< draft-turner-asymmetrickeyformat-04.txt   draft-turner-asymmetrickeyformat-05.txt >
Network Working Group Sean Turner, IECA Network Working Group Sean Turner, IECA
Internet Draft March 8, 2009 Internet Draft April 12, 2010
Intended Status: Standard Track Intended Status: Standard Track
Obsoletes: 5208 (once approved) Obsoletes: 5208 (once approved)
Expires: September 8, 2010 Expires: October 12, 2010
Asymmetric Key Packages Asymmetric Key Packages
draft-turner-asymmetrickeyformat-04.txt draft-turner-asymmetrickeyformat-05.txt
Abstract Abstract
This document defines the syntax for private key information and a This document defines the syntax for private key information and a
content type for it. Private-key information includes a private key content type for it. Private-key information includes a private key
for a specified public-key algorithm and a set of attributes. The for a specified public-key algorithm and a set of attributes. The
Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be
used to digitally sign, digest, authenticate, or encrypt the used to digitally sign, digest, authenticate, or encrypt the
asymmetric key format content type. This document obsoletes RFC asymmetric key format content type. This document obsoletes RFC
5208. 5208.
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on September 8, 2010. This Internet-Draft will expire on September 12, 2010.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 21 skipping to change at page 3, line 21
- Added that PKCS#9 attributes may be supported. - Added that PKCS#9 attributes may be supported.
- Added discussion of compatibility with other private-key formats. - Added discussion of compatibility with other private-key formats.
- Added requirements for encoding rule set. - Added requirements for encoding rule set.
- Changed imports from PKCS#5 to [RFCTBD1] and [RFCTBD2]. - Changed imports from PKCS#5 to [RFCTBD1] and [RFCTBD2].
- Replaced ALGORITHM-IDENTIFIER with ALGORITHM from [RFCTBD1]. - Replaced ALGORITHM-IDENTIFIER with ALGORITHM from [RFCTBD1].
- Registers application/pkcs8 media type and .p8 file extension.
2. Asymmetric Key Package CMS Content Type 2. Asymmetric Key Package CMS Content Type
The asymmetric key package CMS content type is used to transfer one The asymmetric key package CMS content type is used to transfer one
or more plaintext asymmetric keys from one party to another. An or more plaintext asymmetric keys from one party to another. An
asymmetric key package MAY be encapsulated in one or more CMS asymmetric key package MAY be encapsulated in one or more CMS
protecting content types (see Section 4). Earlier versions of this protecting content types (see Section 4). Earlier versions of this
specification [RFC5208] did not specify a particular encoding rule specification [RFC5208] did not specify a particular encoding rule
set, but generators SHOULD use DER [X.690] and receivers SHOULD be set, but generators SHOULD use DER [X.690] and receivers SHOULD be
prepared to handle BER [X.690] and DER [X.690]. prepared to handle BER [X.690] and DER [X.690].
skipping to change at page 8, line 36 skipping to change at page 8, line 48
Required parameters: None Required parameters: None
Optional parameters: None Optional parameters: None
Encoding considerations: binary Encoding considerations: binary
Security considerations: Carries a cryptographic private key Security considerations: Carries a cryptographic private key
Interoperability considerations: Interoperability considerations:
The PKCS#8 object inside this MIME type MUST be DER-encoded The PKCS#8 object inside this media type MUST be DER-encoded
PrivateKeyInfo. PrivateKeyInfo.
Published specification: --THIS SPECIFICATION-- Published specification: --THIS SPECIFICATION--
/** RFC EDITOR: Replace "--THIS SPECIFICATION--" with the RFC # /** RFC EDITOR: Replace "--THIS SPECIFICATION--" with the RFC #
assigned to this document. **/ assigned to this document. **/
Applications which use this media type: Applications which use this media type:
Any MIME-compliant transport Any MIME-compliant transport
Additional information: Additional information:
Magic number(s): None Magic number(s): None
skipping to change at page 14, line 14 skipping to change at page 14, line 14
-- An alternate representation that makes full use of ASN.1 -- An alternate representation that makes full use of ASN.1
-- constraints follows. Also note that PUBLIC-KEY needs to be -- constraints follows. Also note that PUBLIC-KEY needs to be
-- imported from the new PKIX ASN.1 Algorithm Information module -- imported from the new PKIX ASN.1 Algorithm Information module
-- and PrivateKeyAlgorithms needs to be commented out. -- and PrivateKeyAlgorithms needs to be commented out.
-- OneAsymmetricKey ::= SEQUENCE { -- OneAsymmetricKey ::= SEQUENCE {
-- version Version, -- version Version,
-- privateKeyAlgorithm SEQUENCE { -- privateKeyAlgorithm SEQUENCE {
-- algorithm PUBLIC-KEY.&id({PublicKeySet}), -- algorithm PUBLIC-KEY.&id({PublicKeySet}),
-- parameters PUBLIC-KEY.&Params({PublicKeySet} -- parameters PUBLIC-KEY.&Params({PublicKeySet}
-- {@algorithmIdentifier.algorithm}) -- {@privateKeyAlgorithm.algorithm})
-- OPTIONAL} -- OPTIONAL}
-- privateKey OCTET STRING (CONTAINING -- privateKey OCTET STRING (CONTAINING
-- PUBLIC-KEY.&PrivateKey({PublicKeySet} -- PUBLIC-KEY.&PrivateKey({PublicKeySet}
-- {@KeyValue.algorithm})), -- {@privateKeyAlgorithm.algorithm})),
-- attributes [0] Attributes OPTIONAL, -- attributes [0] Attributes OPTIONAL,
-- ..., -- ...,
-- [[2: publicKey [1] BIT STRING (CONTAINING -- [[2: publicKey [1] BIT STRING (CONTAINING
-- PUBLIC-KEY.&Params({PublicKeySet} -- PUBLIC-KEY.&Params({PublicKeySet}
-- {privateKeyAlgorithm.algorithm}) -- {@privateKeyAlgorithm.algorithm})
-- OPTIONAL, -- OPTIONAL,
-- ... -- ...
-- } -- }
EncryptedPrivateKeyInfo ::= SEQUENCE { EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm EncryptionAlgorithmIdentifier, encryptionAlgorithm EncryptionAlgorithmIdentifier,
encryptedData EncryptedData } encryptedData EncryptedData }
EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
{ CONTENT-ENCRYPTION, { CONTENT-ENCRYPTION,
 End of changes. 10 change blocks. 
9 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/