idnits 2.17.1 draft-ietf-smime-examples-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** Missing expiration date. The document expiration date should appear on the first and last page. ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts. ** The document seems to lack a 1id_guidelines paragraph about the list of Shadow Directories. == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 516 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 35 instances of too long lines in the document, the longest one being 5 characters in excess of 72. ** There are 4 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (February 25, 1999) is 9191 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'CMS' on line 337 looks like a reference -- Missing reference section? 'SMIME-MSG' on line 343 looks like a reference -- Missing reference section? 'PKIX' on line 341 looks like a reference -- Missing reference section? 'ESS' on line 339 looks like a reference -- Missing reference section? 'PH' on line 491 looks like a reference -- Missing reference section? 'BR' on line 490 looks like a reference -- Missing reference section? 'JS' on line 492 looks like a reference Summary: 9 errors (**), 0 flaws (~~), 2 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Internet Draft Editor: Paul Hoffman 2 draft-ietf-smime-examples-00.txt Internet Mail Consortium 3 February 25, 1999 4 Expires in six months 6 Examples of CMS Message Bodies 8 Status of this memo 10 Internet-Drafts are working documents of the Internet Engineering Task 11 Force (IETF), its areas, and its working groups. Note that other groups 12 may also distribute working documents as Internet-Drafts. 14 Internet-Drafts are draft documents valid for a maximum of six months and 15 may be updated, replaced, or obsoleted by other documents at any time. It 16 is inappropriate to use Internet- Drafts as reference material or to cite 17 them other than as "work in progress." 19 To view the list Internet-Draft Shadow Directories, see 20 http://www.ietf.org/shadow.html. 22 This document is an Internet-Draft and is in full conformance with all 23 provisions of Section 10 of RFC2026. 25 Abstract 27 This document gives examples of message bodies formatted using the 28 Cryptographic Message Syntax (CMS). It includes examples of most or all 29 common formats; in addition, it gives examples that show common pitfalls in 30 implementing CMS. The purpose of this document is to help increase 31 interoperability for S/MIME and other protocols that rely on CMS. 33 This draft is being discussed on the 'ietf-smime' mailing list. To join 34 the list, send a message to with the single 35 word "subscribe" in the body of the message. Also, there is a Web site for 36 the mailing list at . 38 1. Introduction 40 The examples in this document show the structure and format of CMS message 41 bodies, as described in [CMS]. They are useful to implementors who use 42 protocols that rely on CMS, such as the S/MIME message format 43 protocol [SMIME-MSG]. 45 Every example in this document has been checked by two different 46 implementors. This strongly indicates (but does not assure) that the 47 examples are correct. All CMS implementors must read the CMS document 48 carefully before implementing from it. No one should use the examples in 49 this document as stand-alone explanations of how to create CMS message 50 bodies. 52 This document explicitly does not attempt to cover many PKIX [PKIX] 53 examples, nor does it cover any ESS [ESS] examples. Documents with examples 54 of those formats may be forthcoming. 56 2. Contributions To This Document 58 The examples shown here were created and validated by many different people. 59 In the example listings, there is a tag with the initials of the creator 60 of the example, and one or more tags for the people who validated 61 the example. 63 Some of the examples are of mis-implementations of CMS. That is, if a 64 developer reading the CMS specification created a message body that was 65 illegal, and another developer agreed that the mis-reading was potentially 66 a pitfall for later developers, that message body is also included here. 67 To make it clear which examples are bad, they are all put into a 68 single section of this document with (hopefully) explicit headings. 