RFC 2311 (rfc2311) - Page 4 of 37
S/MIME Version 2 Message Specification
Alternative Format: Original Text Document
RFC 2311 S/MIME Version 2 Message Specification March 1998 2. PKCS #7 Options The PKCS #7 message format allows for a wide variety of options in content and algorithm support. This section puts forth a number of support requirements and recommendations in order to achieve a base level of interoperability among all S/MIME implementations. 2.1 DigestAlgorithmIdentifier Receiving agents MUST support SHA-1 [SHA1] and MD5 [MD5]. Sending agents SHOULD use SHA-1. 2.2 DigestEncryptionAlgorithmIdentifier Receiving agents MUST support rsaEncryption, defined in [PKCS-1]. Receiving agents MUST support verification of signatures using RSA public key sizes from 512 bits to 1024 bits. Sending agents MUST support rsaEncryption. Outgoing messages are signed with a user's private key. The size of the private key is determined during key generation. 2.3 KeyEncryptionAlgorithmIdentifier Receiving agents MUST support rsaEncryption. Incoming encrypted messages contain symmetric keys which are to be decrypted with a user's private key. The size of the private key is determined during key generation. Sending agents MUST support rsaEncryption. Sending agents MUST support encryption of symmetric keys with RSA public keys at key sizes from 512 bits to 1024 bits. 2.4 General Syntax The PKCS #7 defines six distinct content types: "data", "signedData", "envelopedData", "signedAndEnvelopedData", "digestedData", and "encryptedData". Receiving agents MUST support the "data", "signedData" and "envelopedData" content types. Sending agents may or may not send out any of the content types, depending on the services that the agent supports. 2.4.1 Data Content Type Sending agents MUST use the "data" content type as the content within other content types to indicate the message content which has had security services applied to it. Dusse, et. al. Informational
