntax.............................................24 | 7.2. Other Syntax.............................................24 | |||
| 8. Recommended Algorithms and Elliptic Curves....................26 | 8. Recommended Algorithms and Elliptic Curves....................26 | |||
| 9. Security Considerations.......................................28 | 9. Security Considerations.......................................28 | |||
| 10. IANA Considerations..........................................33 | 10. IANA Considerations..........................................33 | |||
| 11. References...................................................33 | 11. References...................................................33 | |||
| 11.1. Normative...............................................33 | 11.1. Normative...............................................33 | |||
| 11.2. Informative.............................................35 | 11.2. Informative.............................................35 | |||
| Appendix A ASN.1 Modules.........................................36 | Appendix A ASN.1 Modules.........................................36 | |||
| Appendix A.1 1988 ASN.1 Module................................36 | Appendix A.1 1988 ASN.1 Module................................36 | |||
| Appendix A.2 2004 ASN.1 Module................................43 | Appendix A.2 2004 ASN.1 Module................................43 | |||
| Appendix B Changes since RFC 3278................................53 | Appendix B Changes since RFC 3278................................57 | |||
| Acknowledgements.................................................56 | Acknowledgements.................................................59 | |||
| Author's Addresses...............................................56 | Author's Addresses...............................................59 | |||
| 1. Introduction | 1. Introduction | |||
| The Cryptographic Message Syntax (CMS) is cryptographic algorithm | The Cryptographic Message Syntax (CMS) is cryptographic algorithm | |||
| independent. This specification defines a profile for the use of | independent. This specification defines a profile for the use of | |||
| Elliptic Curve Cryptography (ECC) public key algorithms in the CMS. | Elliptic Curve Cryptography (ECC) public key algorithms in the CMS. | |||
| The ECC algorithms are incorporated into the following CMS content | The ECC algorithms are incorporated into the following CMS content | |||
| types: | types: | |||
| - 'SignedData' to support ECC-based digital signature methods | - 'SignedData' to support ECC-based digital signature methods | |||
| skipping to change at page 6, line 24 ¶ | skipping to change at page 6, line 24 ¶ | |||
| - originator MUST be the alternative originatorKey. The | - originator MUST be the alternative originatorKey. The | |||
| originatorKey algorithm field MUST contain the id-ecPublicKey | originatorKey algorithm field MUST contain the id-ecPublicKey | |||
| object identifier (see Section 7.1.2). The parameters | object identifier (see Section 7.1.2). The parameters | |||
| associated with id-ecPublicKey MUST be absent, ECParameters, or | associated with id-ecPublicKey MUST be absent, ECParameters, or | |||
| NULL. The parameters associated with id-ecPublicKey SHOULD be | NULL. The parameters associated with id-ecPublicKey SHOULD be | |||
| absent or ECParameters, and NULL is allowed to support legacy | absent or ECParameters, and NULL is allowed to support legacy | |||
| implementations. The previous version of this document required | implementations. The previous version of this document required | |||
| NULL to be present. If the parameters are ECParameters, then | NULL to be present. If the parameters are ECParameters, then | |||
| they MUST be namedCurve. The originatorKey publicKey field MUST | they MUST be namedCurve. The originatorKey publicKey field MUST | |||
| contain the value of the ASN.1 type ECPoint (see Section 7.2), | contain the DER-encoding of the value of the ASN.1 type ECPoint | |||
| which represents the sending agent's ephemeral EC public key. | (see Section 7.2), which represents the sending agent's | |||
| The ECPoint in uncompressed form MUST be supported. | ephemeral EC public key. The ECPoint in uncompressed form MUST | |||
| be supported. | ||||
| - ukm MAY be present or absent. However, message originators | - ukm MAY be present or absent. However, message originators | |||
| SHOULD include the ukm. As specified in RFC 3852 [CMS], | SHOULD include the ukm. As specified in RFC 3852 [CMS], | |||
| implementations MUST support ukm message recipient processing, | implementations MUST support ukm message recipient processing, | |||
| so interoperability is not a concern if the ukm is present or | so interoperability is not a concern if the ukm is present or | |||
| absent. The ukm is placed in the entityUInfo field of the ECC- | absent. The ukm is placed in the entityUInfo field of the ECC- | |||
| CMS-SharedInfo structure. When present, the ukm is used to | CMS-SharedInfo structure. When present, the ukm is used to | |||
| ensure that a different key-encryption key is generated, even | ensure that a different key-encryption key is generated, even | |||
| when the ephemeral private key is improperly used more than | when the ephemeral private key is improperly used more than | |||
| once, by using the ECC-CMS-SharedInfo as an input to the key | once, by using the ECC-CMS-SharedInfo as an input to the key | |||
| skipping to change at page 19, line 47 ¶ | skipping to change at page 19, line 47 ¶ | |||
| 30 15 06 06 2b 81 04 01 0F 01 30 0b 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 01 30 0b 06 09 60 86 48 01 65 03 04 | |||
| 01 05 | 01 05 | |||
| KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128 | KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-128 | |||
| 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 | |||
| 01 05 | 01 05 | |||
| KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128 | KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-128 | |||
| 30 15 06 06 2b 81 04 01 0F 03 30 0d 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04 | |||
| 01 05 | 01 05 | |||
| KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192 | KA=ECMQV 1-Pass KDF=SHA-1 Wrap=AES-192 | |||
| 30 18 06 09 2b 81 05 10 86 48 3f 00 10 30 0b 06 09 60 86 48 01 | 30 18 06 09 2b 81 05 10 86 48 3f 00 10 30 0b 06 09 60 86 48 01 | |||