70 To contribute an implementation of an unimplemented example listed 71 in this document, to verify that you got the same results as an example 72 listed here, or to suggest a new example that should be listed, please 73 contact the document author at the address listed near the end of the 74 document. 76 3. Constants Used in the Examples 78 This section defines the data used in the rest of the document. The names 79 of the constants indicate their use. For example, AlicePrivDSSSign is the 80 private part of Alice's DSS signing key. 82 - Alice is the creator of the message bodies in this spec. 84 - Bob is the recipient of the messages. 86 - Carl is a CA. 88 - Diane sometimes gets involved with these folks. 90 3.1 Content of documents 92 ExContent is the following sentence: 93 This is some sample content. 94 That is, it is the string of characters starting with "T" up to and 95 including the ".". 97 The hex for ExContent is 98 5468 6973 2069 7320 736f 6d65 2073 616d 706c 6520 636f 6e74 656e 742e 100 The MD5 hash of ExContent is 101 9898 cac8 fab7 691f f89d c207 24e7 4a04 103 The SHA-1 hash of ExContent is 104 406a ec08 5279 ba6e 1602 2d9e 0629 c022 9687 dd48 106 3.2 Keys 108 The following keys are needed to create the samples. Note that 109 BobPubDHEncrypt and DianePubDHEncrypt do *not* share Diffie-Hellman 110 parameters. For the example of a common UKM, the BobPubDHSharedEncrypt and 111 DianePubDHSharedEncrypt keys are defined in that example. 113 AlicePrivDSSSign = XXXXX 114 AlicePrivRSASign = XXXXX 115 AlicePubDSSSign = XXXXX 116 AlicePubRSASign = XXXXX 117 BobPrivDHEncrypt = XXXXX 118 BobPrivRSAEncrypt = XXXXX 119 BobPubDHEncrypt = XXXXX 120 BobPubRSAEncrypt = XXXXX 121 CarlPrivDSSSign = XXXXX 122 CarlPrivRSASign = XXXXX 123 CarlPubDSSSign = XXXXX 124 CarlPubRSASign = XXXXX 125 DianePubDSSSign = XXXXX 126 DianePubRSASign = XXXXX 127 DianePubDHEncrypt = XXXXX 128 DianePubRSAEncrypt = XXXXX 129 MailListTripleDES = XXXXX 130 MailListRC2 = XXXXX 132 3.3 Certificates 134 AliceDSSSignByCarl = XXXXX 135 AliceRSASignByCarl = XXXXX 136 BobDHEncryptByCarl = XXXXX 137 CarlDSSSelf = XXXXX 138 CarlRSASelf = XXXXX 139 DianeDSSSignByCarl = XXXXX 140 DianeRSASignByCarl = XXXXX 142 3.4 CRLs 144 CarlCRL is a CRL from Carl that contains three revocations. 146 CarlCRL = XXXXX 148 4. Trivial Examples 150 This section covers examples of small CMS types. 152 4.1 ContentInfo with Data type, BER 154 The object is a ContentInfo containing a Data object in BER format that is 155 ExContent. 157 XXXXX 159 4.1 ContentInfo with Data type, DER 161 The object is a ContentInfo containing a Data object in DER format that is 162 ExContent. 164 DataTypeDER.bin: 166 XXXXX 168 5. Signed-data 170 5.1 Basic signed content, DSS 172 A SignedData with no attribute certificates, signed by Alice using DH-DSS, 173 just her certificate (not Carl's root cert), no CRL. The message is 174 ExContent, and is included in the eContent. There are no signed or unsigned 175 attributes. 177 XXXXX 179 5.2 Basic signed content, RSA 181 Same as 5.1, except using RSA signatures. A SignedData with no attribute 182 certificates, signed by Alice using RSA, just her certificate (not Carl's 183 root cert), no CRL. The message is ExContent, and is included in the 184 eContent. There are no signed or unsigned attributes. 186 XXXXX 188 5.3 Basic signed content, detached content 190 Same as 5.1, except with no eContent. A SignedData with no attribute 191 certificates, signed by Alice using DH-DSS, just her certificate (not 192 Carl's root cert), no CRL. The message is ExContent, but the eContent is 193 not included. There are no signed or unsigned attributes. 195 XXXXX 197 5.4 Fancier signed content 199 Same as 5.1, but includes Carl's root cert, Carl's CRL, some signed and 200 unsigned attributes (Countersignature by Diane). A SignedData with no 201 attribute certificates, signed by Alice using DH-DSS, her certificate and 202 Carl's root cert, Carl's DSS CRL. The message is ExContent, and is included 203 in the eContent. The signed attributes are Content Type, Message Digest and 204 Signing Time; the unsigned attributes are XXXXX. 206 XXXXX 208 5.6 All RSA signed message 210 Same as 5.2, but includes Carl's RSA root cert (but no CRL). A SignedData 211 with no attribute certificates, signed by Alice using RSA, her certificate 212 and Carl's root cert, no CRL. The message is ExContent, and is included in 213 the eContent. There are no signed or unsigned attributes. 