RFC 3058 (rfc3058) - Page 2 of 8


Use of the IDEA Encryption Algorithm in CMS



Alternative Format: Original Text Document



RFC 3058            IDEA Encryption Algorithm in CMS       February 2001


   In this document, the terms MUST, MUST NOT, SHOULD, and SHOULD NOT
   are used in capital letters.  This conforms to the definitions in
   [MUSTSHOULD].

2. Object Identifier for Content and Key Encryption

   The Cryptographic Message Syntax [CMS], derived from PKCS#7 [PKCS7],
   is the framework for the implementation of cryptographic functions in
   S/MIME.  It specifies data formats and encryption processes without
   naming the cryptographic algorithms.  Each algorithm which is used
   for encryption purposes must be specified by a unique algorithm
   identifier.  For example, in the special case of content encryption
   the ContentEncryptionAlgorithmIdentifier specifies the algorithm to
   be applied.  However, according to [CMS] any symmetric encryption
   algorithm that a CMS implementation includes as a content-encryption
   algorithm must also be included as a key-encryption algorithm.

   IDEA is added to the set of optional symmetric encryption algorithms
   in S/MIME by providing two unique object identifiers (OIDs).  One OID
   defines content encryption and the other one key encryption.  Thus an
   S/MIME agent can apply IDEA either for content or key encryption by
   selecting the corresponding object identifier, supplying the required
   parameter, and starting the program code.

   For content encryption the use of IDEA in cipher block chaining (CBC)
   mode is recommended.  The key length is fixed to 128 bits.

   The IDEA content-encryption algorithm in CBC mode has the object
   identifier

     IDEA-CBC OBJECT IDENTIFIER
       ::= { iso(1) identified-organization(3)
           usdod(6) oid(1) private(4) enterprises(1)
           ascom(188) systec(7) security(1) algorithms(1) 2 }

   The identifier's parameters field contains the initialization vector
   (IV) as an optional parameter.

     IDEA-CBCPar ::= SEQUENCE {
       iv  OCTET STRING OPTIONAL } -- exactly 8 octets

   If IV is specified as above, it MUST be used as initial vector.  In
   this case, the ciphertext MUST NOT include the initial vector.  If IV
   is not specified, the first 64 bits of the ciphertext MUST be
   considered as the initial vector.  However, this alternative of not
   including IV into "iv OCTET STRING" of IDEA-CBCPar SHOULD NOT be
   applied in CMS or S/MIME.




Teiwes, et al.               Informational