Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 5753

Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)

Pages: 61
Informational
Errata
Obsoletes:  3278
Part 3 of 3 – Pages 33 to 61
First   Prev   None

Top   ToC   RFC5753 - Page 33   prevText

11. References

11.1. Normative References

[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, September 2009. [CMS-AES] Schaad, J., "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)", RFC 3565, July 2003. [CMS-AESCG] Housley, R., "Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS)", RFC 5084, December 2007. [CMS-ALG] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002. [CMS-AUTHENV] Housley, R., "Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type", RFC 5083, November 2007. [CMS-DH] Rescorla, E., "Diffie-Hellman Key Agreement Method", RFC 2631, June 1999. [CMS-SHA2] Turner, S., "Using SHA2 Algorithms with Cryptographic Message Syntax", RFC 5754, January 2010. [FIPS180-3] National Institute of Standards and Technology (NIST), FIPS Publication 180-3: Secure Hash Standard, October 2008. [FIPS186-3] National Institute of Standards and Technology (NIST), FIPS Publication 186-3: Digital Signature Standard, June 2009.
Top   ToC   RFC5753 - Page 34
   [HMAC-SHA2]    Nystrom, M., "Identifiers and Test Vectors for HMAC-
                  SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-
                  SHA-512", RFC 4231, December 2005.

   [MUST]         Bradner, S., "Key words for use in RFCs to Indicate
                  Requirement Levels", BCP 14, RFC 2119, March 1997.

   [MSG]          Ramsdell, B. and S. Turner, "Secure/Multipurpose
                  Internet Mail Extensions (S/MIME) Version 3.2 Message
                  Specification", RFC 5751, January 2010.

   [PKI]          Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
                  Housley, R., and W. Polk, "Internet X.509 Public Key
                  Infrastructure Certificate and Certificate Revocation
                  List (CRL) Profile", RFC 5280, May 2008.

   [PKI-ALG]      Turner, S., Brown, D., Yiu, K., Housley, R., and T.
                  Polk, "Elliptic Curve Cryptography Subject Public Key
                  Information", RFC 5480, March 2009.

   [RANDOM]       Eastlake, D., 3rd, Schiller, J., and S. Crocker,
                  "Randomness Requirements for Security", BCP 106, RFC
                  4086, June 2005.

   [RSAOAEP]      Schaad, J., Kaliski, B., and R. Housley, "Additional
                  Algorithms and Identifiers for RSA Cryptography for
                  use in the Internet X.509 Public Key Infrastructure
                  Certificate and Certificate Revocation List (CRL)
                  Profile", RFC 4055, June 2005.

   [SEC1]         Standards for Efficient Cryptography Group, "SEC 1:
                  Elliptic Curve Cryptography", version 2.0, May 2009,
                  available from www.secg.org.

   [SP800-56A]    National Institute of Standards and Technology (NIST),
                  Special Publication 800-56A: Recommendation Pair-Wise
                  Key Establishment Schemes Using Discrete Logarithm
                  Cryptography (Revised), March 2007.

   [X.680]        ITU-T Recommendation X.680 (2002) | ISO/IEC
                  8824-1:2002. Information Technology - Abstract Syntax
                  Notation One.
Top   ToC   RFC5753 - Page 35

