ietf-smime
[Top] [All Lists]

CMS Implementation Questions

2003-11-13 05:21:29


I've been looking over the various CMS RFCs, and have a few questions, most
of which probably have obvious and simple answers, but I could use some
help.

1) I'm pretty sure I understand how to nest CMS structures correctly, but the
   existing S/MIME examples draft doesn't have any examples of, say, compress
   then encrypt then sign. Are there any examples floating around, or, are
   there any free implementations of CMS that do this, which I could use to
   generate a few tests? (Preferably PEM or raw binary, rather than MIME, but
   I'll take what I can get).

2) In section 6.2.3 of RFC 3369, "keyIdentifier identifies the key-encryption
   key that was previously distributed to the sender and one or more
   recipients." Is there some typical mechanism for choosing this value?
   Obviously, as far as the RFC is concerned, one can do pretty much anything
   they please, but if there is a simple and commonly used method, I figure I
   might as well go with the crowd.

3) It is legal to include SignedAttributes and sign everything that way even
   when signing plain data content, correct?

4) Is the encoding of subjectKeyIdentifier in SignerIdentifier and
   RecipientIdentifier supposed to be with EXPLICIT or IMPLICIT tags? This is
   not particularly clear to me from the texts of RFCs 2630 and 3369.

5) Is the RC2 key wrap example in RFC 3217 right? For the KEK/IV/LCEKPADICV
   given there, I get:
      03 5E 97 2A B1 5C C4 C9 C4 A0 3D BA A3 5A 21 66
      67 E4 3E BC A2 67 46 AE 86 08 DB C8 9E 64 CA 29
   for TEMP1. I found a mention of at least one other person who had the same
   problem, and am wondering if the RFC is incorrect, or if my RC2 code manages
   to pass ~30 test vectors while still being wrong. Either way, something
   needs fixing.

Any help would be much appreciated.

Jack


<Prev in Thread] Current Thread [Next in Thread>