| 65 03 04 01 19 | 65 03 04 01 19 | |||
| KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192 | KA=ECMQV 1-Pass KDF=SHA-224 Wrap=AES-192 | |||
| 30 15 06 06 2b 81 04 01 0F 00 30 0b 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 00 30 0b 06 09 60 86 48 01 65 03 04 | |||
| skipping to change at page 21, line 10 ¶ | skipping to change at page 21, line 10 ¶ | |||
| KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256 | KA=ECMQV 1-Pass KDF=SHA-384 Wrap=AES-256 | |||
| 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 02 30 0b 06 09 60 86 48 01 65 03 04 | |||
| 01 2D | 01 2D | |||
| KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256 | KA=ECMQV 1-Pass KDF=SHA-512 Wrap=AES-256 | |||
| 30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04 | 30 15 06 06 2b 81 04 01 0F 03 30 0b 06 09 60 86 48 01 65 03 04 | |||
| 01 2D | 01 2D | |||
| NOTE: The S/MIME Capabilities indicate that parameters for the key | ||||
| wrap algorithm AES-* (where * is 128, 192, or 256) are NULL; however, | ||||
| the parameters are absent when used to encrypt/decrypt a content | ||||
| encryption key. | ||||
| NOTE: The S/MIME Capabilities for the supported AES content | NOTE: The S/MIME Capabilities for the supported AES content | |||
| encryption key sizes are defined in [CMS-AES]. | encryption key sizes are defined in [CMS-AES]. | |||
| NOTE: The S/MIME Capabilities for the supported MAC algorithms are | NOTE: The S/MIME Capabilities for the supported MAC algorithms are | |||
| defined in [CMS-ASN]. | defined in [CMS-ASN]. | |||
| 7. ASN.1 Syntax | 7. ASN.1 Syntax | |||
| The ASN.1 syntax used in this document is gathered in this section | The ASN.1 syntax [X.680], [X.681], X.682], [X.683] used in this | |||
| for reference purposes. | document is gathered in this section for reference purposes. | |||
| 7.1. Algorithm Identifiers | 7.1. Algorithm Identifiers | |||
| This section provides the object identifiers for the algorithms used | This section provides the object identifiers for the algorithms used | |||
| in this document along with any associated parameters. | in this document along with any associated parameters. | |||
| 7.1.1. Digest Algorithms | 7.1.1. Digest Algorithms | |||
| Digest algorithm object identifiers are used in the SignedData | Digest algorithm object identifiers are used in the SignedData | |||
| digestAlgorithms and digestAlgorithm fields and the AuthenticatedData | digestAlgorithms and digestAlgorithm fields and the AuthenticatedData | |||
| skipping to change at page 22, line 13 ¶ | skipping to change at page 22, line 8 ¶ | |||
| iso(1) member-body(2) us(840) 10045 } | iso(1) member-body(2) us(840) 10045 } | |||
| When the object identifier id-ecPublicKey is used here with an | When the object identifier id-ecPublicKey is used here with an | |||
| algorithm identifier, the associated parameters MUST be either absent | algorithm identifier, the associated parameters MUST be either absent | |||
| or ECParameters. Implementations MUST accept id-ecPublicKey with | or ECParameters. Implementations MUST accept id-ecPublicKey with | |||
| absent and ECParameters parameters. If ECParameters is present, its | absent and ECParameters parameters. If ECParameters is present, its | |||
| value MUST match the recipient's ECParameters. Implementations | value MUST match the recipient's ECParameters. Implementations | |||
| SHOULD generate absent parameters for the id-ecPublicKey object | SHOULD generate absent parameters for the id-ecPublicKey object | |||
| identifier in the KeyAgreeRecipientInfo originator field. | identifier in the KeyAgreeRecipientInfo originator field. | |||
| NOTE: [CMS-ECC] indicated the parameters were NULL. Support for this | [CMS-ECC] indicated the parameters were NULL. Support for this | |||
| legacy form is OPTIONAL. | legacy form is OPTIONAL. | |||
| 7.1.3. Signature Algorithms | 7.1.3. Signature Algorithms | |||
| Signature algorithm identifiers are used in the SignedData | Signature algorithm identifiers are used in the SignedData | |||
| signatureAlgorithm and signature fields. The signature algorithms | signatureAlgorithm and signature fields. The signature algorithms | |||
| used in this document are ECDSA with SHA-1, ECDSA with SHA-224, ECDSA | used in this document are ECDSA with SHA-1, ECDSA with SHA-224, ECDSA | |||
| with SHA-256, ECDSA with SHA-384, and ECDSA with SHA-512. The object | with SHA-256, ECDSA with SHA-384, and ECDSA with SHA-512. The object | |||
| identifiers and parameters associated with these algorithms are found | identifiers and parameters associated with these algorithms are found | |||
| in [PKI-ALG]. | in [PKI-ALG]. | |||
| NOTE: [CMS-ECC] indicated the parameters were NULL. Support for this | [CMS-ECC] indicated the parameters were NULL. Support for this | |||
| legacy form is OPTIONAL. | legacy form is OPTIONAL. | |||
| 7.1.4. Key Agreement Algorithms | 7.1.4. Key Agreement Algorithms | |||
| Key agreement algorithms are used in EnvelopedData, | Key agreement algorithms are used in EnvelopedData, | |||
| AuthenticatedData, and AuthEnvelopedData in the KeyAgreeRecipientInfo | AuthenticatedData, and AuthEnvelopedData in the KeyAgreeRecipientInfo | |||
| keyEncryptionAlgorithm field. The following object identifiers | keyEncryptionAlgorithm field. The following object identifiers | |||
| indicate the key agreement algorithms used in this document: | indicate the key agreement algorithms used in this document [SP800- | |||
| 56A], [SEC1]: | ||||
| dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 2 } | x9-63-scheme 2 } | |||
| dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 0 } | secg-scheme 11 0 } | |||
| dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 1 } | secg-scheme 11 1 } | |||
| skipping to change at page 24, line 31 ¶ | skipping to change at page 24, line 29 ¶ | |||
| 7.1.7. Message Authentication Code Algorithms | 7.1.7. Message Authentication Code Algorithms | |||
| Message authentication code algorithms are used in AuthenticatedData | Message authentication code algorithms are used in AuthenticatedData | |||
| in the macAlgorithm field. The message authentication code | in the macAlgorithm field. The message authentication code | |||
| algorithms used in this document are HMAC with SHA-1, HMAC with SHA- | algorithms used in this document are HMAC with SHA-1, HMAC with SHA- | |||