11.2. Informative References

[BON] D. Boneh, "The Security of Multicast MAC", Presentation at Selected Areas of Cryptography 2000, Center for Applied Cryptographic Research, University of Waterloo, 2000. Paper version available from http://crypto.stanford.edu/~dabo/papers/mmac.ps [CERTCAP] Santesson, S., "X.509 Certificate Extension for Secure/Multipurpose Internet Mail Extensions (S/MIME) Capabilities", RFC 4262, December 2005. [CMS-ASN] Hoffman, P. and J. Schaad, "New ASN.1 Modules for CMS and S/MIME", Work in Progress, August 2009. [CMS-ECC] Blake-Wilson, S., Brown, D., and P. Lambert, "Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)", RFC 3278, April 2002. [CMS-KEA] Pawling, J., "Use of the KEA and SKIPJACK Algorithms in CMS", RFC 2876, July 2000. [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 and IEEE P1363 newsgroups, 1998. [PKI-ASN] Hoffman, P. and J. Schaad, "New ASN.1 Modules for PKIX", Work in Progress, August 2009. [SP800-57] National Institute of Standards and Technology (NIST), Special Publication 800-57: Recommendation for Key Management - Part 1 (Revised), March 2007. [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824-2:2002. Information Technology - Abstract Syntax Notation One: Information Object Specification. [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824-3:2002. Information Technology - Abstract Syntax Notation One: Constraint Specification. [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824-4:2002. Information Technology - Abstract Syntax Notation One: Parameterization of ASN.1 Specifications, 2002.
Top   ToC   RFC5753 - Page 36
   [X9.62]        X9.62-2005, "Public Key Cryptography for the Financial
                  Services Industry: The Elliptic Curve Digital
                  Signature Standard (ECDSA)", November, 2005.
Top   ToC   RFC5753 - Page 37

Appendix A. ASN.1 Modules

Appendix A.1 provides the normative ASN.1 definitions for the structures described in this specification using ASN.1 as defined in [X.680] for compilers that support the 1988 ASN.1. Appendix A.2 provides informative ASN.1 definitions for the structures described in this specification using ASN.1 as defined in [X.680], [X.681], [X.682], and [X.683] for compilers that support the 2002 ASN.1. This appendix contains the same information as Appendix A.1 in a more recent (and precise) ASN.1 notation; however, Appendix A.1 takes precedence in case of conflict.

A.1. 1988 ASN.1 Module

CMSECCAlgs-2009-88 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-ecc-alg-2009-88(45) } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS ALL IMPORTS -- From [PKI] AlgorithmIdentifier FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) mod(0) pkix1-explicit(18) } -- From [RSAOAEP] id-sha224, id-sha256, id-sha384, id-sha512 FROM PKIX1-PSS-OAEP-Algorithms { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs(33) }
Top   ToC   RFC5753 - Page 38
   -- From [PKI-ALG]

   id-sha1, ecdsa-with-SHA1, ecdsa-with-SHA224,
   ecdsa-with-SHA256, ecdsa-with-SHA384, ecdsa-with-SHA512,
   id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters
     FROM PKIX1Algorithms2008
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0) 45 }

   -- From [CMS]

   OriginatorPublicKey, UserKeyingMaterial
     FROM CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) cms-2004(24) }

   -- From [CMS-ALG]

   hMAC-SHA1, des-ede3-cbc, id-alg-CMS3DESwrap, CBCParameter
     FROM CryptographicMessageSyntaxAlgorithms
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) cmsalg-2001(16) }

   -- From [CMS-AES]

   id-aes128-CBC, id-aes192-CBC, id-aes256-CBC, AES-IV,
   id-aes128-wrap, id-aes192-wrap, id-aes256-wrap
     FROM CMSAesRsaesOaep
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-aes(19) }

   -- From [CMS-AESCG]

   id-aes128-CCM, id-aes192-CCM, id-aes256-CCM, CCMParameters
   id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, GCMParameters
     FROM CMS-AES-CCM-and-AES-GCM
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
         smime(16) modules(0) id-mod-cms-aes(32) }

   ;

   --
   -- Message Digest Algorithms: Imported from [PKI-ALG] and [RSAOAEP]
   --

   -- id-sha1 Parameters are preferred absent
   -- id-sha224 Parameters are preferred absent
   -- id-sha256 Parameters are preferred absent
Top   ToC   RFC5753 - Page 39
   -- id-sha384 Parameters are preferred absent
   -- id-sha512 Parameters are preferred absent

   --
   -- Signature Algorithms: Imported from [PKI-ALG]
   --

   -- ecdsa-with-SHA1 Parameters are NULL
   -- ecdsa-with-SHA224 Parameters are absent
   -- ecdsa-with-SHA256 Parameters are absent
   -- ecdsa-with-SHA384 Parameters are absent
   -- ecdsa-with-SHA512 Parameters are absent

