| < draft-turner-asymmetrickeyformat-04.txt | draft-turner-asymmetrickeyformat-05.txt > | |||
|---|---|---|---|---|
| Network Working Group Sean Turner, IECA | Network Working Group Sean Turner, IECA | |||
| Internet Draft March 8, 2009 | Internet Draft April 12, 2010 | |||
| Intended Status: Standard Track | Intended Status: Standard Track | |||
| Obsoletes: 5208 (once approved) | Obsoletes: 5208 (once approved) | |||
| Expires: September 8, 2010 | Expires: October 12, 2010 | |||
| Asymmetric Key Packages | Asymmetric Key Packages | |||
| draft-turner-asymmetrickeyformat-04.txt | draft-turner-asymmetrickeyformat-05.txt | |||
| Abstract | Abstract | |||
| This document defines the syntax for private key information and a | This document defines the syntax for private key information and a | |||
| content type for it. Private-key information includes a private key | content type for it. Private-key information includes a private key | |||
| for a specified public-key algorithm and a set of attributes. The | for a specified public-key algorithm and a set of attributes. The | |||
| Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be | Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be | |||
| used to digitally sign, digest, authenticate, or encrypt the | used to digitally sign, digest, authenticate, or encrypt the | |||
| asymmetric key format content type. This document obsoletes RFC | asymmetric key format content type. This document obsoletes RFC | |||
| 5208. | 5208. | |||
| skipping to change at page 2, line 7 ¶ | skipping to change at page 2, line 7 ¶ | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| This Internet-Draft will expire on September 8, 2010. | This Internet-Draft will expire on September 12, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2010 IETF Trust and the persons identified as the | Copyright (c) 2010 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 21 ¶ | skipping to change at page 3, line 21 ¶ | |||
| - Added that PKCS#9 attributes may be supported. | - Added that PKCS#9 attributes may be supported. | |||
| - Added discussion of compatibility with other private-key formats. | - Added discussion of compatibility with other private-key formats. | |||
| - Added requirements for encoding rule set. | - Added requirements for encoding rule set. | |||
| - Changed imports from PKCS#5 to [RFCTBD1] and [RFCTBD2]. | - Changed imports from PKCS#5 to [RFCTBD1] and [RFCTBD2]. | |||
| - Replaced ALGORITHM-IDENTIFIER with ALGORITHM from [RFCTBD1]. | - Replaced ALGORITHM-IDENTIFIER with ALGORITHM from [RFCTBD1]. | |||
| - Registers application/pkcs8 media type and .p8 file extension. | ||||
| 2. Asymmetric Key Package CMS Content Type | 2. Asymmetric Key Package CMS Content Type | |||
| The asymmetric key package CMS content type is used to transfer one | The asymmetric key package CMS content type is used to transfer one | |||
| or more plaintext asymmetric keys from one party to another. An | or more plaintext asymmetric keys from one party to another. An | |||
| asymmetric key package MAY be encapsulated in one or more CMS | asymmetric key package MAY be encapsulated in one or more CMS | |||
| protecting content types (see Section 4). Earlier versions of this | protecting content types (see Section 4). Earlier versions of this | |||
| specification [RFC5208] did not specify a particular encoding rule | specification [RFC5208] did not specify a particular encoding rule | |||
| set, but generators SHOULD use DER [X.690] and receivers SHOULD be | set, but generators SHOULD use DER [X.690] and receivers SHOULD be | |||
| prepared to handle BER [X.690] and DER [X.690]. | prepared to handle BER [X.690] and DER [X.690]. | |||
