RFC 3211 (rfc3211) - Page 2 of 17
Password-based Encryption for CMS
Alternative Format: Original Text Document
RFC 3211 Password-based Encryption for CMS December 2001
1.1 Password-based Content Encryption
CMS currently defined three recipient information types for public-
key key wrapping (KeyTransRecipientInfo), conventional key wrapping
(KEKRecipientInfo), and key agreement (KeyAgreeRecipientInfo). The
recipient information described here adds a fourth type,
PasswordRecipientInfo, which provides for password-based key
wrapping.
1.2 RecipientInfo Types
The new recipient information type is an extension to the
RecipientInfo type defined in section 6.2 of CMS, extending the types
to:
RecipientInfo ::= CHOICE {
ktri KeyTransRecipientInfo,
kari [1] KeyAgreeRecipientInfo,
kekri [2] KEKRecipientInfo,
pwri [3] PasswordRecipientinfo -- New RecipientInfo type
}
Although the recipient information generation process is described in
terms of a password-based operation (since this will be its most
common use), the transformation employed is a general-purpose key
derivation one which allows any type of keying material to be
converted into a key specific to a particular content-encryption
algorithm. Since the most common use for password-based encryption
is to encrypt files which are stored locally (rather than being
transmitted across a network), the term "recipient" is somewhat
misleading, but is used here because the other key transport
mechanisms have always been described in similar terms.
1.2.1 PasswordRecipientInfo Type
Recipient information using a user-supplied password or previously
agreed-upon key is represented in the type PasswordRecipientInfo.
Each instance of PasswordRecipientInfo will transfer the content-
encryption key (CEK) to one or more recipients who have the
previously agreed-upon password or key-encryption key (KEK).
PasswordRecipientInfo ::= SEQUENCE {
version CMSVersion, -- Always set to 0
keyDerivationAlgorithm
[0] KeyDerivationAlgorithmIdentifier OPTIONAL,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey }
Gutmann Standards Track