Cryptography Reference
In-Depth Information
first prepare what is called a
MIME entity
, which may be a subpart of a message
or the whole message, including all its subparts. (A MIME message
8.4
consists
of: (1) one of five header fields, which provide information about the body of the
message; and (2) a variety of content formats, supporting multimedia e-mail.)
Once the MIME entity is created, it is converted to
canonical form
, which
is a format, suitable to the content type, standardized for use between various
systems. Then the appropriate transfer encodingis applied to the messae
content. Then the MIME entity is sent to security services, where it is enveloped,
signed, or both.
S/MIME Content Types
1.
Enveloped-Only Data
: The S/MIME content type, called
enveloped
data
, consists of enciphered content of any kind, together with encrypted
content-encipheringkeys for one or more recipients. For each such re-
cipient, a digital envelope is manufactured. This envelope contains the
enciphered content itself, together with an attendant encrypted content-
enciphering key. This guarantees confidentiality of the message while in
transit. The methodology for creating enveloped-content data is given in
the followingsteps.
We will assume that there is one recipient, Bob, for simplicity, but there
may be numerous recipients for whom each of these steps must be carried
out.
[a] Choose an SKC (3DES, for instance), and generate a pseudorandom
content-encipheringkey
k
.
[b] Encipher
k
with Bob's public key
e
B
,toget
e
B
(
k
).
[c] Create a block of data for Bob consistingof
e
B
(
k
), an identifier,
C
(
B
),
for Bob's X.509V3 certificate, and an identifier of the algorithm used
to encrypt the session key,
k
,say
I
RSA
, for instance.
[d] Encipher the message
m
, with
k
to get
E
k
(
m
).
[e] Form
ED
=(
e
B
(
k
)
,C
(
B
)
,I
RSA
,E
k
(
m
)), the enveloped data, which
is base-64 encoded to produce the enveloped data value.
When Bob receives the message, he strips off the base-64 encoding, uses
d
B
to get
k
, which is used to recover
m
.
Enveloped-only data in S/MIME provides secrecy without authentication.
2.
Signed-Only Data
: Although it is possible to have more than one signer,
we will assume that there is only Alice, for the sake of simplicity. There are
also two methods for signing S/MIME messages: (1)
SignedData-MIME
with signed-only data (but this is readable only by S/MIME-enabled
8.4
MIME message specifications are provided in RFC 2045-2049; see [198]-[202].
Search WWH ::
Custom Search