215 XXXXX 217 5.7 Multiple signers 219 Similar to 5.1, but the message is also signed by Diane. Two SignedDatas 220 (one for Alice, one for Diane) with no attribute certificates, each signed 221 using DH-DSS, Alice's and Diane's certificate (not Carl's root cert), no 222 CRL. The message is ExContent, and is included in the eContent. There are 223 no signed or unsigned attributes. 225 XXXXX 227 5.8 Signing using SKI 229 Same as 5.1, but the signature uses the SKI instead of the issuer/serial 230 number in the cert. A SignedData with no attribute certificates, signed by 231 Alice using DH-DSS, just her certificate (not Carl's root cert), identified 232 by the SKI, no CRL. The message is ExContent, and is included in the 233 eContent. There are no signed or unsigned attributes. 235 XXXXX 237 6. Enveloped-data 239 6.1 Basic encrypted content, TripleDES and DH 241 An EnvelopedData from Alice to Bob of ExContent using TripleDES for 242 encrypting and Diffie-Hellman for key management. Does not have a 243 OriginatorInfo or any attributes. 245 XXXXX 247 6.2 Basic encrypted content, TripleDES and RSA 249 Same as 6.1, except with RSA for key management. An EnvelopedData from 250 Alice to Bob of ExContent using TripleDES for encrypting and RSA for key 251 management. Does not have a OriginatorInfo or any attributes. 253 XXXXX 255 6.3 Basic encrypted content, RC2/40 and RSA 257 Same as 6.1, except using RC2/40 for encryption and RSA for key management. 258 An EnvelopedData from Alice to Bob of ExContent using RC2/40 for encrypting 259 and RSA for key management. Does not have a OriginatorInfo or any 260 attributes. 262 XXXXX 264 6.4 Encrypted content, two recipients, no shared keying material 266 Same as 6.1, except sent to both Bob and Diane. 267 An EnvelopedData from Alice to Bob and Diane of ExContent using TripleDES for 268 encrypting and Diffie-Hellman for key management. Does not have a 269 OriginatorInfo or any attributes. 271 XXXXX 273 6.5 Encrypted content, two recipients, shared keying material 275 Same as 6.4, except using keys that have shared parameters so the result 276 does not include the UKMs. An EnvelopedData from Alice to Bob and Diane of 277 ExContent using TripleDES for encrypting and Diffie-Hellman for key 278 management. Does not have a OriginatorInfo or any attributes. Uses 279 BobPubDHSharedEncrypt and DianePubDHSharedEncrypt for keys. 281 BobPubDHSharedEncrypt = XXXXX 282 DianePubDHSharedEncrypt = XXXXX 284 XXXXX 286 6.6 Encrypted content, TripleDES and DH, previously-distributed keys 288 Same as 6.1, except sent using a previously-distributed key. 289 An EnvelopedData from Alice to Bob of ExContent using TripleDES for 290 encrypting and Diffie-Hellman for key management, using the 291 MailListTripleDES key. Does not have a 292 OriginatorInfo or any attributes. 294 XXXXX 296 6.7 Encrypted content, RC2/40 and RSA, previously-distributed keys 298 Same as 6.1, except sent using a previously-distributed key. 299 An EnvelopedData from Alice to Bob of ExContent using TripleDES for 300 encrypting and RSA for key management, using the 301 MailListRC2 key. Does not have a 302 OriginatorInfo or any attributes. 304 XXXXX 306 7. Digested-data 308 A DigestedData from Alice to Bob of ExContent using SHA-1. 310 XXXXX 312 8. Encrypted-data 314 An EncryptedData from Alice to Bob of ExContent with no 315 attributes. 317 XXXXX 319 9. Authenticated-data 321 9.1 Authenticated data with no autenticated attributes 323 An AutenticatedData from Alice to Bob using XXXXXXXXXX with 324 no authenticated attributes. 326 XXXXX 328 9.2 Authenticated data with autenticated attributes 330 An AutenticatedData from Alice to Bob using XXXXXXXXXX with 331 the content-type and message-digest authenticated attributes. 333 XXXXX 335 A. References 337 [CMS] Cryptographic Message Syntax, draft-ietf-smime-cms. 339 [ESS] Enhanced Security Services for S/MIME, draft-ietf-ietf-ess. 341 [PKIX] PKIX Certificate and CRL Profile, RFC 2459. 343 [SMIME-MSG] S/MIME Version 3 Message Specification. 344 draft-ietf-smime-msg. 346 B. Binaries of the Examples 348 This section contains the binaries of the examples shown in the rest of 349 the document. The binaries are stored in a modified Base64 format. There is 350 a Perl program that, when run over the contents of this document, will 351 extract the following binaries and write them out to disk. The program 352 works with Perl for Unix and Windows 95/98/NT (and possibly Macintosh). 