[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CRMF EncryptedValue

To: ietf-pkix@xxxxxxx
Subject: CRMF EncryptedValue
From: Ari Kermaier <arik@xxxxxxxxx>
Date: Wed, 06 Dec 2000 15:40:18 -0500

It seems to me that the EncryptedValue structure defined in CRMF (used in POPOPrivKey and PKIArchiveOptions) may be incompletely specified.

The syntax from draft-ietf-pkix-rfc2511bis-00 Section 6.4 is:

EncryptedValue ::= SEQUENCE {
intendedAlg [0] AlgorithmIdentifier OPTIONAL,
-- the intended algorithm for which the value will be used
symmAlg [1] AlgorithmIdentifier OPTIONAL,
-- the symmetric algorithm used to encrypt the value
encSymmKey [2] BIT STRING OPTIONAL,
-- the (encrypted) symmetric key used to encrypt the value
keyAlg [3] AlgorithmIdentifier OPTIONAL,
-- algorithm used to encrypt the symmetric key
valueHint [4] OCTET STRING OPTIONAL,
-- a brief description or identifier of the encValue content
-- (may be meaningful only to the sending entity, and used only
-- if EncryptedValue might be re-examined by the sending entity
-- in the future)
encValue BIT STRING }

How does the recipient of such a structure know what block padding scheme may (or may not) have been used with the symmetric encryption algorithm? CMS, for example, specifies mechanisms whereby this information is conveyed with similar message structures, but I can't seem to find any mention of this in CMP/CRMF. Any ideas, anyone?

Ari

Prev by Date: Unsubscribe
Next by Date: PKIX WG tentative agenda
Previous by thread: SFL/CML/ACL/SNACC Freeware Available *NEW CML RELEASE*
Next by thread: RE: CRMF EncryptedValue
Index(es):
- Date
- Thread