   -- ECDSA Signature Value
   -- Contents of SignatureValue OCTET STRING

   -- ECDSA-Sig-Value ::= SEQUENCE {
   --   r  INTEGER,
   --   s  INTEGER
   -- }

   --
   -- Key Agreement Algorithms
   --

   x9-63-scheme OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) tc68(133) country(16) x9(840)
     x9-63(63) schemes(0) }
   secg-scheme OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) certicom(132) schemes(1) }

   --
   -- Diffie-Hellman Single Pass, Standard, with KDFs
   --

   -- Parameters are always present and indicate the key wrap algorithm
   -- with KeyWrapAlgorithm.

   dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 2 }

   dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 0 }

   dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 1 }
Top   ToC   RFC5753 - Page 40
   dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 2 }

   dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 11 3 }

   --
   -- Diffie-Hellman Single Pass, Cofactor, with KDFs
   --

   dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 3 }

   dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 0 }

   dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 1 }

   dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 2 }

   dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 14 3 }

   --
   -- MQV Single Pass, Cofactor, with KDFs
   --

   mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= {
     x9-63-scheme 16 }

   mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 0 }

   mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 1 }

   mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 2 }

   mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
     secg-scheme 15 3 }

   --
   -- Key Wrap Algorithms: Imported from [CMS-ALG] and [CMS-AES]
   --
Top   ToC   RFC5753 - Page 41
   KeyWrapAlgorithm ::= AlgorithmIdentifier

   -- id-alg-CMS3DESwrap Parameters are NULL
   -- id-aes128-wrap Parameters are absent
   -- id-aes192-wrap Parameters are absent
   -- id-aes256-wrap Parameters are absent

   --
   -- Content Encryption Algorithms: Imported from [CMS-ALG]
   -- and [CMS-AES]
   --

   -- des-ede3-cbc Parameters are CBCParameter
   -- id-aes128-CBC Parameters are AES-IV
   -- id-aes192-CBC Parameters are AES-IV
   -- id-aes256-CBC Parameters are AES-IV
   -- id-aes128-CCM Parameters are CCMParameters
   -- id-aes192-CCM Parameters are CCMParameters
   -- id-aes256-CCM Parameters are CCMParameters
   -- id-aes128-GCM Parameters are GCMParameters
   -- id-aes192-GCM Parameters are GCMParameters
   -- id-aes256-GCM Parameters are GCMParameters

   --
   -- Message Authentication Code Algorithms
   --

   -- hMAC-SHA1 Parameters are preferred absent

   -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are
   -- absent

   id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 8 }

   id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 9 }

   id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 10 }

   id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
     iso(1) member-body(2) us(840) rsadsi(113549)
     digestAlgorithm(2) 11 }
Top   ToC   RFC5753 - Page 42
   --
   -- Originator Public Key Algorithms: Imported from [PKI-ALG]
   --

   -- id-ecPublicKey Parameters are absent, NULL, or ECParameters

   -- Format for both ephemeral and static public keys: Imported from
   -- [PKI-ALG]

   -- ECPoint ::= OCTET STRING

   -- ECParameters ::= CHOICE {
   --   namedCurve      OBJECT IDENTIFIER
   --   commented out in [PKI-ALG]  implicitCurve   NULL
   --   commented out in [PKI-ALG]  specifiedCurve  SpecifiedECDomain
   --   commented out in [PKI-ALG]  ...
   -- }
       -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
       -- Details for SpecifiedECDomain can be found in [X9.62].
       -- Any future additions to this CHOICE should be coordinated
       -- with ANSI X9.

   -- Format of KeyAgreeRecipientInfo ukm field when used with
   -- ECMQV

   MQVuserKeyingMaterial ::= SEQUENCE {
     ephemeralPublicKey       OriginatorPublicKey,
     addedukm             [0] EXPLICIT UserKeyingMaterial OPTIONAL
   }

   -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with
   -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData

   ECC-CMS-SharedInfo ::= SEQUENCE {
     keyInfo         AlgorithmIdentifier,
     entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
     suppPubInfo [2] EXPLICIT OCTET STRING
   }

   --
   -- S/MIME Capabilities
   -- An identifier followed by type.
   --
Top   ToC   RFC5753 - Page 43
   --
   -- S/MIME Capabilities: Message Digest Algorithms
   --

   -- Found in [CMS-SHA2].

