Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)
RFC 3565

Document Type RFC - Proposed Standard (July 2003; No errata)
Author Jim Schaad
Last updated 2013-03-02
Stream Internet Engineering Task Force (IETF)
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3565 (Proposed Standard)
Action Holders
Consensus Boilerplate Unknown
Telechat date
Responsible AD Steven Bellovin
Send notices to <>, <>
Network Working Group                                          J. Schaad
Request for Comments: 3565                       Soaring Hawk Consulting
Category: Standards Track                                      July 2003

       Use of the Advanced Encryption Standard (AES) Encryption
            Algorithm in Cryptographic Message Syntax (CMS)

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.


   This document specifies the conventions for using the Advanced
   Encryption Standard (AES) algorithm for encryption with the
   Cryptographic Message Syntax (CMS).

Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in BCP 14, RFC 2119

1.  Overview

   This document specifies the conventions for using Advanced Encryption
   Standard (AES) content encryption algorithm with the Cryptographic
   Message Syntax [CMS] enveloped-data and encrypted-data content types.

   CMS values are generated using ASN.1 [X.208-88], using the Basic
   Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules
   (DER) [X.509-88].

Schaad                      Standards Track                     [Page 1]
RFC 3565       Use of the AES Encryption Algorithm in CMS      July 2003

1.1.  AES

   The Advanced Encryption Standard (AES) [AES] was developed to replace
   DES [DES].  The AES Federal Information Processing Standard (FIPS)
   Publication specifies a cryptographic algorithm for use by U.S.
   Government organizations.  However, the AES will also be widely used
   by organizations, institutions, and individuals outside of the U.S.

   Two researchers who developed and submitted the Rijndael algorithm
   for consideration are both cryptographers from Belgium: Dr. Joan
   Daemen of Proton World International and Dr. Vincent Rijmen, a
   postdoctoral researcher in the Electrical Engineering Department of
   Katholieke Universiteit Leuven.

   The National Institute of Standards and technology (NIST) selected
   the Rijndael algorithm for AES because it offers a combination of
   security, performance, efficiency, ease of implementation, and
   flexibility.  Specifically, Rijndael appears to be consistently a
   very good performer in both hardware and software across a wide range
   of computing environments regardless of its use in feedback or
   non-feedback modes.  Its key setup time is excellent, and its key
   agility is good.  The very low memory requirements of the Rijndael
   algorithm make it very well suited for restricted-space environments,
   in which it also demonstrates excellent performance.  The Rijndael
   algorithm operations are among the easiest to defend against power
   and timing attacks.  Additionally, it appears that some defense can
   be provided against such attacks without significantly impacting the
   algorithm's performance.  Finally, the algorithm's internal round
   structure appears to have good potential to benefit from
   instruction-level parallelism.

   The AES specifies three key sizes: 128, 192 and 256 bits.

2.  Enveloped-data Conventions

   The CMS enveloped-data content type consists of encrypted content and
   wrapped content-encryption keys for one or more recipients.  The AES
   algorithm is used to encrypt the content.

   Compliant software MUST meet the requirements for constructing an
   enveloped-data content type stated in [CMS] Section 6,
   "Enveloped-data Content Type".

   The AES content-encryption key MUST be randomly generated for each
   instance of an enveloped-data content type.  The content-encryption
   key (CEK) is used to encrypt the content.

Schaad                      Standards Track                     [Page 2]
RFC 3565       Use of the AES Encryption Algorithm in CMS      July 2003

   AES can be used with the enveloped-data content type using any of the
   following key management techniques defined in [CMS] Section 6.

   1) Key Transport: The AES CEK is uniquely wrapped for each recipient
   using the recipient's public RSA key and other values.  Section 2.2
   provides additional details.

   2) Key Agreement: The AES CEK is uniquely wrapped for each recipient
   using a pairwise symmetric key-encryption key (KEK) generated using
   an originator's randomly generated private key (ES-DH [DH]) or
   previously generated private key (SS-DH [DH]), the recipient's public
   DH key, and other values.  Section 2.3 provides additional details.
Show full document text