Network Working Group S. Moriai
Request for Comments: 3657 Sony Computer Entertainment Inc.
Category: Standards Track A. Kato
NTT Software Corporation
January 2004
Network Working Group S. Moriai
Request for Comments: 3657 Sony Computer Entertainment Inc.
Category: Standards Track A. Kato
NTT Software Corporation
January 2004
Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)
Camellia加密算法在加密消息语法(CMS)中的使用
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
This document specifies the conventions for using the Camellia encryption algorithm for encryption with the Cryptographic Message Syntax (CMS).
本文档规定了使用Camellia加密算法对加密消息语法(CMS)进行加密的约定。
This document specifies the conventions for using the Camellia encryption algorithm [CamelliaSpec] for encryption with the Cryptographic Message Syntax (CMS) [CMS]. The relevant object identifiers (OIDs) and processing steps are provided so that Camellia may be used in the CMS specification (RFC 3369, RFC 3370) for content and key encryption.
本文件规定了使用Camellia加密算法[Camellia Spec]对加密消息语法(CMS)[CMS]进行加密的约定。提供相关的对象标识符(OID)和处理步骤,以便在CMS规范(RFC 3369、RFC 3370)中使用Camellia进行内容和密钥加密。
Note: This work was done when the first author worked for NTT.
注:这项工作是在第一作者为NTT工作时完成的。
Camellia was jointly developed by Nippon Telegraph and Telephone Corporation and Mitsubishi Electric Corporation in 2000. Camellia specifies the 128-bit block size and 128-, 192-, and 256-bit key sizes, the same interface as the Advanced Encryption Standard (AES). Camellia is characterized by its suitability for both software and hardware implementations as well as its high level of security. From a practical viewpoint, it is designed to enable flexibility in software and hardware implementations on 32-bit processors widely used over the Internet and many applications, 8-bit processors used in smart cards, cryptographic hardware, embedded systems, and so on [CamelliaTech]. Moreover, its key setup time is excellent, and its key agility is superior to that of AES.
茶花由日本电报电话公司和三菱电机公司于2000年联合开发。Camellia指定128位块大小和128、192和256位密钥大小,接口与高级加密标准(AES)相同。Camellia的特点是适用于软件和硬件实现以及高级别的安全性。从实用角度来看,它的设计目的是在互联网和许多应用中广泛使用的32位处理器、智能卡中使用的8位处理器、加密硬件、嵌入式系统等[CamelliaTech]上实现软件和硬件实现的灵活性。此外,它的密钥设置时间非常长,密钥灵活性优于AES。
Camellia has been scrutinized by the wide cryptographic community during several projects for evaluating crypto algorithms. In particular, Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and also included in the list of cryptographic techniques for Japanese e-Government systems which were selected by the Japan CRYPTREC (Cryptography Research and Evaluation Committees) [CRYPTREC].
在评估加密算法的几个项目中,Camellia受到了广泛的密码社区的审查。特别是,Camellia被欧盟NESSIE(新的欧洲签名、完整性和加密方案)项目[NESSIE]选为推荐的加密原语,并被列入日本CRYPTREC选择的日本电子政务系统加密技术列表中(密码学研究和评估委员会)[CRYPTREC]。
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in uppercase, as shown) are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应该”、“不应该”、“建议”、“可以”和“可选”(大写,如图所示)应按照[RFC2119]中所述进行解释。
This section provides the OIDs and processing information necessary for Camellia to be used for content and key encryption in CMS.
本节提供了Camellia在CMS中用于内容和密钥加密所需的OID和处理信息。
Camellia is added to the set of optional symmetric encryption algorithms in CMS by providing two classes of unique object identifiers (OIDs). One OID class defines the content encryption algorithms and the other defines the key encryption algorithms. Thus a CMS agent can apply Camellia either for content or key encryption by selecting the corresponding object identifier, supplying the required parameter, and starting the program code.
Camellia通过提供两类唯一对象标识符(OID)添加到CMS中的可选对称加密算法集中。一个OID类定义内容加密算法,另一个定义密钥加密算法。因此,CMS代理可以通过选择相应的对象标识符、提供所需参数并启动程序代码,将Camellia应用于内容或密钥加密。
Camellia is added to the set of symmetric content encryption algorithms defined in [CMSALG]. The Camellia content-encryption algorithm, in Cipher Block Chaining (CBC) mode, for the three different key sizes are identified by the following object identifiers:
Camellia被添加到[CMSALG]中定义的对称内容加密算法集中。在密码块链接(CBC)模式下,三种不同密钥大小的Camellia内容加密算法由以下对象标识符标识:
id-camellia128-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia128-cbc(2) }
id-camellia128-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia128-cbc(2) }
id-camellia192-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia192-cbc(3) }
id-camellia192-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia192-cbc(3) }
id-camellia256-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia256-cbc(4) }
id-camellia256-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia256-cbc(4) }
The AlgorithmIdentifier parameters field MUST be present, and the parameters field MUST contain the value of IV:
AlgorithmIdentifier parameters字段必须存在,并且parameters字段必须包含IV值:
CamelliaCBCParameter ::= CamelliaIV -- Initialization Vector
CamelliaCBCParameter ::= CamelliaIV -- Initialization Vector
CamelliaIV ::= OCTET STRING (SIZE(16))
CamelliaIV ::= OCTET STRING (SIZE(16))
The plain text is padded according to Section 6.3 of [CMS].
纯文本根据[CMS]第6.3节进行填充。
The key-wrap/unwrap procedures used to encrypt/decrypt a Camellia content-encryption key (CEK) with a Camellia key-encryption key (KEK) are specified in Section 3. Generation and distribution of key-encryption keys are beyond the scope of this document.