   --
   -- S/MIME Capabilities: Signature Algorithms
   --

   -- ecdsa-with-SHA1 Type NULL
   -- ecdsa-with-SHA224 Type absent
   -- ecdsa-with-SHA256 Type absent
   -- ecdsa-with-SHA384 Type absent
   -- ecdsa-with-SHA512 Type absent

   --
   -- S/MIME Capabilities: ECDH, Single Pass, Standard
   --

   -- dhSinglePass-stdDH-sha1kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha224kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha256kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha384kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-stdDH-sha512kdf Type is the KeyWrapAlgorithm


   --
   -- S/MIME Capabilities: ECDH, Single Pass, Cofactor
   --

   -- dhSinglePass-cofactorDH-sha1kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha224kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha256kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha384kdf Type is the KeyWrapAlgorithm
   -- dhSinglePass-cofactorDH-sha512kdf Type is the KeyWrapAlgorithm

   --
   -- S/MIME Capabilities: ECMQV, Single Pass, Standard
   --

   -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm
   -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm
Top   ToC   RFC5753 - Page 44
   --
   -- S/MIME Capabilities: Message Authentication Code Algorithms
   --

   -- hMACSHA1 Type is preferred absent
   -- id-hmacWithSHA224 Type is absent
   -- if-hmacWithSHA256 Type is absent
   -- id-hmacWithSHA384 Type is absent
   -- id-hmacWithSHA512 Type is absent

   END
Top   ToC   RFC5753 - Page 45

A.2. 2004 ASN.1 Module

CMSECCAlgs-2009-02 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-ecc-alg-2009-02(46) } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS ALL IMPORTS -- From [PKI-ASN] mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, ECDSA-Sig-Value, ECPoint, ECParameters FROM PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-algorithms2008-02(56) } -- From [PKI-ASN] mda-sha224, mda-sha256, mda-sha384, mda-sha512 FROM PKIX1-PSS-OAEP-Algorithms-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54) } -- FROM [CMS-ASN] KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS, AlgorithmIdentifier{} FROM AlgorithmInformation-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } -- From [CMS-ASN] OriginatorPublicKey, UserKeyingMaterial FROM CryptographicMessageSyntax-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
Top   ToC   RFC5753 - Page 46
-- From [CMS-ASN]

maca-hMAC-SHA1, cea-3DES-cbc, kwa-3DESWrap, CBCParameter
  FROM CryptographicMessageSyntaxAlgorithms-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cmsalg-2001-02(37) }

-- From [CMS-ASN]

cea-aes128-cbc, cea-aes192-cbc, cea-aes256-cbc, kwa-aes128-wrap,
kwa-aes192-wrap, kwa-aes256-wrap
  FROM CMSAesRsaesOaep-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cms-aes-02(38) }

-- From [CMS-ASN]

cea-aes128-CCM, cea-aes192-CCM, cea-aes256-CCM, cea-aes128-GCM,
cea-aes192-GCM, cea-aes256-GCM
  FROM CMS-AES-CCM-and-AES-GCM-2009
    { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) }

;

-- Constrains the SignedData digestAlgorithms field
-- Constrains the SignedData SignerInfo digestAlgorithm field
-- Constrains the AuthenticatedData digestAlgorithm field

-- Message Digest Algorithms: Imported from [PKI-ASN]

-- MessageDigestAlgs DIGEST-ALGORITHM ::= {
--  mda-sha1   |
--  mda-sha224 |
--  mda-sha256 |
--  mda-sha384 |
--  mda-sha512,
--  ...
-- }

-- Constrains the SignedData SignerInfo signatureAlgorithm field

-- Signature Algorithms: Imported from [PKI-ASN]

-- SignatureAlgs SIGNATURE-ALGORITHM ::= {
--  sa-ecdsaWithSHA1   |
--  sa-ecdsaWithSHA224 |
--  sa-ecdsaWithSHA256 |
Top   ToC   RFC5753 - Page 47
--  sa-ecdsaWithSHA384 |
--  sa-ecdsaWithSHA512,
--  ...
-- }