| skipping to change at page 8, line 36 ¶ | skipping to change at page 8, line 48 ¶ | |||
| Required parameters: None | Required parameters: None | |||
| Optional parameters: None | Optional parameters: None | |||
| Encoding considerations: binary | Encoding considerations: binary | |||
| Security considerations: Carries a cryptographic private key | Security considerations: Carries a cryptographic private key | |||
| Interoperability considerations: | Interoperability considerations: | |||
| The PKCS#8 object inside this MIME type MUST be DER-encoded | The PKCS#8 object inside this media type MUST be DER-encoded | |||
| PrivateKeyInfo. | PrivateKeyInfo. | |||
| Published specification: --THIS SPECIFICATION-- | Published specification: --THIS SPECIFICATION-- | |||
| /** RFC EDITOR: Replace "--THIS SPECIFICATION--" with the RFC # | /** RFC EDITOR: Replace "--THIS SPECIFICATION--" with the RFC # | |||
| assigned to this document. **/ | assigned to this document. **/ | |||
| Applications which use this media type: | Applications which use this media type: | |||
| Any MIME-compliant transport | Any MIME-compliant transport | |||
| Additional information: | Additional information: | |||
| Magic number(s): None | Magic number(s): None | |||
| skipping to change at page 14, line 14 ¶ | skipping to change at page 14, line 14 ¶ | |||
| -- An alternate representation that makes full use of ASN.1 | -- An alternate representation that makes full use of ASN.1 | |||
| -- constraints follows. Also note that PUBLIC-KEY needs to be | -- constraints follows. Also note that PUBLIC-KEY needs to be | |||
| -- imported from the new PKIX ASN.1 Algorithm Information module | -- imported from the new PKIX ASN.1 Algorithm Information module | |||
| -- and PrivateKeyAlgorithms needs to be commented out. | -- and PrivateKeyAlgorithms needs to be commented out. | |||
| -- OneAsymmetricKey ::= SEQUENCE { | -- OneAsymmetricKey ::= SEQUENCE { | |||
| -- version Version, | -- version Version, | |||
| -- privateKeyAlgorithm SEQUENCE { | -- privateKeyAlgorithm SEQUENCE { | |||
| -- algorithm PUBLIC-KEY.&id({PublicKeySet}), | -- algorithm PUBLIC-KEY.&id({PublicKeySet}), | |||
| -- parameters PUBLIC-KEY.&Params({PublicKeySet} | -- parameters PUBLIC-KEY.&Params({PublicKeySet} | |||
| -- {@algorithmIdentifier.algorithm}) | -- {@privateKeyAlgorithm.algorithm}) | |||
| -- OPTIONAL} | -- OPTIONAL} | |||
| -- privateKey OCTET STRING (CONTAINING | -- privateKey OCTET STRING (CONTAINING | |||
| -- PUBLIC-KEY.&PrivateKey({PublicKeySet} | -- PUBLIC-KEY.&PrivateKey({PublicKeySet} | |||
| -- {@KeyValue.algorithm})), | -- {@privateKeyAlgorithm.algorithm})), | |||
| -- attributes [0] Attributes OPTIONAL, | -- attributes [0] Attributes OPTIONAL, | |||
| -- ..., | -- ..., | |||
| -- [[2: publicKey [1] BIT STRING (CONTAINING | -- [[2: publicKey [1] BIT STRING (CONTAINING | |||
| -- PUBLIC-KEY.&Params({PublicKeySet} | -- PUBLIC-KEY.&Params({PublicKeySet} | |||
| -- {privateKeyAlgorithm.algorithm}) | -- {@privateKeyAlgorithm.algorithm}) | |||
| -- OPTIONAL, | -- OPTIONAL, | |||
| -- ... | -- ... | |||
| -- } | -- } | |||
| EncryptedPrivateKeyInfo ::= SEQUENCE { | EncryptedPrivateKeyInfo ::= SEQUENCE { | |||
| encryptionAlgorithm EncryptionAlgorithmIdentifier, | encryptionAlgorithm EncryptionAlgorithmIdentifier, | |||
| encryptedData EncryptedData } | encryptedData EncryptedData } | |||
| EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier | EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier | |||
| { CONTENT-ENCRYPTION, | { CONTENT-ENCRYPTION, | |||
| End of changes. 10 change blocks. | ||||
| 9 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||