I've been looking over the various CMS RFCs, and have a few questions, most
of which probably have obvious and simple answers, but I could use some
help.
1) I'm pretty sure I understand how to nest CMS structures correctly, but the
existing S/MIME examples draft doesn't have any examples of, say, compress
then encrypt then sign. Are there any examples floating around, or, are
there any free implementations of CMS that do this, which I could use to
generate a few tests? (Preferably PEM or raw binary, rather than MIME, but
I'll take what I can get).
2) In section 6.2.3 of RFC 3369, "keyIdentifier identifies the key-encryption
key that was previously distributed to the sender and one or more
recipients." Is there some typical mechanism for choosing this value?
Obviously, as far as the RFC is concerned, one can do pretty much anything
they please, but if there is a simple and commonly used method, I figure I
might as well go with the crowd.
3) It is legal to include SignedAttributes and sign everything that way even
when signing plain data content, correct?
4) Is the encoding of subjectKeyIdentifier in SignerIdentifier and
RecipientIdentifier supposed to be with EXPLICIT or IMPLICIT tags? This is
not particularly clear to me from the texts of RFCs 2630 and 3369.
5) Is the RC2 key wrap example in RFC 3217 right? For the KEK/IV/LCEKPADICV
given there, I get:
03 5E 97 2A B1 5C C4 C9 C4 A0 3D BA A3 5A 21 66
67 E4 3E BC A2 67 46 AE 86 08 DB C8 9E 64 CA 29
for TEMP1. I found a mention of at least one other person who had the same
problem, and am wondering if the RFC is incorrect, or if my RC2 code manages
to pass ~30 test vectors while still being wrong. Either way, something
needs fixing.
Any help would be much appreciated.
Jack