-- ECDSA Signature Value: Imported from [PKI-ALG]
-- Contents of SignatureValue OCTET STRING

-- ECDSA-Sig-Value ::= SEQUENCE {
--   r  INTEGER,
--   s  INTEGER
-- }

--
-- Key Agreement Algorithms
--

-- Constrains the EnvelopedData RecipientInfo KeyAgreeRecipientInfo
--   keyEncryption Algorithm field
-- Constrains the AuthenticatedData RecipientInfo
--   KeyAgreeRecipientInfo keyEncryption Algorithm field
-- Constrains the AuthEnvelopedData RecipientInfo
--   KeyAgreeRecipientInfo keyEncryption Algorithm field

-- DH variants are not used with AuthenticatedData or
-- AuthEnvelopedData

KeyAgreementAlgs KEY-AGREE ::= {
  kaa-dhSinglePass-stdDH-sha1kdf-scheme        |
  kaa-dhSinglePass-stdDH-sha224kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha256kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha384kdf-scheme      |
  kaa-dhSinglePass-stdDH-sha512kdf-scheme      |
  kaa-dhSinglePass-cofactorDH-sha1kdf-scheme   |
  kaa-dhSinglePass-cofactorDH-sha224kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha256kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha384kdf-scheme |
  kaa-dhSinglePass-cofactorDH-sha512kdf-scheme |
  kaa-mqvSinglePass-sha1kdf-scheme             |
  kaa-mqvSinglePass-sha224kdf-scheme           |
  kaa-mqvSinglePass-sha256kdf-scheme           |
  kaa-mqvSinglePass-sha384kdf-scheme           |
  kaa-mqvSinglePass-sha512kdf-scheme,
  ...
}
Top   ToC   RFC5753 - Page 48
x9-63-scheme OBJECT IDENTIFIER ::= {
  iso(1) identified-organization(3) tc68(133) country(16) x9(840)
  x9-63(63) schemes(0) }

secg-scheme OBJECT IDENTIFIER ::= {
  iso(1) identified-organization(3) certicom(132) schemes(1) }

--
-- Diffie-Hellman Single Pass, Standard, with KDFs
--

-- Parameters are always present and indicate the Key Wrap Algorithm

kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme
}

dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 2 }

kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme
}

dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 0 }

kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme
}

dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 1 }
Top   ToC   RFC5753 - Page 49
kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme
}

dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 2 }

kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme
}

dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 11 3 }

--
-- Diffie-Hellman Single Pass, Cofactor, with KDFs
--

kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme
}

dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 3 }

kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme
}

dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 0 }
Top   ToC   RFC5753 - Page 50
kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme
}

dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 1 }

kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme
}

dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 2 }

kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme
}

dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 14 3 }

--
-- MQV Single Pass, Cofactor, with KDFs
--

kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha1kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme
}

mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= {
  x9-63-scheme 16 }
Top   ToC   RFC5753 - Page 51
kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha224kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme
}

mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 0 }

kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha256kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme
}

mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 1 }

kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha384kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme
}

mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 2 }

kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= {
  IDENTIFIER mqvSinglePass-sha512kdf-scheme
  PARAMS TYPE KeyWrapAlgorithm ARE required
  UKM -- TYPE unencoded data -- ARE preferredPresent
  SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme
}

mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= {
  secg-scheme 15 3 }

--
-- Key Wrap Algorithms: Imported from [CMS-ASN]
--
Top   ToC   RFC5753 - Page 52
KeyWrapAlgorithm ::= AlgorithmIdentifier { KEY-WRAP, { KeyWrapAlgs } }

KeyWrapAlgs KEY-WRAP ::= {
  kwa-3DESWrap    |
  kwa-aes128-wrap |
  kwa-aes192-wrap |
  kwa-aes256-wrap,
  ...
}

--
-- Content Encryption Algorithms: Imported from [CMS-ASN]
--

-- Constrains the EnvelopedData EncryptedContentInfo encryptedContent
-- field and the AuthEnvelopedData EncryptedContentInfo
-- contentEncryptionAlgorithm field

-- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= {
--   cea-3DES-cbc |
--   cea-aes128-cbc   |
--   cea-aes192-cbc   |
--   cea-aes256-cbc   |
--   cea-aes128-ccm   |
--   cea-aes192-ccm   |
--   cea-aes256-ccm   |
--   cea-aes128-gcm   |
--   cea-aes192-gcm   |
--   cea-aes256-gcm,
--   ...
--   }

-- des-ede3-cbc and aes*-cbc are used with EnvelopedData and
-- EncryptedData
-- aes*-ccm are used with AuthEnvelopedData
-- aes*-gcm are used with AuthEnvelopedData
-- (where * is 128, 192, and 256)

--
-- Message Authentication Code Algorithms
--

-- Constrains the AuthenticatedData
-- MessageAuthenticationCodeAlgorithm field
--
Top   ToC   RFC5753 - Page 53
MessageAuthAlgs MAC-ALGORITHM ::= {
--  maca-hMAC-SHA1 |
  maca-hMAC-SHA224 |
  maca-hMAC-SHA256 |
  maca-hMAC-SHA384 |
  maca-hMAC-SHA512,
  ...
}

maca-hMAC-SHA224 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA224
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA224
}

id-hmacWithSHA224 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 8 }

maca-hMAC-SHA256 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA256
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA256
}

id-hmacWithSHA256 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 9 }

maca-hMAC-SHA384 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA384
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA384
}

id-hmacWithSHA384 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 10 }

maca-hMAC-SHA512 MAC-ALGORITHM ::= {
  IDENTIFIER id-hmacWithSHA512
  PARAMS ARE absent
  IS-KEYED-MAC TRUE
  SMIME-CAPS cap-hMAC-SHA512
}
Top   ToC   RFC5753 - Page 54
id-hmacWithSHA512 OBJECT IDENTIFIER ::= {
  iso(1) member-body(2) us(840) rsadsi(113549)
  digestAlgorithm(2) 11 }

--
-- Originator Public Key Algorithms
--

-- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey
-- OriginatorPublicKey algorithm field

OriginatorPKAlgorithms PUBLIC-KEY ::= {
  opka-ec,
  ...
}

opka-ec PUBLIC-KEY ::={
  IDENTIFIER id-ecPublicKey
  KEY ECPoint
  PARAMS TYPE CHOICE { n NULL, p ECParameters } ARE preferredAbsent
}

-- Format for both ephemeral and static public keys: Imported from
-- [PKI-ALG]

-- ECPoint ::= OCTET STRING

-- ECParameters ::= CHOICE {
--   namedCurve      CURVE.&id({NamedCurve})
--   commented out in [PKI-ALG] implicitCurve   NULL
--   commented out in [PKI-ALG] specifiedCurve  SpecifiedECDomain
--   commented out in [PKI-ALG] ...
-- }
  -- implicitCurve and specifiedCurve MUST NOT be used in PKIX.
  -- Details for SpecifiedECDomain can be found in [X9.62].
  -- Any future additions to this CHOICE should be coordinated
  -- with ANSI X.9.

-- Format of KeyAgreeRecipientInfo ukm field when used with
-- ECMQV

MQVuserKeyingMaterial ::= SEQUENCE {
  ephemeralPublicKey       OriginatorPublicKey,
  addedukm             [0] EXPLICIT UserKeyingMaterial OPTIONAL
}
Top   ToC   RFC5753 - Page 55
-- 'SharedInfo' for input to KDF when using ECDH and ECMQV with
-- EnvelopedData, AuthenticatedData, or AuthEnvelopedData

ECC-CMS-SharedInfo ::= SEQUENCE {
  keyInfo         KeyWrapAlgorithm,
  entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL,
  suppPubInfo [2] EXPLICIT OCTET STRING
}

