CryptographicMessageSyntaxAlgorithms-2009 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cmsalg-2001-02(37) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, AlgorithmIdentifier{}, SMIME-CAPS FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} pk-rsa, pk-dh, pk-dsa, rsaEncryption, DHPublicKey, dhpublicnumber FROM PKIXAlgs-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-algorithms2008-02(56)} cap-RC2CBC FROM SecureMimeMessageV3dot1-2009 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-msg-v3dot1-02(39)}; -- 2. Hash algorithms in this document MessageDigestAlgs DIGEST-ALGORITHM ::= { -- mda-md5 | mda-sha1, ... } -- 3. Signature algorithms in this document SignatureAlgs SIGNATURE-ALGORITHM ::= { -- See RFC 3279 -- sa-dsaWithSHA1 | sa-rsaWithMD5 | sa-rsaWithSHA1, ... } -- 4. Key Management Algorithms -- 4.1 Key Agreement Algorithms KeyAgreementAlgs KEY-AGREE ::= { kaa-esdh | kaa-ssdh, ...} KeyAgreePublicKeys PUBLIC-KEY ::= { pk-dh, ...} -- 4.2 Key Transport Algorithms KeyTransportAlgs KEY-TRANSPORT ::= { kt-rsa, ... } -- 4.3 Symmetric Key-Encryption Key Algorithms KeyWrapAlgs KEY-WRAP ::= { kwa-3DESWrap | kwa-RC2Wrap, ... } -- 4.4 Key Derivation Algorithms KeyDerivationAlgs KEY-DERIVATION ::= { kda-PBKDF2, ... } -- 5. Content Encryption Algorithms ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { cea-3DES-cbc | cea-RC2-cbc, ... } -- 6. Message Authentication Code Algorithms MessageAuthAlgs MAC-ALGORITHM ::= { maca-hMAC-SHA1, ... } -- S/MIME Capabilities for these items SMimeCaps SMIME-CAPS ::= { kaa-esdh.&smimeCaps | kaa-ssdh.&smimeCaps | kt-rsa.&smimeCaps | kwa-3DESWrap.&smimeCaps | kwa-RC2Wrap.&smimeCaps | cea-3DES-cbc.&smimeCaps | cea-RC2-cbc.&smimeCaps | maca-hMAC-SHA1.&smimeCaps, ...} -- -- -- -- Algorithm Identifiers -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 } id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2 } hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) 12 } -- Algorithm Identifier Parameter Types KeyWrapAlgorithm ::= AlgorithmIdentifier {KEY-WRAP, {KeyWrapAlgs }} RC2wrapParameter ::= RC2ParameterVersion RC2ParameterVersion ::= INTEGER CBCParameter ::= IV IV ::= OCTET STRING -- exactly 8 octets RC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (1..256), iv OCTET STRING } -- exactly 8 octets maca-hMAC-SHA1 MAC-ALGORITHM ::= { IDENTIFIER hMAC-SHA1 PARAMS TYPE NULL ARE preferredAbsent IS-KEYED-MAC TRUE SMIME-CAPS {IDENTIFIED BY hMAC-SHA1} } PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{ ALGORITHM, {PBKDF2-PRFs} } alg-hMAC-SHA1 ALGORITHM ::= { IDENTIFIER hMAC-SHA1 PARAMS TYPE NULL ARE required } PBKDF2-PRFs ALGORITHM ::= { alg-hMAC-SHA1, ... } PBKDF2-SaltSources ALGORITHM ::= { ... } PBKDF2-SaltSourcesAlgorithmIdentifier ::= AlgorithmIdentifier {ALGORITHM, {PBKDF2-SaltSources}} defaultPBKDF2 PBKDF2-PRFsAlgorithmIdentifier ::= { algorithm alg-hMAC-SHA1.&id, parameters NULL:NULL } PBKDF2-params ::= SEQUENCE { salt CHOICE { specified OCTET STRING, otherSource PBKDF2-SaltSourcesAlgorithmIdentifier }, iterationCount INTEGER (1..MAX), keyLength INTEGER (1..MAX) OPTIONAL, prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT defaultPBKDF2 } -- -- This object is included for completeness. It should not be used -- for encoding of signatures, but was sometimes used in older -- versions of CMS for encoding of RSA signatures. -- -- -- sa-rsa SIGNATURE-ALGORITHM ::= { -- IDENTIFIER rsaEncryption -- - - value is not ASN.1 encoded -- PARAMS TYPE NULL ARE required -- HASHES {mda-sha1 | mda-md5, ...} -- PUBLIC-KEYS { pk-rsa} -- } -- -- No ASN.1 encoding is applied to the signature value -- for these items kaa-esdh KEY-AGREE ::= { IDENTIFIER id-alg-ESDH PARAMS TYPE KeyWrapAlgorithm ARE required PUBLIC-KEYS { pk-dh } -- UKM is not ASN.1 encoded UKM ARE optional SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-ESDH} } kaa-ssdh KEY-AGREE ::= { IDENTIFIER id-alg-SSDH PARAMS TYPE KeyWrapAlgorithm ARE required PUBLIC-KEYS {pk-dh} -- UKM is not ASN.1 encoded UKM ARE optional SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-SSDH} } dh-public-number OBJECT IDENTIFIER ::= dhpublicnumber pk-originator-dh PUBLIC-KEY ::= { IDENTIFIER dh-public-number KEY DHPublicKey PARAMS ARE absent CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly} } kwa-3DESWrap KEY-WRAP ::= { IDENTIFIER id-alg-CMS3DESwrap PARAMS TYPE NULL ARE required SMIME-CAPS {IDENTIFIED BY id-alg-CMS3DESwrap} } kwa-RC2Wrap KEY-WRAP ::= { IDENTIFIER id-alg-CMSRC2wrap PARAMS TYPE RC2wrapParameter ARE required SMIME-CAPS { IDENTIFIED BY id-alg-CMSRC2wrap } } kda-PBKDF2 KEY-DERIVATION ::= { IDENTIFIER id-PBKDF2 PARAMS TYPE PBKDF2-params ARE required -- No S/MIME caps defined } cea-3DES-cbc CONTENT-ENCRYPTION ::= { IDENTIFIER des-ede3-cbc PARAMS TYPE IV ARE required SMIME-CAPS { IDENTIFIED BY des-ede3-cbc } } cea-RC2-cbc CONTENT-ENCRYPTION ::= { IDENTIFIER rc2-cbc PARAMS TYPE RC2CBCParameter ARE required SMIME-CAPS cap-RC2CBC } kt-rsa KEY-TRANSPORT ::= { IDENTIFIER rsaEncryption PARAMS TYPE NULL ARE required PUBLIC-KEYS { pk-rsa } SMIME-CAPS {IDENTIFIED BY rsaEncryption} } -- S/MIME Capabilities - most have no label. cap-3DESwrap SMIME-CAPS ::= { IDENTIFIED BY id-alg-CMS3DESwrap } END