RFC 3058 (rfc3058) - Page 2 of 8
Use of the IDEA Encryption Algorithm in CMS
Alternative Format: Original Text Document
RFC 3058 IDEA Encryption Algorithm in CMS February 2001
In this document, the terms MUST, MUST NOT, SHOULD, and SHOULD NOT
are used in capital letters. This conforms to the definitions in
[MUSTSHOULD].
2. Object Identifier for Content and Key Encryption
The Cryptographic Message Syntax [CMS], derived from PKCS#7 [PKCS7],
is the framework for the implementation of cryptographic functions in
S/MIME. It specifies data formats and encryption processes without
naming the cryptographic algorithms. Each algorithm which is used
for encryption purposes must be specified by a unique algorithm
identifier. For example, in the special case of content encryption
the ContentEncryptionAlgorithmIdentifier specifies the algorithm to
be applied. However, according to [CMS] any symmetric encryption
algorithm that a CMS implementation includes as a content-encryption
algorithm must also be included as a key-encryption algorithm.
IDEA is added to the set of optional symmetric encryption algorithms
in S/MIME by providing two unique object identifiers (OIDs). One OID
defines content encryption and the other one key encryption. Thus an
S/MIME agent can apply IDEA either for content or key encryption by
selecting the corresponding object identifier, supplying the required
parameter, and starting the program code.
For content encryption the use of IDEA in cipher block chaining (CBC)
mode is recommended. The key length is fixed to 128 bits.
The IDEA content-encryption algorithm in CBC mode has the object
identifier
IDEA-CBC OBJECT IDENTIFIER
::= { iso(1) identified-organization(3)
usdod(6) oid(1) private(4) enterprises(1)
ascom(188) systec(7) security(1) algorithms(1) 2 }
The identifier's parameters field contains the initialization vector
(IV) as an optional parameter.
IDEA-CBCPar ::= SEQUENCE {
iv OCTET STRING OPTIONAL } -- exactly 8 octets
If IV is specified as above, it MUST be used as initial vector. In
this case, the ciphertext MUST NOT include the initial vector. If IV
is not specified, the first 64 bits of the ciphertext MUST be
considered as the initial vector. However, this alternative of not
including IV into "iv OCTET STRING" of IDEA-CBCPar SHOULD NOT be
applied in CMS or S/MIME.
Teiwes, et al. Informational