| 224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512. | 224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512. | |||
| The object identifiers and parameters associated with these | The object identifiers and parameters associated with these | |||
| algorithms are found in [CMS-ALG] and [HMAC-SHA2]. | algorithms are found in [CMS-ALG] and [HMAC-SHA2]. | |||
| NOTE: [HMAC-SHA2] defines the object identifiers for HMAC with SHA- | ||||
| 224, HMAC with SHA-256, HMAC with SHA-384, and HMAC with SHA-512, but | ||||
| there is no ASN.1 module from which to import these object | ||||
| identifiers. Therefore, the object identifiers for these algorithms | ||||
| are included in the ASN.1 modules defined in Appendix A. | ||||
| 7.1.8. Key Derivation Algorithm | 7.1.8. Key Derivation Algorithm | |||
| The KDF used in this document is as specified in 3.6.1 of [SEC1]. | The KDF used in this document is as specified in 3.6.1 of [SEC1]. | |||
| The hash algorithm is identified in key agreement algorithm. For | The hash algorithm is identified in key agreement algorithm. For | |||
| example, dhSinglePass-stdDH-sha256kdf-scheme uses the KDF from [SEC1] | example, dhSinglePass-stdDH-sha256kdf-scheme uses the KDF from [SEC1] | |||
| but uses SHA-256 instead of SHA-1. | but uses SHA-256 instead of SHA-1. | |||
| 7.2. Other Syntax | 7.2. Other Syntax | |||
| The following additional syntax is used here. | The following additional syntax is used here. | |||
| skipping to change at page 33, line 11 ¶ | skipping to change at page 33, line 11 ¶ | |||
| ---------+----------+-----------+----------- | ---------+----------+-----------+----------- | |||
| 256 | 512+ | SHA-512 | secp521r1 | 256 | 512+ | SHA-512 | secp521r1 | |||
| ---------+----------+-----------+----------- | ---------+----------+-----------+----------- | |||
| 10. IANA Considerations | 10. IANA Considerations | |||
| This document makes extensive use of object identifiers to register | This document makes extensive use of object identifiers to register | |||
| originator public key types and algorithms. The algorithm object | originator public key types and algorithms. The algorithm object | |||
| identifiers are registered in the ANSI X9.62, ANSI X9.63, NIST, RSA, | identifiers are registered in the ANSI X9.62, ANSI X9.63, NIST, RSA, | |||
| and SECG arcs. Additionally, object identifiers are used to identify | and SECG arcs. Additionally, object identifiers are used to identify | |||
| the ASN.1 modules found in Appendix A. These are defined in an arc | the ASN.1 modules found in Appendix A (there are two). These are | |||
| delegated by IANA to the SMIME Working Group. No further action by | defined by the SMIME WG Registrar in an arc delegated by RSA to the | |||
| IANA is necessary for this document or any anticipated updates. | SMIME Working Group: iso(1) member-body(2) us(840) rsadsi(113549) | |||
| pkcs(1) pkcs-9(9) smime(16) modules(0). No action by IANA is | ||||
| necessary for this document or any anticipated updates. | ||||
| 11. References | 11. References | |||
| 11.1. Normative | 11.1. Normative | |||
| [CMS] Housley, R., "Cryptographic Message Syntax", RFC | [CMS] Housley, R., "Cryptographic Message Syntax", RFC | |||
| 3852, July 2004. | 3852, July 2004. | |||
| [CMS-AES] Schaad, J., "Use of the Advanced Encryption Standard | [CMS-AES] Schaad, J., "Use of the Advanced Encryption Standard | |||
| (AES) Encryption Algorithm in Cryptographic Message | (AES) Encryption Algorithm in Cryptographic Message | |||
| Syntax (CMS)", RFC 3565, July 2003. | Syntax (CMS)", RFC 3565, July 2003. | |||
| [CMS-AESCG] Housley, R., "Using AES-CCM and AES-GCM Authenticated | [CMS-AESCG] Housley, R., "Using AES-CCM and AES-GCM Authenticated | |||
| Encryption in the Cryptographic Message Syntax | Encryption in the Cryptographic Message Syntax | |||
| (CMS)", RFC 5084, November 2007. | (CMS)", RFC 5084, November 2007. | |||
| [CMS-ALG] Housley, R., "Cryptographic Message Syntax (CMS) | [CMS-ALG] Housley, R., "Cryptographic Message Syntax (CMS) | |||
| Algorithms", RFC 3370, August 2002. | Algorithms", RFC 3370, August 2002. | |||
| [CMS-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | ||||
| CMS", draft-ietf-smime-new-asn1, work-in-progress. | ||||
| [CMS-AUTHENV] Housley, R. "Cryptographic Message Syntax (CMS) | [CMS-AUTHENV] Housley, R. "Cryptographic Message Syntax (CMS) | |||
| Authenticated-Enveloped-Data Content Type", RFC 5083, | Authenticated-Enveloped-Data Content Type", RFC 5083, | |||
| November 2007. | November 2007. | |||
| [CMS-DH] Rescorla, E., "Diffie-Hellman Key Agreement Method", | [CMS-DH] Rescorla, E., "Diffie-Hellman Key Agreement Method", | |||
| RFC 2631, June 1999. | RFC 2631, June 1999. | |||
| [CMS-SHA2] Turner, S., "Using SHA2 Algorithms with Cryptographic | [CMS-SHA2] Turner, S., "Using SHA2 Algorithms with Cryptographic | |||
| Message Syntax", draft-ietf-smime-sha2, work-in- | Message Syntax", draft-ietf-smime-sha2, work-in- | |||
| progress. | progress. | |||
| skipping to change at page 34, line 40 ¶ | skipping to change at page 34, line 40 ¶ | |||
| "Randomness Recommendations for Security", RFC 4086, | "Randomness Recommendations for Security", RFC 4086, | |||
| June 2005. | June 2005. | |||
| [RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional | [RSAOAEP] Schaad, J., Kaliski, B., and R. Housley, "Additional | |||
| Algorithms and Identifiers for RSA Cryptography for | Algorithms and Identifiers for RSA Cryptography for | |||
| use in the Internet X.509 Public Key Infrastructure | use in the Internet X.509 Public Key Infrastructure | |||
| Certificate and Certificate Revocation List (CRL) | Certificate and Certificate Revocation List (CRL) | |||
| Profile", RFC 4055, June 2005. | Profile", RFC 4055, June 2005. | |||
| [SEC1] SECG, "Elliptic Curve Cryptography", Standards for | [SEC1] SECG, "Elliptic Curve Cryptography", Standards for | |||
| Efficient Cryptography Group, 2000. Available from | Efficient Cryptography Group, 2002. Available from | |||
| www.secg.org/collateral/sec1.pdf. | http://www.secg.org/download/aid-780/sec1-v2.pdf. | |||
| [SP800-56A] National Institute of Standards and Technology | [SP800-56A] National Institute of Standards and Technology | |||
| (NIST), Special Publication 800-56A: Recommendation | (NIST), Special Publication 800-56A: Recommendation | |||
