CMS Implementation Questions
Jack Lloyd <lloyd@randombit.net> Thu, 13 November 2003 12:51 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA22630 for <smime-archive@lists.ietf.org>; Thu, 13 Nov 2003 07:51:16 -0500 (EST)
Received: from above.proper.com (localhost [127.0.0.1]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADCLTkT053489 for <ietf-smime-bks@above.proper.com>; Thu, 13 Nov 2003 04:21:29 -0800 (PST) (envelope-from owner-ietf-smime@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.10/8.12.9/Submit) id hADCLTej053488 for ietf-smime-bks; Thu, 13 Nov 2003 04:21:29 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-smime@mail.imc.org using -f
Received: from centaur.acm.jhu.edu (postfix@centaur.acm.jhu.edu [128.220.223.65]) by above.proper.com (8.12.10/8.12.8) with ESMTP id hADCLSkT053483 for <ietf-smime@imc.org>; Thu, 13 Nov 2003 04:21:28 -0800 (PST) (envelope-from lloyd@randombit.net)
Received: by centaur.acm.jhu.edu (Postfix, from userid 528) id A8A563EB45; Thu, 13 Nov 2003 07:21:27 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by centaur.acm.jhu.edu (Postfix) with ESMTP id A78A346842 for <ietf-smime@imc.org>; Thu, 13 Nov 2003 07:21:27 -0500 (EST)
Date: Thu, 13 Nov 2003 07:21:27 -0500
From: Jack Lloyd <lloyd@randombit.net>
X-X-Sender: lloyd@centaur.acm.jhu.edu
To: ietf-smime@imc.org
Subject: CMS Implementation Questions
Message-ID: <Pine.LNX.4.44.0311130715460.6695-100000@centaur.acm.jhu.edu>
X-GPG-Key-ID: 4DCDF398
X-GPG-Key-Fingerprint: 2DD2 95F9 C7E3 A15E AF29 80E1 D6A9 A5B9 4DCD F398
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ietf-smime@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smime/mail-archive/>
List-ID: <ietf-smime.imc.org>
List-Unsubscribe: <mailto:ietf-smime-request@imc.org?body=unsubscribe>
I've been looking over the various CMS RFCs, and have a few questions, most of which probably have obvious and simple answers, but I could use some help. 1) I'm pretty sure I understand how to nest CMS structures correctly, but the existing S/MIME examples draft doesn't have any examples of, say, compress then encrypt then sign. Are there any examples floating around, or, are there any free implementations of CMS that do this, which I could use to generate a few tests? (Preferably PEM or raw binary, rather than MIME, but I'll take what I can get). 2) In section 6.2.3 of RFC 3369, "keyIdentifier identifies the key-encryption key that was previously distributed to the sender and one or more recipients." Is there some typical mechanism for choosing this value? Obviously, as far as the RFC is concerned, one can do pretty much anything they please, but if there is a simple and commonly used method, I figure I might as well go with the crowd. 3) It is legal to include SignedAttributes and sign everything that way even when signing plain data content, correct? 4) Is the encoding of subjectKeyIdentifier in SignerIdentifier and RecipientIdentifier supposed to be with EXPLICIT or IMPLICIT tags? This is not particularly clear to me from the texts of RFCs 2630 and 3369. 5) Is the RC2 key wrap example in RFC 3217 right? For the KEK/IV/LCEKPADICV given there, I get: 03 5E 97 2A B1 5C C4 C9 C4 A0 3D BA A3 5A 21 66 67 E4 3E BC A2 67 46 AE 86 08 DB C8 9E 64 CA 29 for TEMP1. I found a mention of at least one other person who had the same problem, and am wondering if the RFC is incorrect, or if my RC2 code manages to pass ~30 test vectors while still being wrong. Either way, something needs fixing. Any help would be much appreciated. Jack
- CMS Implementation Questions Jack Lloyd
- Re: CMS Implementation Questions Peter Gutmann
- RE: CMS Implementation Questions Bonatti, Chris
- RE: CMS Implementation Questions Jack Lloyd
- RE: CMS Implementation Questions Bonatti, Chris