Cryptography Reference
In-Depth Information
accomplished via the digital signature
only
beingbase-64 encoded. This,
therefore, ensures the same data integrity as part 2, but allows for more
flexibility in the “read-only” format.
4.
Signed and Encrypted Data
: This is a nestingfunction allowingfor
both confidentiality and integrity via either the signing of encrypted data,
or the encipheringof signed data.
There are also recommendations for key sizes dependingon the cryptographic
suite used.
Public Key Sizes
1. If the implementation of S/MIME is employingcryptoraphic suite CS3,
then it SHOULD also support RSA key sizes
greater
than 1024 bits.
2. If the S/MIME implementation uses cryptographic suite CS5, then it
SHOULD support DiJe-Hellman key sizes
greater
than 1024 bits.
3. If the S/MIME implementation supports key sizes greater than 1024
bits when employing either DSA or RSA for digital signatures, then it
SHOULD also support SHA-256.
Decidingupon a cryptoraphic suite to use may depend on the capabilities
of the intended receiver. S/MIME, therefore, makes decision criteria available
to the sender for makingsuch a determination.
S/MIME Decision Criteria for Selecting Cryptographic Suites
We assume Alice is sendingBob an S/MIME message.
1.
Known Capabilities
: If Alice has knowledge of Bob's cryptographic ca-
pabilities from some previous correspondence, then she should choose the
item on Bob's list that most closely corresponds to the most preferred
S/MIME capability.
2.
Unknown Capabilities
: If Alice has no knowledge of Bob's cryptographic
capabilities, but has received at least one message from him in the past,
then she should use the algorithm employed by Bob for sending him the
message.
3.
Unknown Capabilities and Unknown S/MIME Version
: If Alice
has neither any knowledge of Bob's cryptographic capabilities, nor has
she had any previous correspondence with him, she should use 3DES,
which is required in cryptographic suites CS1-CS2.
S/MIME Messages
S/MIME messages embody
cryptographic message syntax objects
as defined
in [216] and MIME bodies. In order to process an S/MIME message, one must
Search WWH ::
Custom Search