| Pair-Wise Key Establishment Schemes Using Discrete | Pair-Wise Key Establishment Schemes Using Discrete | |||
| Logarithm Cryptography (Revised), March 2007. | Logarithm Cryptography (Revised), March 2007. | |||
| [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- | [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- | |||
| 1:2002. Information Technology - Abstract Syntax | 1:2002. Information Technology - Abstract Syntax | |||
| Notation One. | Notation One. | |||
| skipping to change at page 35, line 17 ¶ | skipping to change at page 35, line 17 ¶ | |||
| [BON] D. Boneh, "The Security of Multicast MAC", | [BON] D. Boneh, "The Security of Multicast MAC", | |||
| Presentation at Selected Areas of Cryptography 2000, | Presentation at Selected Areas of Cryptography 2000, | |||
| Center for Applied Cryptographic Research, University | Center for Applied Cryptographic Research, University | |||
| of Waterloo, 2000. Paper version available from | of Waterloo, 2000. Paper version available from | |||
| http://crypto.stanford.edu/~dabo/papers/mmac.ps | http://crypto.stanford.edu/~dabo/papers/mmac.ps | |||
| [CERTCAP] Santesson, S., "X.509 Certificate Extension for | [CERTCAP] Santesson, S., "X.509 Certificate Extension for | |||
| Secure/Multipurpose Internet Mail Extensions (S/MIME) | Secure/Multipurpose Internet Mail Extensions (S/MIME) | |||
| Capabilities", RFC 4262, December 2005. | Capabilities", RFC 4262, December 2005. | |||
| [CMS-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | ||||
| CMS", draft-ietf-smime-new-asn1, work-in-progress. | ||||
| [CMS-ECC] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of | [CMS-ECC] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of | |||
| Elliptic Curve Cryptography (ECC) Algorithms in | Elliptic Curve Cryptography (ECC) Algorithms in | |||
| Cryptographic Message Syntax (CMS)", RFC 3278, April | Cryptographic Message Syntax (CMS)", RFC 3278, April | |||
| 2002. | 2002. | |||
| [CMS-KEA] Pawling, J., "CMS KEA and SKIPJACK Conventions", RFC | [CMS-KEA] Pawling, J., "CMS KEA and SKIPJACK Conventions", RFC | |||
| 2876, July 2000. | 2876, July 2000. | |||
| [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 | [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 | |||
| and IEEE P1363 newsgroups, 1998. | and IEEE P1363 newsgroups, 1998. | |||
| [PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | [PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | |||
| PKIX", draft-ietf-pkix-new-asn1, work-in-progress. | PKIX", draft-ietf-pkix-new-asn1, work-in-progress. | |||
| [SP800-57] National Institute of Standards and Technology | [SP800-57] National Institute of Standards and Technology | |||
| (NIST), Special Publication 800-57: Recommendation | (NIST), Special Publication 800-57: Recommendation | |||
| for Key Management - Part 1 (Revised), March 2007. | for Key Management - Part 1 (Revised), March 2007. | |||
| [X.681] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- | [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- | |||
| 1:2002. Information Technology - Abstract Syntax | ||||
| Notation One. | ||||
| [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824- | ||||
| 2:2002. Information Technology - Abstract Syntax | 2:2002. Information Technology - Abstract Syntax | |||
| Notation One: Information Object Specification. | Notation One: Information Object Specification. | |||
| [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- | [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- | |||
| 3:2002. Information Technology - Abstract Syntax | 3:2002. Information Technology - Abstract Syntax | |||
| Notation One: Constraint Specification. | Notation One: Constraint Specification. | |||
| [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- | [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- | |||
| 4:2002. Information Technology - Abstract Syntax | 4:2002. Information Technology - Abstract Syntax | |||
| Notation One: Parameterization of ASN.1 | Notation One: Parameterization of ASN.1 | |||
| Specifications, 2002. | Specifications, 2002. | |||
| Appendix A ASN.1 Modules | Appendix A ASN.1 Modules | |||
| Appendix A.1 provides the normative ASN.1 definitions for the | Appendix A.1 provides the normative ASN.1 definitions for the | |||
| structures described in this specification using ASN.1 as defined in | structures described in this specification using ASN.1 as defined in | |||
| [X.680] for compilers that support the 1988 ASN.1. | [X.680] for compilers that support the 1988 ASN.1. | |||
| Appendix A.2 provides an informative ASN.1 definitions for the | Appendix A.2 provides informative ASN.1 definitions for the | |||
| structures described in this specification using ASN.1 as defined in | structures described in this specification using ASN.1 as defined in | |||
| [X.680], [X.681], [X.682], and [X.683] for compilers that support the | [X.680], [X.681], [X.682], and [X.683] for compilers that support the | |||
| 2002 ASN.1. This appendix contains the same information as Appendix | 2002 ASN.1. This appendix contains the same information as Appendix | |||
| A.1 in a more recent (and precise) ASN.1 notation, however Appendix | A.1 in a more recent (and precise) ASN.1 notation, however Appendix | |||
| A.1 takes precedence in case of conflict. | A.1 takes precedence in case of conflict. | |||
| NOTE: The values for the TBAs will be included during AUTH48. | NOTE: The values for the TBAs will be included during AUTH48. | |||
| //** RFC Editor: Remove this note prior to publication **// | //** RFC Editor: Remove this note prior to publication **// | |||
| skipping to change at page 37, line 10 ¶ | skipping to change at page 37, line 18 ¶ | |||
| FROM PKIX1-PSS-OAEP-Algorithms | FROM PKIX1-PSS-OAEP-Algorithms | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-rsa-pkalgs(33) } | id-mod-pkix1-rsa-pkalgs(33) } | |||
| -- From [PKI-ALG] | -- From [PKI-ALG] | |||
| id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224, | id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224, | |||
| ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512, | ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512, | |||
| id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters | id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters | |||
