Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)
RFC 3565
Document | Type | RFC - Proposed Standard (July 2003; No errata) | |
---|---|---|---|
Author | Jim Schaad | ||
Last updated | 2013-03-02 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 3565 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Steven Bellovin | ||
Send notices to | <turners@ieca.com>, <blake@brutesquadlabs.com> |
Network Working Group J. Schaad Request for Comments: 3565 Soaring Hawk Consulting Category: Standards Track July 2003 Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS) Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract This document specifies the conventions for using the Advanced Encryption Standard (AES) algorithm for encryption with the Cryptographic Message Syntax (CMS). Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [MUSTSHOULD]. 1. Overview This document specifies the conventions for using Advanced Encryption Standard (AES) content encryption algorithm with the Cryptographic Message Syntax [CMS] enveloped-data and encrypted-data content types. CMS values are generated using ASN.1 [X.208-88], using the Basic Encoding Rules (BER) [X.209-88] and the Distinguished Encoding Rules (DER) [X.509-88]. Schaad Standards Track [Page 1] RFC 3565 Use of the AES Encryption Algorithm in CMS July 2003 1.1. AES The Advanced Encryption Standard (AES) [AES] was developed to replace DES [DES]. The AES Federal Information Processing Standard (FIPS) Publication specifies a cryptographic algorithm for use by U.S. Government organizations. However, the AES will also be widely used by organizations, institutions, and individuals outside of the U.S. Government. Two researchers who developed and submitted the Rijndael algorithm for consideration are both cryptographers from Belgium: Dr. Joan Daemen of Proton World International and Dr. Vincent Rijmen, a postdoctoral researcher in the Electrical Engineering Department of Katholieke Universiteit Leuven. The National Institute of Standards and technology (NIST) selected the Rijndael algorithm for AES because it offers a combination of security, performance, efficiency, ease of implementation, and flexibility. Specifically, Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or non-feedback modes. Its key setup time is excellent, and its key agility is good. The very low memory requirements of the Rijndael algorithm make it very well suited for restricted-space environments, in which it also demonstrates excellent performance. The Rijndael algorithm operations are among the easiest to defend against power and timing attacks. Additionally, it appears that some defense can be provided against such attacks without significantly impacting the algorithm's performance. Finally, the algorithm's internal round structure appears to have good potential to benefit from instruction-level parallelism. The AES specifies three key sizes: 128, 192 and 256 bits. 2. Enveloped-data Conventions The CMS enveloped-data content type consists of encrypted content and wrapped content-encryption keys for one or more recipients. The AES algorithm is used to encrypt the content. Compliant software MUST meet the requirements for constructing an enveloped-data content type stated in [CMS] Section 6, "Enveloped-data Content Type". The AES content-encryption key MUST be randomly generated for each instance of an enveloped-data content type. The content-encryption key (CEK) is used to encrypt the content. Schaad Standards Track [Page 2] RFC 3565 Use of the AES Encryption Algorithm in CMS July 2003 AES can be used with the enveloped-data content type using any of the following key management techniques defined in [CMS] Section 6. 1) Key Transport: The AES CEK is uniquely wrapped for each recipient using the recipient's public RSA key and other values. Section 2.2 provides additional details. 2) Key Agreement: The AES CEK is uniquely wrapped for each recipient using a pairwise symmetric key-encryption key (KEK) generated using an originator's randomly generated private key (ES-DH [DH]) or previously generated private key (SS-DH [DH]), the recipient's public DH key, and other values. Section 2.3 provides additional details.Show full document text