RFC 3211 (rfc3211) - Page 2 of 17


Password-based Encryption for CMS



Alternative Format: Original Text Document



RFC 3211           Password-based Encryption for CMS       December 2001


1.1 Password-based Content Encryption

   CMS currently defined three recipient information types for public-
   key key wrapping (KeyTransRecipientInfo), conventional key wrapping
   (KEKRecipientInfo), and key agreement (KeyAgreeRecipientInfo).  The
   recipient information described here adds a fourth type,
   PasswordRecipientInfo, which provides for password-based key
   wrapping.

1.2 RecipientInfo Types

   The new recipient information type is an extension to the
   RecipientInfo type defined in section 6.2 of CMS, extending the types
   to:

      RecipientInfo ::= CHOICE {
        ktri KeyTransRecipientInfo,
        kari [1] KeyAgreeRecipientInfo,
        kekri [2] KEKRecipientInfo,
        pwri [3] PasswordRecipientinfo   -- New RecipientInfo type
        }

   Although the recipient information generation process is described in
   terms of a password-based operation (since this will be its most
   common use), the transformation employed is a general-purpose key
   derivation one which allows any type of keying material to be
   converted into a key specific to a particular content-encryption
   algorithm.  Since the most common use for password-based encryption
   is to encrypt files which are stored locally (rather than being
   transmitted across a network), the term "recipient" is somewhat
   misleading, but is used here because the other key transport
   mechanisms have always been described in similar terms.

1.2.1  PasswordRecipientInfo Type

   Recipient information using a user-supplied password or previously
   agreed-upon key is represented in the type PasswordRecipientInfo.
   Each instance of PasswordRecipientInfo will transfer the content-
   encryption key (CEK) to one or more recipients who have the
   previously agreed-upon password or key-encryption key (KEK).

      PasswordRecipientInfo ::= SEQUENCE {
        version CMSVersion,   -- Always set to 0
        keyDerivationAlgorithm
                         [0] KeyDerivationAlgorithmIdentifier OPTIONAL,
        keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
        encryptedKey EncryptedKey }




Gutmann                     Standards Track