| FROM PKIXAlgIDs-2008 | FROM PKIX1Algorithms2008 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) TBA1 } | security(5) mechanisms(5) pkix(7) id-mod(0) 45 } | |||
| -- From [CMS] | -- From [CMS] | |||
| OriginatorPublicKey, UserKeyingMaterial | OriginatorPublicKey, UserKeyingMaterial | |||
| FROM CryptographicMessageSyntax2004 | FROM CryptographicMessageSyntax2004 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) cms-2004(24) } | smime(16) modules(0) cms-2004(24) } | |||
| -- From [CMS-ALG] | -- From [CMS-ALG] | |||
| hMAC-SHA1, id-hmacWithSHA224, id-hmacWithSHA256, id-hmacWithSHA384, | hMAC-SHA1, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter | |||
| id-hmacWithSHA512, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter | ||||
| FROM CryptographicMessageSyntaxAlgorithms | FROM CryptographicMessageSyntaxAlgorithms | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) cmsalg-2008(TBD) } | smime(16) modules(0) cmsalg-2001(16) } | |||
| -- From [CMS-AES] | -- From [CMS-AES] | |||
| id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV, | id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV, | |||
| id-aes128-wrap, id-aes192-wrap, id-aes256-wrap | id-aes128-wrap, id-aes192-wrap, id-aes256-wrap | |||
| FROM CMSAesRsaesOaep | FROM CMSAesRsaesOaep | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-aes(19) } | smime(16) modules(0) id-mod-cms-aes(19) } | |||
| -- From [CMS-AESCG] | -- From [CMS-AESCG] | |||
| skipping to change at page 40, line 48 ¶ | skipping to change at page 40, line 48 ¶ | |||
| -- id-aes256-CCM Parameters are CCMParameters | -- id-aes256-CCM Parameters are CCMParameters | |||
| -- id-aes128-GCM Parameters are GCMParameters | -- id-aes128-GCM Parameters are GCMParameters | |||
| -- id-aes192-GCM Parameters are GCMParameters | -- id-aes192-GCM Parameters are GCMParameters | |||
| -- id-aes256-GCM Parameters are GCMParameters | -- id-aes256-GCM Parameters are GCMParameters | |||
| -- | -- | |||
| -- Message Authentication Code Algorithms | -- Message Authentication Code Algorithms | |||
| -- | -- | |||
| -- hMAC-SHA1 Parameters are preferred absent | -- hMAC-SHA1 Parameters are preferred absent | |||
| -- id-hmacWithSHA224 Parameters are absent | ||||
| -- id-hmacWithSHA256 Parameters are absent | -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are | |||
| -- id-hmacWithSHA384 Parameters are absent | -- absent | |||
| -- id-hmacWithSHA512 Parameters are absent | id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } | ||||
| id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } | ||||
| id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 | ||||
| } | ||||
| id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 | ||||
| } | ||||
| -- | -- | |||
| -- Originator Public Key Algorithms | -- Originator Public Key Algorithms | |||
| -- | -- | |||
| -- id-ecPublicKey Parameters are absent, NULL, or ECParameters | -- id-ecPublicKey Parameters are absent, NULL, or ECParameters | |||
| -- Format for both ephemeral and static public keys | -- Format for both ephemeral and static public keys | |||
| -- ECPoint ::= OCTET STRING | -- ECPoint ::= OCTET STRING | |||
| skipping to change at page 43, line 4 ¶ | skipping to change at page 43, line 7 ¶ | |||
| -- | -- | |||
| -- S/MIME Capabilities: ECDH, Single Pass, Cofactor | -- S/MIME Capabilities: ECDH, Single Pass, Cofactor | |||
| -- | -- | |||
| -- dhSinglePass-cofactorDH-sha1kdf Type is the KeyWrapAlgorithm | -- dhSinglePass-cofactorDH-sha1kdf Type is the KeyWrapAlgorithm | |||
| -- dhSinglePass-cofactorDH-sha224kdf Type is the KeyWrapAlgorithm | -- dhSinglePass-cofactorDH-sha224kdf Type is the KeyWrapAlgorithm | |||
| -- dhSinglePass-cofactorDH-sha256kdf Type is the KeyWrapAlgorithm | -- dhSinglePass-cofactorDH-sha256kdf Type is the KeyWrapAlgorithm | |||
| -- dhSinglePass-cofactorDH-sha384kdf Type is the KeyWrapAlgorithm | -- dhSinglePass-cofactorDH-sha384kdf Type is the KeyWrapAlgorithm | |||
| -- dhSinglePass-cofactorDH-sha512kdf Type is the KeyWrapAlgorithm | -- dhSinglePass-cofactorDH-sha512kdf Type is the KeyWrapAlgorithm | |||
| -- | -- | |||
| -- S/MIME Capabilities: ECMQV, Single Pass, Standard | -- S/MIME Capabilities: ECMQV, Single Pass, Standard | |||
| -- | -- | |||
| -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm | |||
| -- | ||||
| -- S/MIME Capabilities: Message Authentication Code Algorithms | ||||
| -- | ||||
| -- hMACSHA1 Type is preferred absent | ||||
| -- id-hmacWithSHA224 Type is absent | ||||
| -- if-hmacWithSHA256 Type is absent | ||||
| -- id-hmacWithSHA384 Type is absent | ||||
| -- id-hmacWithSHA512 Type is absent | ||||
| END | END | |||
| Appendix A.2 2004 ASN.1 Module | Appendix A.2 2004 ASN.1 Module | |||
| SMIMEECCAlgs-2008 | SMIMEECCAlgs-2008 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) TBA2 } | smime(16) modules(0) TBA2 } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- EXPORTS ALL | -- EXPORTS ALL | |||
| IMPORTS | IMPORTS | |||
| -- From [PKI-ASN] | ||||
| -- From [PKI-ALG] | ||||
| mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, | mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, | |||
| sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, | sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, | |||
| ECDSA-Sig-Value, ECPoint, ECParameters | ECDSA-Sig-Value, ECPoint, ECParameters | |||
| FROM PKIXAlgIDs-2008 | FROM PKIXAlgs-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) TBA2 } | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-algorithms2008-02(56) } | ||||
| -- FROM [PKI-ASN] | -- From [PKI-ASN] | |||
| KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, | mda-sha224, mda-sha256, mda-sha384, mda-sha512 | |||
| PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE | FROM PKIX1-PSS-OAEP-Algorithms-2009 | |||
| FROM AlgorithmInformation | ||||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation(TBA5) } | id-mod-pkix1-rsa-pkalgs-02(54) } | |||
| -- From [PKI-ASN] | -- FROM [CMS-ASN] | |||
| mda-sha224, mda-sha256, mda-sha384, mda-sha512 | KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, | |||
| FROM PKIX1-PSS-OAEP-Algorithms | PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS | |||
| FROM AlgorithmInformation-2009 | ||||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) TBA7 } | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58) } | ||||
| -- From [CMS] | -- From [CMS-ASN] | |||