354 B.1 How the binaries and extractor works 356 The program in the next section looks for lines that begin with a '|' 357 character (or some whitespace followed by a '|'), ignoring all other lines. 358 If the line begins with '|', the second character tells what kind of line 359 it is: 360 |* is a comment 361 |> gives the name of a new file to start 362 |< tells to end the file (and checks the file name for sanity) 363 |anythingelse is a Base64 line 365 The program writes out a series of files, so you should run this in an 366 empty directory. The program will overwrite files (if it can), but won't 367 delete other files already in the directory. 369 Run this program with this document as the standard input, such as: 370 extractsample " and "|<" markers, remove any page breaks, and remove the "|" 374 in the first column of each line. The result is a valid Base64 blob that 375 can be processed by any Base64 decoder. 377 B.2 Example extraction program 379 #!/usr/bin/perl 381 # CMS Samples extraction program. v 1.1 383 # Get all the input as an array of lines 384 @AllIn = (); while () { push(@AllIn, $_) } 386 $Base64Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr' . 387 'stuvwxyz0123456789+/='; 388 $LineCount = 0; $CurrFile = ''; 390 foreach $Line (@AllIn) { 391 $LineCount++; # Keep the line counter for error messages 392 $Line =~ s/^\s*//; # Get rid of leading whitespace 393 chomp($Line); # Get rid of CR or CRLF at the end of the line 394 if(substr($Line, 0, 1) ne '|') { next } # Not a special line 395 elsif(substr($Line, 1, 1) eq '*') { next } # It is a comment 396 elsif(substr($Line, 1, 1) eq '>') 397 { &StartNewFile(substr($Line, 2)) } # Start a new file 398 elsif(substr($Line, 1, 1) eq '<') 399 { &EndCurrFile(substr($Line, 2)) } # End the current file 400 else { &DoBase64(substr($Line, 1)) } # It is a line of Base64 401 } 403 sub StartNewFile { 404 $TheNewFile = shift(@_); 405 if($CurrFile ne '') { die "Was about to start a new file at " . 406 "line $LineCount, but the old file, $CurrFile, was open\n" } 407 open(OUT, ">$TheNewFile") or 408 die "Could not open $TheNewFile for writing: $!\n"; 409 $CurrFile = $TheNewFile; 410 $LeftOver = 0; # Amount left from previous Base64 character 411 $NextPos = 0; # Bit position to start the next Base64 character 412 # (bits are numbered 01234567) 413 $OutString = ''; # Holds the text going out to the file 414 } 416 sub EndCurrFile { 417 $FileToEnd = shift(@_); 418 if($CurrFile ne $FileToEnd) { die "Was about to close " . 419 "$FileToEnd at line $LineCount, but that name didn't match " . 420 "the name of the currently open file, $CurrFile\n" } 421 print OUT $OutString; 422 close(OUT); 423 $CurrFile = ''; 424 } 426 sub DoBase64 { 427 $TheIn = shift(@_); 428 if($CurrFile eq '') { die "Got some Base64 at line $LineCount, " . 429 "but appear to not be writing to any particular file" } 430 @Chars = split(//, $TheIn); # Make an array of the characters 431 foreach $ThisChar (@Chars) { 432 # $ThisVal is the position in the string and the Base64 value 433 $ThisVal = index($Base64Chars, $ThisChar); 434 if($ThisVal == -1) { die "At line $LineCount, found the " . 435 "character $ThisChar, which is not a Base64 character\n" } 436 if($ThisVal == 64) { last } # It is a "=", so we're done 437 if ($NextPos == 0 ) { 438 # Don't output anything, just fill the left of $LeftOver 439 $LeftOver = $ThisVal * 4; 440 $NextPos = 6; 441 } elsif ($NextPos == 2) { 442 # Add $ThisVal to $LeftOver, output, and reset 443 $OutString .= chr($LeftOver + $ThisVal); 444 $LeftOver = 0; 445 $NextPos = 0; 446 } elsif ($NextPos == 4) { 447 # Add upper 4 bits of $ThisVal to $LeftOver and output 448 $Upper4 = ($ThisVal & 60); 449 $OutString .= chr($LeftOver + ($Upper4/4)); 450 $LeftOver = (($ThisVal - $Upper4) * 64); 451 $NextPos = 2; 452 } elsif ($NextPos == 6) { 453 # Add upper 2 bits of $ThisVal to $LeftOver and output 454 $Upper2 = ($ThisVal & 48); 455 $OutString .= chr($LeftOver + ($Upper2/16)); 456 $LeftOver = (($ThisVal - $Upper2) * 16); 457 $NextPos = 4; 458 } else { die "\$NextPos has an illegal value." } 459 } 460 } 462 B.3 Examples by section 464 B.3.1 Examples from section 3.1 466 |* ExContent is just the message; creator: [PH] 467 |>ExContent.bin 468 |VGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50Lg== 469 |AlicePrivDSSSign.key 475 |blablahblah 476 |moreblahblahblah 477 |AlicePrivRSASign.key 479 |BlablahblaH 480 |MoreblahblahBlah 481 |