1 / 20

RSA Laboratories’ PKCS Series - a Tutorial

RSA Laboratories’ PKCS Series - a Tutorial. PKCS #7 Magnus Nyström, October, 1999. Cryptographic Message Syntax Standard. Specifies a syntax for digital envelopes and digital signatures

amie
Download Presentation

RSA Laboratories’ PKCS Series - a Tutorial

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RSA Laboratories’ PKCS Series - a Tutorial PKCS #7 Magnus Nyström, October, 1999

  2. Cryptographic Message Syntax Standard • Specifies a syntax for digital envelopes and digital signatures • Widely used in many applications for enveloping and authenticating messages, and for distribution of certificates and certificate revocation lists • Version 1.5 latest official version from RSA Labs • Version 1.6 never officially supported

  3. Cryptographic Message Syntax Standard, II • Version 2.0 existed in draft form when IETF’s SMIME working group started its CMS work • Version 1.5 will be described here, IETF CMS is a superset but not radically different (will point out main differences)

  4. Content types • Data generated by applying procedures defined in PKCS #7 may be of type • data (untreated) • signed data • enveloped data • signed-and-enveloped data • digested data • encrypted data • SMIME CMS adds “authenticated data”

  5. The Data content type • Simply an OCTET STRING (ASN.1). • Opaque for a PKCS #7 layer; interpretation is left to application layers

  6. The SignedData content type • Consists of • content of any type • an encrypted message digest of the content for each signer • may have zero or more signers (zero signers is degenerate case and may be used e.g. for distribution of certificates

  7. The signedData content type, II • The process: • Compute a message digest on the data to be signed • If more information is being signed than just the data, digest the SEQUENCE consisting of the data and the other information • Each signer encrypts the digest with the signer’s private key • Each signer includes the result in a SignerInfo structure • The SignerInfo structures are collected in a SEQUENCE and added to a value of type SignedData

  8. version digestAlgorithms contentInfo certificates crls signerInfos The SignedData content type, III

  9. version issuerAndSerialNumber digestAlgorithm authenticatedAttributes digestEncryptionAlgorithm encryptedDigest unauthenticatedAttributes The signerInfo type

  10. The envelopedData content type • Consists of • encrypted content (of any type) • encrypted content-encryption keys • Any type of content can be enveloped for any number of recipients, in parallel

  11. The envelopedData content type, II • The process • generate a random content-encryption key (CEK) • for each recipient, encrypt the CEK with • the recipients public key; or (CMS) • a key-encryption key (KEK), known by the recipient; or (CMS) • a key derived from a Diffie-Hellman key-agreement with the recipient; or (CMS “to be”) • a key derived from a password which the recipient knows • For each recipient, create a RecipientInfo structure • Encrypt the content with the CEK

  12. version recipientInfos encryptedContentInfo The EnvelopedData type

  13. contentType contentEncryptionAlgorithm encryptedContent The EncryptedContentInfo type

  14. The RecipientInfo type • Originally, just the CEK encrypted with the recipients public key (identified with a certificate) • In IETF CMS, this is a choice between various methods (KEK, Diffie-Hellman, Password-based)

  15. The SignedAndEnvelopedData Content type • When one wants to both sign and encrypt a message • Generally deprecated; originally for use with PEM • Suggestions for replacements?

  16. The digestedData content type • Consists of content of any type and a message digest of the content • No secrets involved; just a plain message digest • May be used as input to the enveloped-data process

  17. version digestAlgorithm contentInfo digest The DigestedData type

  18. version encryptedContentInfo The encryptedData content type • Degenerate form of enveloped data (no recipientInfo, no encrypted CEKs) • Keys are managed outside of the protocol

  19. The authenticatedData content type • Added by IETF SMIME • Adds a way to authenticate a message with a MAC rather than a digital signature • Syntax is straightforward (left as an exercise…)

  20. Wither, PKCS #7? • RSA Laboratories has handed over PKCS #7 v1.5 to CMS • This does not preclude a future version 2.0 of PKCS #7 from RSA Laboratories, should the need arise • PKCS #7 is available from • http://www.rsasecurity.com/rsalabs/pkcs

More Related