| OriginatorPublicKey, UserKeyingMaterial | OriginatorPublicKey, UserKeyingMaterial | |||
| FROM CryptographicMessageSyntax2004 | FROM CryptographicMessageSyntax-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) cms-2004(24) } | smime(16) modules(0) id-mod-cms-2004-02(41) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| maca-hMAC-SHA1, maca-hMAC-SHA224, maca-hMAC-SHA256, maca-hMAC-SHA384, | maca-hMAC-SHA1, cea-des-ede3-cbc, kwa-3DESWrap, CBCParameter | |||
| maca-hMAC-SHA512, cea-des-ede3-cbc, kwa-3DESWrap, CBCParameter | FROM CryptographicMessageSyntaxAlgorithms-2009 | |||
| FROM CryptographicMessageSyntaxAlgorithms | ||||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) cmsalg-2001(16) } | smime(16) modules(0) id-mod-cmsalg-2001-02(37) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| cea-aes128-CBC, cea-aes192-CBC, cea-aes256-CBC, kwa-aes128-wrap, | cea-aes128-CBC, cea-aes192-CBC, cea-aes256-CBC, kwa-aes128-wrap, | |||
| kwa-aes192-wrap, kwa-aes256-wrap | kwa-aes192-wrap, kwa-aes256-wrap | |||
| FROM CMSAesRsaesOaep | FROM CMSAesRsaesOaep-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-aes(19) } | smime(16) modules(0) id-mod-cms-aes-02(38) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| cea-aes128-ccm, cea-aes192-ccm, cea-aes256-ccm, cea-aes128-gcm, | cea-aes128-ccm, cea-aes192-ccm, cea-aes256-ccm, cea-aes128-gcm, | |||
| cea-aes192-gcm, cea-aes256-gcm | cea-aes192-gcm, cea-aes256-gcm | |||
| FROM CMS-AES-CCM-and-AES-GCM | FROM CMS-AES-CCM-and-AES-GCM-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) cms-aes-ccm-and-gcm(32) } | smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } | |||
| ; | ; | |||
| -- Constrains the SignedData digestAlgorithms field | -- Constrains the SignedData digestAlgorithms field | |||
| -- Constrains the SignedData SignerInfo digestAlgorithm field | -- Constrains the SignedData SignerInfo digestAlgorithm field | |||
| -- Constrains the AuthenticatedData digestAlgorithm field | -- Constrains the AuthenticatedData digestAlgorithm field | |||
| -- MessageDigestAlgs DIGEST-ALGORITHM ::= { | -- MessageDigestAlgs DIGEST-ALGORITHM ::= { | |||
| -- mda-sha1 | | -- mda-sha1 | | |||
| -- mda-sha224 | | -- mda-sha224 | | |||
| -- mda-sha256 | | -- mda-sha256 | | |||
| -- mda-sha384 | | -- mda-sha384 | | |||
| -- mda-sha512, | -- mda-sha512, | |||
| skipping to change at page 46, line 39 ¶ | skipping to change at page 47, line 14 ¶ | |||
| -- | -- | |||
| -- Diffie-Hellman Single Pass, Standard, with KDFs | -- Diffie-Hellman Single Pass, Standard, with KDFs | |||
| -- | -- | |||
| -- Parameters are always present and indicate the Key Wrap Algorithm | -- Parameters are always present and indicate the Key Wrap Algorithm | |||
| kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 2 } | x9-63-scheme 2 } | |||
| kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 0 } | secg-scheme 11 0 } | |||
| kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 1 } | secg-scheme 11 1 } | |||
| kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 2 } | secg-scheme 11 2 } | |||
| kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme } | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 3 } | secg-scheme 11 3 } | |||
| -- | -- | |||
| -- Diffie-Hellman Single Pass, Cofactor, with KDFs | -- Diffie-Hellman Single Pass, Cofactor, with KDFs | |||
| -- | -- | |||
| kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | |||
| IDENTIFIED BY | ||||
| dhSinglePass-cofactorDH-sha1kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 3 } | x9-63-scheme 3 } | |||
| kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | |||
| IDENTIFIED BY | ||||
| dhSinglePass-cofactorDH-sha224kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 0 } | secg-scheme 14 0 } | |||
| kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | |||
| IDENTIFIED BY | ||||
| dhSinglePass-cofactorDH-sha256kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 1 } | secg-scheme 14 1 } | |||
| kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | |||
| IDENTIFIED BY | ||||
| dhSinglePass-cofactorDH-sha384kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 2 } | secg-scheme 14 2 } | |||
| kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | |||
| IDENTIFIED BY | ||||
| dhSinglePass-cofactorDH-sha512kdf-scheme } | ||||
| } | } | |||
| dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 3 } | secg-scheme 14 3 } | |||
| -- | -- | |||
| -- MQV Single Pass, Cofactor, with KDFs | -- MQV Single Pass, Cofactor, with KDFs | |||
| -- | -- | |||
| kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha1kdf-scheme | IDENTIFIER mqvSinglePass-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme | |||
| IDENTIFIED BY mqvSinglePass-sha1kdf-scheme } | ||||
| } | } | |||
| mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 16 } | x9-63-scheme 16 } | |||
| kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha224kdf-scheme | IDENTIFIER mqvSinglePass-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme | |||
| IDENTIFIED BY mqvSinglePass-sha224kdf-scheme } | ||||
| } | } | |||
| mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 0 } | secg-scheme 15 0 } | |||
| kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha256kdf-scheme | IDENTIFIER mqvSinglePass-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme | |||
| IDENTIFIED BY mqvSinglePass-sha256kdf-scheme } | ||||
| } | } | |||
| mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 1 } | secg-scheme 15 1 } | |||
| kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha384kdf-scheme | IDENTIFIER mqvSinglePass-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme | |||
| IDENTIFIED BY mqvSinglePass-sha384kdf-scheme } | ||||
| } | } | |||
| mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 2 } | secg-scheme 15 2 } | |||
| kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha512kdf-scheme | IDENTIFIER mqvSinglePass-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM TYPE -- unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- IS preferredPresent | |||
| SMIME CAPS { TYPE KeyWrapAlgorithm | SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme | |||
| IDENTIFIED BY mqvSinglePass-sha512kdf-scheme } | ||||
| } | } | |||
| mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 3 } | secg-scheme 15 3 } | |||
| -- | -- | |||
| -- Key Wrap Algorithms | -- Key Wrap Algorithms | |||
