Jim,
Thank you very much for sending your proposed CMS module. I have a few
comments:
1) Your module mentions the hashing of CER-encoded data. I don't believe
that the WG has approved of that option, so I recommend deleting any mention
of CER.
2) Your module mandates that a SignatureValue must be an ENCRYPTED SEQUENCE
of digestAlgorithm and digest. CMS, Section 5.4 does not mandate the
inclusion of the digestAlgorithm in the message signature generation
process. In fact, only the digest itself is input to the DSS algorithm. I
recommend replacing your current SignatureValue, DigestInfo and Digest
definitions with the definition of SignatureValue as an OCTET STRING. The
SignerInfo signatureAlgorithm will indicate exactly what data is to be
encrypted to form the SignatureValue. There should be appendices to CMS for
DSS, RSA, Elliptical curve (future), etc.
3) Your module includes "originatorCertificateSelector CertificateAssertion
OPTIONAL" in RecipientInfo. I don't believe that the WG has formed a
consensus that originatorCertificateSelector must be a part of
RecipientInfo. I believe that omitting the originator cert and including
originatorCertificateSelector in RecipientInfo adds significant complexity
to an already complex protocol. It doesn't take many
originatorCertificateSelector fields to exceed the size of the originator's
cert. For those unfamiliar with CertificateAssertion, here is the definition:
CertificateAssertion ::= SEQUENCE {
serialNumber [0] CertificateSerialNumber OPTIONAL,
issuer [1] Name OPTIONAL,
subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL,
authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL,
certificateValid [4] Time OPTIONAL,
privateKeyValid [5] GeneralizedTime OPTIONAL,
subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL,
keyUsage [7] KeyUsage OPTIONAL,
subjectAltName [8] AltNameType OPTIONAL,
policy [9] CertPolicySet OPTIONAL,
pathToName [10] Name OPTIONAL }
AltNameType ::= CHOICE {
builtinNameForm ENUMERATED {
rfc822Name (1),
dNSName (2),
x400Address (3),
directoryName (4),
ediPartyName (5),
uniformResourceIdentifier (6),
iPAddress (7),
registeredId (8) },
4) I don't believe that the WG has approved of your definition of
RecipientKeyIdentifier (including Name and CertificateAssertion) which is
significantly more complicated than the current CMS defnition.
- John Pawling
At 08:26 PM 11/13/97 +0000, Jim Craigie" TEL +44-1635-202124 wrote:
CryptographicMessageSyntax { iso member-body usa(840) rsadsi(113549)
pkcs(1) 7 module(0) version(3) }
-- Should the module OID be from the RSA branch, or from elsewhere?
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- Directory Information Framework
Attribute, Name
----
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
informationFramework(1) 3 }
-- Directory Authentication Framework
AlgorithmIdentifier, AttributeCertificate, Certificate,
CertificateList, CertificateSerialNumber, HASHED { }, SIGNED { }
----
FROM AuthenticationFramework { joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3 }
-- In Cryptographic Message Syntax the HASHED parameterised type applies
the hash function to the
-- contents octets component of a CER or DER encoding of a value of the
parameter.
-- Directory Certificate Extensions
CertificateAssertion
----
FROM CertificateExtensions { joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 0 };
-- The ENCRYPTED parameterised type is redefined here because Cryptographic
Message Syntax encrypted values are
-- defined as OCTET STRING, instead of BIT STRING as in the Directory
Authentication Framework
ENCRYPTED { ToBeEnciphered } ::= OCTET STRING ( CONSTRAINED BY {
-- must be the result of applying an encipherment procedure to the contents
octets component --
-- of a definite-length BER-encoding of a value of -- ToBeEnciphered } )
ContentInfo ::= SEQUENCE {
content-type CMS-CONTENT-TYPE.&id ({CMSContentTable}),
cms-content [0] CMS-CONTENT-TYPE.&Type ({CMSContentTable}
{(_at_)content-type}) OPTIONAL }
CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER
CMSContentTable CMS-CONTENT-TYPE ::= { data, signed-data, enveloped-data, ... }
-- Data
data CMS-CONTENT-TYPE ::= { Data IDENTIFIED BY id-data }
Data ::= OCTET STRING
-- Signed Data
signed-data CMS-CONTENT-TYPE ::= { SignedData IDENTIFIED BY id-signed-data }
SignedData ::= SEQUENCE {
version Version,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates [0] CertificateSet OPTIONAL,
crls [1] CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos }
Version ::= INTEGER
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
CertificateSet ::= SET OF CertificateChoice
CertificateChoice ::= CHOICE {
certificate Certificate,
extendedCertificate [0] ExtendedCertificate,
attributeCertificate [1] AttributeCertificate }
CertificateRevocationLists ::= SET OF CertificateList
SignerInfos ::= SET OF SignerInfo
SignerInfo ::= SEQUENCE {
version Version,
issuerAndSerialNumber IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes [0] Attributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unauthenticatedAttributes [1] Attributes OPTIONAL }
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber }
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
SignatureValue ::= ENCRYPTED { DigestInfo }
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= HASHED { CHOICE {
content CMS-CONTENT-TYPE.&Type ({CMSContentTable}),
authenticated-attributes [0] EXPLICIT Attributes } }
-- Enveloped Data
enveloped-data CMS-CONTENT-TYPE ::= { EnvelopedData
IDENTIFIED BY id-enveloped-data }
EnvelopedData ::= SEQUENCE {
version Version,
originatorInfo [0] OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
encryptedContentInfo EncryptedContentInfo }
OriginatorInfo ::= SEQUENCE {
certificates [0] CertificateSet OPTIONAL,
crls [1] CertificateRevocationLists OPTIONAL }
RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
RecipientInfo ::= SEQUENCE {
version Version,
recipientIdentifier RecipientIdentifier,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey,
originatorCertificateSelector CertificateAssertion OPTIONAL }
RecipientIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
recipientKeyIdentifier [0] RecipientKeyIdentifier,
mailListKeyIdentifier [1] MailListKeyIdentifier }
RecipientKeyIdentifier ::= SEQUENCE {
recipientName Name,
recipientCertificateSelector CertificateAssertion }
MailListKeyIdentifier ::= SEQUENCE {
kekIdentifier OCTET STRING,
date GeneralizedTime OPTIONAL,
otherKeyAttribute Attribute OPTIONAL }
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
EncryptedKey ::= OCTET STRING
EncryptedContentInfo ::= SEQUENCE {
contentType CMS-CONTENT-TYPE.&id ({CMSContentTable}),
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
encryptedContent [0] ENCRYPTED {CMS-CONTENT-TYPE.&Type
({CMSContentTable} {(_at_)contentType}) } OPTIONAL }
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-- Object Identifiers
id-pkcs-7 OBJECT IDENTIFIER ::=
{ iso member-body usa(840) rsadsi(113549) pkcs(1) 7 }
id-data OBJECT IDENTIFIER ::= { id-pkcs-7 1 }
id-signed-data OBJECT IDENTIFIER ::= { id-pkcs-7 2 }
id-enveloped-data OBJECT IDENTIFIER ::= { id-pkcs-7 3 }
-- Definitions from PKCS#6
ExtendedCertificate ::= SIGNED { ExtendedCertificateInfo }
ExtendedCertificateInfo ::= SEQUENCE {
version Version,
certificate Certificate,
attributes Attributes }
Attributes ::= SET OF Attribute
END -- of CryptographicMessageSyntax