--
-- S/MIME CAPS for algorithms in this document
--
Top   ToC   RFC5753 - Page 56
SMimeCAPS SMIME-CAPS ::= {
--  mda-sha1.&smimeCaps                                   |
--  mda-sha224.&smimeCaps                                 |
--  mda-sha256.&smimeCaps                                 |
--  mda-sha384.&smimeCaps                                 |
--  mda-sha512.&smimeCaps                                 |
--  sa-ecdsaWithSHA1.&smimeCaps                           |
--  sa-ecdsaWithSHA224.&smimeCaps                         |
--  sa-ecdsaWithSHA256.&smimeCaps                         |
--  sa-ecdsaWithSHA384.&smimeCaps                         |
--  sa-ecdsaWithSHA512.&smimeCaps                         |
  kaa-dhSinglePass-stdDH-sha1kdf-scheme.&smimeCaps        |
  kaa-dhSinglePass-stdDH-sha224kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps      |
  kaa-dhSinglePass-cofactorDH-sha1kdf-scheme.&smimeCaps   |
  kaa-dhSinglePass-cofactorDH-sha224kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha256kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha384kdf-scheme.&smimeCaps |
  kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps |
  kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps             |
  kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps           |
  kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps           |
--  kwa-3des.&smimeCaps                                   |
--  kwa-aes128.&smimeCaps                                 |
--  kwa-aes192.&smimeCaps                                 |
--  kwa-aes256.&smimeCaps                                 |
--  cea-3DES-cbc.&smimeCaps                               |
--  cea-aes128-cbc.&smimeCaps                             |
--  cea-aes192-cbc.&smimeCaps                             |
--  cea-aes256-cbc.&smimeCaps                             |
--  cea-aes128-ccm.&smimeCaps                             |
--  cea-aes192-ccm.&smimeCaps                             |
--  cea-aes256-ccm.&smimeCaps                             |
--  cea-aes128-gcm.&smimeCaps                             |
--  cea-aes192-gcm.&smimeCaps                             |
--  cea-aes256-gcm.&smimeCaps                             |
--  maca-hMAC-SHA1.&smimeCaps                             |
  maca-hMAC-SHA224.&smimeCaps                             |
  maca-hMAC-SHA256.&smimeCaps                             |
  maca-hMAC-SHA384.&smimeCaps                             |
  maca-hMAC-SHA512.&smimeCaps,
  ...
}
Top   ToC   RFC5753 - Page 57
cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= {
   TYPE KeyWrapAlgorithm
   IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme
}

cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= {
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha1kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha224kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha256kdf-scheme
}

cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha384kdf-scheme
}
Top   ToC   RFC5753 - Page 58
cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY dhSinglePass-cofactorDH-sha512kdf-scheme
}

cap-kaa-mqvSinglePass-sha1kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha1kdf-scheme
}

cap-kaa-mqvSinglePass-sha224kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha224kdf-scheme
}

cap-kaa-mqvSinglePass-sha256kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha256kdf-scheme
}

cap-kaa-mqvSinglePass-sha384kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha384kdf-scheme
}

cap-kaa-mqvSinglePass-sha512kdf-scheme SMIME-CAPS ::={
  TYPE KeyWrapAlgorithm
  IDENTIFIED BY mqvSinglePass-sha512kdf-scheme
}

cap-hMAC-SHA224 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA224 }

cap-hMAC-SHA256 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA256 }

cap-hMAC-SHA384 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA384 }

cap-hMAC-SHA512 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA512 }

END
Top   ToC   RFC5753 - Page 59

Appendix B. Changes since RFC 3278

The following summarizes the changes: - Abstract: The basis of the document was changed to refer to NIST FIPS 186-3 and SP800-56A. However, to maintain backwards compatibility the Key Derivation Function from ANSI/SEC1 is retained. - Section 1: A bullet was added to address AuthEnvelopedData. - Section 2.1: A sentence was added to indicate FIPS180-3 is used with ECDSA. Replaced reference to ANSI X9.62 with FIPS186-3. - Section 2.1.1: The permitted digest algorithms were expanded from SHA-1 to SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. - Section 2.1.2 and 2.1.3: The bullet addressing integer "e" was deleted. - Section 3: Added explanation of why static-static ECDH is not included. - Section 3.1: The reference for DH was changed from RFC 3852 to RFC 3370. Provided text to indicate fields of EnvelopedData are as in CMS. - Section 3.1.1: The text was updated to include description of all KeyAgreeRecipientInfo fields. Parameters for id-ecPublicKey field changed from NULL to absent or ECParameter. Additional information about ukm was added. - Section 3.2: The sentence describing the advantages of 1-Pass ECMQV was rewritten. - Section 3.2.1: The text was updated to include description of all fields. Parameters for id-ecPublicKey field changed from NULL to absent or ECParameters. - Sections 3.2.2 and 4.1.2: The re-use of ephemeral keys paragraph was reworded. - Section 4.1: The sentences describing the advantages of 1-Pass ECMQV was moved to Section 4. - Section 4.1.2: The note about the attack was moved to Section 4.
Top   ToC   RFC5753 - Page 60
   - Section 4.2: This section was added to address AuthEnvelopedData
     with ECMQV.

