CMS is an acronym for the Cryptographic Message Syntax, as defined in RFC5652
CMS is an acronym for the Cryptographic Message Syntax, as defined in RFC5652
Questions tagged [cms]
26 questions
20
votes
1 answer
Is PKCS7 a signature format or a certificate format?
I always though PKCS7 was a signature format.
However, on the net I find several references to PKCS7 being a certificate format - for example, this talks about PKCS7 certificate: Extract raw certificate from PKCS#7 file in JAVA
Or: What's the…
user93353
- 2,348
- 3
- 28
- 49
7
votes
0 answers
Are there any test vectors for the CMS content type AuthEnvelopedData (for AES-GCM)?
I am looking for CMS AuthEnvelopedData test vectors for AES-GCM mode. I haven’t seen any ready-to-use test vectors for it. There are test vectors for AES-GCM mode but not for its CMS support.
I even checked open source cryptography libraries which…
Makif
- 820
- 10
- 17
3
votes
1 answer
Which padding is used for sha256WithRSAEncryption (1.2.840.113549.1.1.11), deterministic or random?
Questions
Is the only way to know which padding was used is to know the
context of how sha256WithRSAEncryption was used (that PS is 0xFF when
signing, and random non-zero when encrypting)?
Is there an explicit
documentation stating that, or is a…
Jason Pyeron
- 133
- 1
- 5
3
votes
1 answer
How does RFC 5652 authenticated data confirm origin and data integrity?
My reading of RFC 5652 Authenticated-Data does not give receiver confidence in originator of message, and therefore can not provide data integrity certainty.
Originator process is:
1. generate random message key
2. encrypt message key for (each)…
philcolbourn
- 143
- 3
3
votes
1 answer
Size of encrypted AES CEK in CMS block
When I run
openssl cms -encrypt -aes256 -in sample.der -out wrapped.der -outform DER -recip ecc.crt -keyopt ecdh_kdf_md:sha512
the part of the CMS output which is supposed to have the 256 bit CEK encrypted under the KEK shows to be 40…
sce
- 267
- 2
- 7
2
votes
0 answers
Is CMS for data still relevant
I have an application where I need to store small to moderate amounts of data in a symmetrically encrypted form. For various reasons, CMS with an AuthEnvelopedData seems to tick all the requirements.
For example, password recipient info (PWRI)…
mikb
- 121
- 1
2
votes
1 answer
Different encryption standards and how they relate to auth and algorithms
The main confusion I have is around the different PKCS and relation with SSL (TLS). I have done a lot of research and have found bits and pieces but not necessarily how these relate, so let me explain but first with a little background.
To start, I…
Joe
- 23
- 2
2
votes
1 answer
PKCS#7 Signed Data contains always different signature
I am wondering why CMS (PKCS#7) Signed Data contains always a different signature of the original data when the SHA256withRSA signature algorithm is used. (using Bouncy Castle by the way)
The SHA256withRSA is using the SHA-256 as a message digest…
user1563721
- 583
- 4
- 17
2
votes
3 answers
What exactly is the contents of the LDAP userSMIMECertificate attribute?
I'm trying to setup an LDAP with user certificates. I have already learned that certificates can be stored in either the userCertificate attribute in DER format, or in userSMIMECertificate in PKCS#7 format, the latter having the advantage of being…
not2savvy
- 232
- 4
- 11
2
votes
1 answer
What does CMS standard mean by "initial input to the message digest"
I'm really grinding my teeth against digest calculation explanation in the CMS standard.
Let's consider the case when the signedAttrs are present.
The first paragraph says
initial input to the message digest calculation process is the
"value" of…
Pawel Veselov
- 133
- 4
2
votes
0 answers
Where is the OID and ASN.1 specified for AES_CMAC?
I have a requirement to implement AES_CMAC as the authentication algorithm in a CMS library. I just can't seem to find the OID and the ASN.1 definition for it.
I expected to see the OID under {joint-iso-itu-t(2) country(16) us(840) organization(1)…
Bryan
- 29
- 1
1
vote
1 answer
Does CMS AuthEnvelopedData type provide message authentication?
I was looking through the S/MIME Message specification (RFC 8551) to find out what security services it offers. Section 2.4.4 of this document describing AuthEnvelopedData content type (which uses the CMS type of the same name) says:
This content…
Kirill Khakimov
- 13
- 3
1
vote
2 answers
OPENSSL: What is the difference of enc command and cms' enc command?
I found something strange while checking the inside of the envelope data.
I had plain text "plaintextplant" - length is $15$ (include lf(0x0A))`. I made a .ber file that is encrypted by AES256 and encoded DER via:
openssl cms -encrypt -in plain…
poiuy925
- 45
- 1
- 5
1
vote
0 answers
PKCS#7 digest encryption algorithm - difference between rsaEncryption and sha256WithRsaEncryption
As part of our linux secure boot implementation using dm-verity and root hash signature checking, I need to sign a file with the following openssl command (example):
openssl smime -sign -nocerts -noattr -binary -in unsigned.txt -inkey private.key…
Werner Breitwieser
- 11
- 2
1
vote
1 answer
Why does CMS' PasswordRecipient use a KEK?
When using openssl cms -encrypt -pwri_password, it follows the process described in RFC 3211, which passes the user-provided password into a KDF, but then, rather than using the output of that KDF to encrypt the content, it instead uses that key as…
JamesTheAwesomeDude
- 968
- 7
- 23