| -- | -- | |||
| KeyWrapAlgorithm ::= KeyWrapAlgs | KeyWrapAlgorithm ::= KeyWrapAlgs | |||
| skipping to change at page 51, line 4 ¶ | skipping to change at page 50, line 40 ¶ | |||
| } | } | |||
| mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 3 } | secg-scheme 15 3 } | |||
| -- | -- | |||
| -- Key Wrap Algorithms | -- Key Wrap Algorithms | |||
| -- | -- | |||
| KeyWrapAlgorithm ::= KeyWrapAlgs | KeyWrapAlgorithm ::= KeyWrapAlgs | |||
| KeyWrapAlgs KEY-WRAP ::= { | KeyWrapAlgs KEY-WRAP ::= { | |||
| kwa-3des | | kwa-3des | | |||
| kwa-aes128 | | kwa-aes128 | | |||
| kwa-aes192 | | kwa-aes192 | | |||
| kwa-aes256, | kwa-aes256, | |||
| ... -- Extensible | ... -- Extensible | |||
| } | } | |||
| -- | -- | |||
| -- Content Encryption Algorithms | -- Content Encryption Algorithms | |||
| -- | -- | |||
| -- Constrains the EnvelopedData EncryptedContentInfo encryptedContent | -- Constrains the EnvelopedData EncryptedContentInfo encryptedContent | |||
| -- field and the AuthEnvelopedData EncryptedContentInfo | -- field and the AuthEnvelopedData EncryptedContentInfo | |||
| -- contentEncryptionAlgorithm field | -- contentEncryptionAlgorithm field | |||
| -- ContentEncryptionAlgorithms CONTENT-ENCRYPTION ::= { | -- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { | |||
| -- cea-des-ede3-cbc | | -- cea-des-ede3-cbc | | |||
| -- cea-aes128-cbc | | -- cea-aes128-cbc | | |||
| -- cea-aes192-cbc | | -- cea-aes192-cbc | | |||
| -- cea-aes256-cbc | | -- cea-aes256-cbc | | |||
| -- cea-aes128-ccm | | -- cea-aes128-ccm | | |||
| -- cea-aes192-ccm | | -- cea-aes192-ccm | | |||
| -- cea-aes256-ccm | | -- cea-aes256-ccm | | |||
| -- cea-aes128-gcm | | -- cea-aes128-gcm | | |||
| -- cea-aes192-gcm | | -- cea-aes192-gcm | | |||
| -- cea-aes256-gcm, | -- cea-aes256-gcm, | |||
| skipping to change at page 52, line 4 ¶ | skipping to change at page 51, line 31 ¶ | |||
| -- cea-aes192-gcm | | -- cea-aes192-gcm | | |||
| -- cea-aes256-gcm, | -- cea-aes256-gcm, | |||
| -- ... -- Extensible | -- ... -- Extensible | |||
| -- } | -- } | |||
| -- des-ede3-cbc and aes*-cbc are used with EnvelopedData and | -- des-ede3-cbc and aes*-cbc are used with EnvelopedData and | |||
| -- EncryptedData | -- EncryptedData | |||
| -- aes*-ccm are used with AuthEnvelopedData | -- aes*-ccm are used with AuthEnvelopedData | |||
| -- aes*-gcm are used with AuthEnvelopedData | -- aes*-gcm are used with AuthEnvelopedData | |||
| -- (where * is 128, 192, and 256) | -- (where * is 128, 192, and 256) | |||
| -- | -- | |||
| -- Message Authentication Code Algorithms | -- Message Authentication Code Algorithms | |||
| -- | -- | |||
| -- Constrains the AuthenticatedData | -- Constrains the AuthenticatedData | |||
| -- MessageAuthenticationCodeAlgorithm field | -- MessageAuthenticationCodeAlgorithm field | |||
| -- | -- | |||
| -- MessageAuthenticationCodeAlgorithms MAC-ALGORITHM ::= { | MessageAuthAlgs MAC-ALGORITHM ::= { | |||
| -- maca-hMAC-SHA1 | | -- maca-hMAC-SHA1 | | |||
| -- maca-hMAC-SHA224 | | maca-hMAC-SHA224 | | |||
| -- maca-hMAC-SHA256 | | maca-hMAC-SHA256 | | |||
| -- maca-hMAC-SHA384 | | maca-hMAC-SHA384 | | |||
| -- maca-hMAC-SHA512, | maca-hMAC-SHA512, | |||
| -- ... -- Extensible | ... -- Extensible | |||
| -- } | } | |||
| maca-hMAC-SHA224 MAC-ALGORITHM ::= { | ||||
| IDENTIFIER hMAC-SHA1 | ||||
| PARAMS TYPE ARE absent | ||||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS cap-hMAC-SHA224 | ||||
| } | ||||
| id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) | ||||
| digestAlgorithm(2) 8 } | ||||
| maca-hMAC-SHA256 MAC-ALGORITHM ::= { | ||||
| IDENTIFIER id-hmacWithSHA256 | ||||
| PARAMS TYPE ARE absent | ||||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS cap-hMAC-SHA256 | ||||
| } | ||||
| id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) | ||||
| digestAlgorithm(2) 9 } | ||||
| maca-hMAC-SHA384 MAC-ALGORITHM ::= { | ||||
| IDENTIFIER id-hmacWithSHA384 | ||||
| PARAMS TYPE ARE absent | ||||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS cap-hMAC-SHA384 | ||||
| } | ||||
| id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) | ||||
| digestAlgorithm(2) 10 } | ||||
| maca-hMAC-SHA512 MAC-ALGORITHM ::= { | ||||
| IDENTIFIER id-hmacWithSHA512 | ||||
| PARAMS TYPE ARE absent | ||||
| IS-KEYED-MAC TRUE | ||||
| SMIME-CAPS cap-hMAC-SHA512 | ||||
| } | ||||
| id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | ||||
| iso(1) member-body(2) us(840) rsadsi(113549) | ||||
| digestAlgorithm(2) 11 } | ||||
| -- | -- | |||
| -- Originator Public Key Algorithms | -- Originator Public Key Algorithms | |||
| -- | -- | |||
| -- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey | -- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey | |||
| -- OriginatorPublicKey algorithm field | -- OriginatorPublicKey algorithm field | |||
| -- PARAMS are NULL | -- PARAMS are NULL | |||
| skipping to change at page 53, line 22 ¶ | skipping to change at page 54, line 4 ¶ | |||
| -- Any future additions to this CHOICE should be coordinated | -- Any future additions to this CHOICE should be coordinated | |||
| -- with ANSI X.9. | -- with ANSI X.9. | |||
| -- Format of KeyAgreeRecipientInfo ukm field when used with | -- Format of KeyAgreeRecipientInfo ukm field when used with | |||
| -- ECMQV | -- ECMQV | |||
| MQVuserKeyingMaterial ::= SEQUENCE { | MQVuserKeyingMaterial ::= SEQUENCE { | |||
| ephemeralPublicKey OriginatorPublicKey, | ephemeralPublicKey OriginatorPublicKey, | |||
| addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL | addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL | |||
| } | } | |||
| -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with | -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with | |||
| -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData | -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData | |||
| ECC-CMS-SharedInfo ::= SEQUENCE { | ECC-CMS-SharedInfo ::= SEQUENCE { | |||
| keyInfo AlgorithmIdentifier { KeyWrapAlgorithm }, | keyInfo AlgorithmIdentifier { KeyWrapAlgorithm }, | |||
| entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, | entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, | |||
| suppPubInfo [2] EXPLICIT OCTET STRING | suppPubInfo [2] EXPLICIT OCTET STRING | |||
| } | } | |||
| -- | ||||
| -- S/MIME CAPS for algorithms in this document | ||||
| -- | ||||
| SMimeCAPS SMIME-CAPS ::= { | ||||