   - Section 5: This section was moved to Section 8.  The 1st paragraph
     was modified to recommend both SignedData and EnvelopedData.  The
     requirements were updated for hash algorithms and recommendations
     for matching curves and hash algorithms.  Also, the requirements
     were expanded to indicate which ECDH and ECMQV variants, key wrap
     algorithms, and content encryption algorithms are required for each
     of the content types used in this document.  The permitted digest
     algorithms used in KDFs were expanded from SHA-1 to SHA-1, SHA-224,
     SHA-256, SHA-384, and SHA-512.

   - Section 6 (formerly 7): This section was updated to allow for
     SMIMECapabilities to be present in certificates.  The S/MIME
     capabilities for ECDSA with SHA-224, SHA-256, SHA-384, and SHA-512
     were added to the list of S/MIME Capabilities.  Also, updated to
     include S/MIME capabilities for ECDH and ECMQV using the SHA-224,
     SHA-256, SHA-384, and SHA-512 algorithms as the KDF.

   - Section 7.1 (formerly 8.1): Added sub-sections for digest,
     signature, originator public key, key agreement, content
     encryption, key wrap, and message authentication code algorithms.
     Pointed to algorithms and parameters in appropriate documents for:
     SHA-224, SHA-256, SHA-384, and SHA-512 as well as SHA-224, SHA-256,
     SHA-384, and SHA-512 with ECDSA.  Also, added algorithm identifiers
     for ECDH std, ECDH cofactor, and ECMQV with SHA-224, SHA-256,
     SHA-384, and SHA-512 algorithms as the KDF.  Changed id-ecPublicKey
     parameters to be absent, NULL, or ECParameters, and if present the
     originator's ECParameters must match the recipient's ECParameters.

   - Section 7.2 (formerly 8.2): Updated to include AuthEnvelopedData.
     Also, added text to address support requirement for compressed,
     uncompressed, and hybrid keys; changed pointers from ANSI X9.61 to
     PKIX (where ECDSA-Sig-Value is imported); changed pointers from
     SECG to NIST specs; and updated example of suppPubInfo to be
     AES-256.  keyInfo's parameters changed from NULL to any associated
     parameters (AES wraps have absent parameters).

   - Section 9: Replaced text, which was a summary paragraph, with an
     updated security considerations section.  Paragraph referring to
     definitions of SHA-224, SHA-256, SHA-384, and SHA-512 is deleted.

   - Updated references.

   - Added ASN.1 modules.

   - Updated acknowledgements section.
Top   ToC   RFC5753 - Page 61

Acknowledgements

The methods described in this document are based on work done by the ANSI X9F1 working group. The authors wish to extend their thanks to ANSI X9F1 for their assistance. The authors also wish to thank Peter de Rooij for his patient assistance. The technical comments of Francois Rousseau were valuable contributions. Many thanks go out to the other authors of RFC 3278: Simon Blake- Wilson and Paul Lambert. Without RFC 3278, this version wouldn't exist. The authors also wish to thank Alfred Hoenes, Jonathan Herzog, Paul Hoffman, Russ Housley, and Jim Schaad for their valuable input.

Authors' Addresses

Sean Turner IECA, Inc. 3057 Nutley Street, Suite 106 Fairfax, VA 22031 USA EMail: turners@ieca.com Daniel R. L. Brown Certicom Corp 5520 Explorer Drive #400 Mississauga, ON L4W 5L1 Canada EMail: dbrown@certicom.com