260 likes | 464 Views
RSA Laboratories’ PKCS Series - a Tutorial. PKCS #7 Magnus Nyström, October, 1999. Cryptographic Message Syntax Standard. Specifies a syntax for digital envelopes and digital signatures
E N D
RSA Laboratories’ PKCS Series - a Tutorial PKCS #7 Magnus Nyström, October, 1999
Cryptographic Message Syntax Standard • Specifies a syntax for digital envelopes and digital signatures • Widely used in many applications for enveloping and authenticating messages, and for distribution of certificates and certificate revocation lists • Version 1.5 latest official version from RSA Labs • Version 1.6 never officially supported
Cryptographic Message Syntax Standard, II • Version 2.0 existed in draft form when IETF’s SMIME working group started its CMS work • Version 1.5 will be described here, IETF CMS is a superset but not radically different (will point out main differences)
Content types • Data generated by applying procedures defined in PKCS #7 may be of type • data (untreated) • signed data • enveloped data • signed-and-enveloped data • digested data • encrypted data • SMIME CMS adds “authenticated data”
The Data content type • Simply an OCTET STRING (ASN.1). • Opaque for a PKCS #7 layer; interpretation is left to application layers
The SignedData content type • Consists of • content of any type • an encrypted message digest of the content for each signer • may have zero or more signers (zero signers is degenerate case and may be used e.g. for distribution of certificates
The signedData content type, II • The process: • Compute a message digest on the data to be signed • If more information is being signed than just the data, digest the SEQUENCE consisting of the data and the other information • Each signer encrypts the digest with the signer’s private key • Each signer includes the result in a SignerInfo structure • The SignerInfo structures are collected in a SEQUENCE and added to a value of type SignedData
version digestAlgorithms contentInfo certificates crls signerInfos The SignedData content type, III
version issuerAndSerialNumber digestAlgorithm authenticatedAttributes digestEncryptionAlgorithm encryptedDigest unauthenticatedAttributes The signerInfo type
The envelopedData content type • Consists of • encrypted content (of any type) • encrypted content-encryption keys • Any type of content can be enveloped for any number of recipients, in parallel
The envelopedData content type, II • The process • generate a random content-encryption key (CEK) • for each recipient, encrypt the CEK with • the recipients public key; or (CMS) • a key-encryption key (KEK), known by the recipient; or (CMS) • a key derived from a Diffie-Hellman key-agreement with the recipient; or (CMS “to be”) • a key derived from a password which the recipient knows • For each recipient, create a RecipientInfo structure • Encrypt the content with the CEK
version recipientInfos encryptedContentInfo The EnvelopedData type
contentType contentEncryptionAlgorithm encryptedContent The EncryptedContentInfo type
The RecipientInfo type • Originally, just the CEK encrypted with the recipients public key (identified with a certificate) • In IETF CMS, this is a choice between various methods (KEK, Diffie-Hellman, Password-based)
The SignedAndEnvelopedData Content type • When one wants to both sign and encrypt a message • Generally deprecated; originally for use with PEM • Suggestions for replacements?
The digestedData content type • Consists of content of any type and a message digest of the content • No secrets involved; just a plain message digest • May be used as input to the enveloped-data process
version digestAlgorithm contentInfo digest The DigestedData type
version encryptedContentInfo The encryptedData content type • Degenerate form of enveloped data (no recipientInfo, no encrypted CEKs) • Keys are managed outside of the protocol
The authenticatedData content type • Added by IETF SMIME • Adds a way to authenticate a message with a MAC rather than a digital signature • Syntax is straightforward (left as an exercise…)
Wither, PKCS #7? • RSA Laboratories has handed over PKCS #7 v1.5 to CMS • This does not preclude a future version 2.0 of PKCS #7 from RSA Laboratories, should the need arise • PKCS #7 is available from • http://www.rsasecurity.com/rsalabs/pkcs