| -- mda-sha1.&smimeCaps | | ||||
| -- mda-sha224.&smimeCaps | | ||||
| -- mda-sha256.&smimeCaps | | ||||
| -- mda-sha384.&smimeCaps | | ||||
| -- mda-sha512.&smimeCaps | | ||||
| -- sa-ecdsaWithSHA1.&smimeCaps | | ||||
| -- sa-ecdsaWithSHA224.&smimeCaps | | ||||
| -- sa-ecdsaWithSHA256.&smimeCaps | | ||||
| -- sa-ecdsaWithSHA384.&smimeCaps | | ||||
| -- sa-ecdsaWithSHA512.&smimeCaps | | ||||
| kaa-dhSinglePass-stdDH-sha1kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-stdDH-sha224kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-cofactorDH-sha1kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-cofactorDH-sha224kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-cofactorDH-sha256kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-cofactorDH-sha384kdf-scheme.&smimeCaps | | ||||
| kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps | | ||||
| kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps | | ||||
| kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps | | ||||
| kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps | | ||||
| kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps | | ||||
| kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps | | ||||
| -- kwa-3des.&smimeCaps | | ||||
| -- kwa-aes128.&smimeCaps | | ||||
| -- kwa-aes192.&smimeCaps | | ||||
| -- kwa-aes256.&smimeCaps | | ||||
| -- cea-des-ede3-cbc.&smimeCaps | | ||||
| -- cea-aes128-cbc.&smimeCaps | | ||||
| -- cea-aes192-cbc.&smimeCaps | | ||||
| -- cea-aes256-cbc.&smimeCaps | | ||||
| -- cea-aes128-ccm.&smimeCaps | | ||||
| -- cea-aes192-ccm.&smimeCaps | | ||||
| -- cea-aes256-ccm.&smimeCaps | | ||||
| -- cea-aes128-gcm.&smimeCaps | | ||||
| -- cea-aes192-gcm.&smimeCaps | | ||||
| -- cea-aes256-gcm.&smimeCaps | | ||||
| -- maca-hMAC-SHA1.&smimeCaps | | ||||
| maca-hMAC-SHA224.&smimeCaps | | ||||
| maca-hMAC-SHA256.&smimeCaps | | ||||
| maca-hMAC-SHA384.&smimeCaps | | ||||
| maca-hMAC-SHA512.&smimeCaps, | ||||
| ... - Extensible | ||||
| } | ||||
| cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= { | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= { | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme } | ||||
| cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= { | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme } | ||||
| cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= { | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= { | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-cofactorDH-sha1kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-cofactorDH-sha224kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-cofactorDH-sha256kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-cofactorDH-sha384kdf-scheme | ||||
| } | ||||
| cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY dhSinglePass-cofactorDH-sha512kdf-scheme | ||||
| } | ||||
| cap-kaa-mqvSinglePass-sha1kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY mqvSinglePass-sha1kdf-scheme | ||||
| } | ||||
| cap-kaa-mqvSinglePass-sha224kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY mqvSinglePass-sha224kdf-scheme | ||||
| } | ||||
| cap-kaa-mqvSinglePass-sha256kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY mqvSinglePass-sha256kdf-scheme | ||||
| } | ||||
| cap-kaa-mqvSinglePass-sha384kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY mqvSinglePass-sha384kdf-scheme | ||||
| } | ||||
| cap-kaa-mqvSinglePass-sha512kdf-scheme SMIME-CAPS ::={ | ||||
| TYPE KeyWrapAlgorithm | ||||
| IDENTIFIED BY mqvSinglePass-sha512kdf-scheme | ||||
| } | ||||
| cap-hMAC-SHA224 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA224 } | ||||
| cap-hMAC-SHA256 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA256 } | ||||
| cap-hMAC-SHA384 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA384 } | ||||
| cap-hMAC-SHA512 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA512 } | ||||
| END | END | |||
| Appendix B Changes since RFC 3278 | Appendix B Changes since RFC 3278 | |||
| The following summarizes the changes: | The following summarizes the changes: | |||
| - Abstract: The basis of the document was changed to refer to NIST | - Abstract: The basis of the document was changed to refer to NIST | |||
| FIPS 186-3 and SP800-56A. However, to maintain backwards | FIPS 186-3 and SP800-56A. However, to maintain backwards | |||
| compatibility the Key Derivation Function from ANSI/SEC1 is | compatibility the Key Derivation Function from ANSI/SEC1 is | |||
| retained. | retained. | |||
| skipping to change at page 54, line 25 ¶ | skipping to change at page 57, line 43 ¶ | |||
| - Section 3.1.1: The text was updated to include description of all | - Section 3.1.1: The text was updated to include description of all | |||
| KeyAgreeRecipientInfo fields. Parameters for id-ecPublicKey | KeyAgreeRecipientInfo fields. Parameters for id-ecPublicKey | |||
| field changed from NULL to absent or ECParameter. Additional | field changed from NULL to absent or ECParameter. Additional | |||
| information about ukm was added. | information about ukm was added. | |||
| - Section 3.2: The sentence describing the advantages of 1-Pass | - Section 3.2: The sentence describing the advantages of 1-Pass | |||
| ECMQV was rewritten. | ECMQV was rewritten. | |||
| - Section 3.2.1: The text was updated to include description of all | - Section 3.2.1: The text was updated to include description of all | |||
| fields. Parameters for id-ecPublicKey field changed from NULL | fields. Parameters for id-ecPublicKey field changed from NULL | |||
| to absent or ECPoint. | to absent or ECParameters. | |||
| - Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph | - Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph | |||
| was reworded. | was reworded. | |||
| - Section 4.1: The sentences describing the advantages of 1-Pass | - Section 4.1: The sentences describing the advantages of 1-Pass | |||
| ECMQV was moved to Section 4. | ECMQV was moved to Section 4. | |||
| - Section 4.1.2: The note about the attack was moved to Section 4. | - Section 4.1.2: The note about the attack was moved to Section 4. | |||
| - Section 4.2: This section was added to address AuthEnvelopedData | - Section 4.2: This section was added to address AuthEnvelopedData | |||
| End of changes. 70 change blocks. | ||||
| 125 lines changed or deleted | 314 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||