第3节规定了用于使用Camellia密钥加密密钥(KEK)加密/解密Camellia内容加密密钥(CEK)的密钥包装/展开过程。密钥加密密钥的生成和分发超出了本文档的范围。
The Camellia key-encryption algorithm has the following object identifier:
Camellia密钥加密算法具有以下对象标识符:
id-camellia128-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) }
id-camellia128-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) }
id-camellia192-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) }
id-camellia192-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) }
id-camellia256-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) }
id-camellia256-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) }
In all cases the parameters field of AlgorithmIdentifier MUST be ABSENT, because the key wrapping procedure itself defines how and when to use an IV. The OID gives the KEK key size, but does not make any statements as to the size of the wrapped Camellia CEK. Implementations MAY use different KEK and CEK sizes. Implementations MUST support the CEK and the KEK having the same length. If different lengths are supported, the KEK MUST be of equal or greater length than the CEK.
在所有情况下,AlgorithmIdentifier的参数字段都必须不存在,因为密钥封装过程本身定义了如何以及何时使用IV。OID给出了KEK密钥大小,但没有对封装的Camellia CEK的大小做出任何声明。实现可能使用不同的KEK和CEK大小。实现必须支持长度相同的CEK和KEK。如果支持不同的长度,KEK的长度必须等于或大于CEK。
Camellia key wrapping and unwrapping are done in conformance with the AES key wrap algorithm [RFC3394], because Camellia and AES have the same block and key sizes, i.e., the block size of 128 bits and key sizes of 128, 192, and 256 bits.
Camellia密钥包装和解包装按照AES密钥包装算法[RFC3394]进行,因为Camellia和AES具有相同的块和密钥大小,即块大小为128位,密钥大小为128、192和256位。
The following notation is used in the description of the key wrapping algorithms:
以下符号用于密钥包装算法的描述:
Camellia(K, W) Encrypt W using the Camellia codebook with key K Camellia-1(K, W) Decrypt W using the Camellia codebook with key K MSB(j, W) Return the most significant j bits of W LSB(j, W) Return the least significant j bits of W B1 ^ B2 The bitwise exclusive or (XOR) of B1 and B2 B1 | B2 Concatenate B1 and B2 K The key-encryption key K n The number of 64-bit key data blocks s The number of steps in the wrapping process, s = 6n P[i] The ith plaintext key data block C[i] The ith ciphertext data block A The 64-bit integrity check register R[i] An array of 64-bit registers where i = 0, 1, 2, ..., n
Camellia(K,W)使用具有密钥K的Camellia码本加密W Camellia-1(K,W)使用具有密钥K MSB(j,W)的Camellia码本解密W返回W LSB的最高有效j位(j,W)返回W B1^B2的最低有效j位按位异或(XOR)B1和B2的B1 | B2连接B1和b2k密钥加密密钥kn 64位密钥数据块的数量s包装过程中的步骤数,s=6np[i]第i个明文密钥数据块C[i]第i个密文数据块A 64位完整性检查寄存器R[i]一个64位寄存器数组,其中i=0,1,2,…,n
A[t], R[t][i] The contents of registers A and R[i] after encryption step t. IV The 64-bit initial value used during the wrapping process.
A[t],R[t][i]在加密步骤t之后寄存器A和R[i]的内容。IV包装过程中使用的64位初始值。
In the key wrap algorithm, the concatenation function will be used to concatenate 64-bit quantities to form the 128-bit input to the Camellia codebook. The extraction functions will be used to split the 128-bit output from the Camellia codebook into two 64-bit quantities.
在密钥换行算法中,串联函数将用于串联64位量,以形成对Camellia码本的128位输入。提取函数将用于将Camellia码本的128位输出拆分为两个64位量。
Key wrapping with Camellia is identical to Section 2.2.1 of [RFC3394] with "AES" replaced by "Camellia".
带茶花的钥匙包装与[RFC3394]第2.2.1节相同,将“AES”替换为“茶花”。
The inputs to the key wrapping process are the KEK and the plaintext to be wrapped. The plaintext consists of n 64-bit blocks, containing the key data being wrapped. The key wrapping process is described below.
密钥包装过程的输入是KEK和要包装的明文。明文由n个64位块组成,其中包含要包装的密钥数据。密钥包装过程如下所述。
Inputs: Plaintext, n 64-bit values {P[1], P[2], ..., P[n]}, and Key, K (the KEK). Outputs: Ciphertext, (n+1) 64-bit values {C[0], C[1], ..., C[n]}.
输入:明文,n个64位值{P[1],P[2],…,P[n]},键,K(KEK)。输出:密文,(n+1)64位值{C[0],C[1],…,C[n]}。
1) Initialize variables.
1) 初始化变量。
Set A[0] to an initial value (see Section 3.4) For i = 1 to n R[0][i] = P[i]
对于i=1到nR[0][i]=P[i],将A[0]设置为初始值(见第3.4节)
2) Calculate intermediate values.
2) 计算中间值。
For t = 1 to s, where s = 6n
A[t] = MSB(64, Camellia(K, A[t-1] | R[t-1][1])) ^ t
For i = 1 to n-1
R[t][i] = R[t-1][i+1]
R[t][n] = LSB(64, Camellia(K, A[t-1] | R[t-1][1]))
For t = 1 to s, where s = 6n
A[t] = MSB(64, Camellia(K, A[t-1] | R[t-1][1])) ^ t
For i = 1 to n-1
R[t][i] = R[t-1][i+1]
R[t][n] = LSB(64, Camellia(K, A[t-1] | R[t-1][1]))
3) Output the results.
3) 输出结果。
Set C[0] = A[t] For i = 1 to n C[i] = R[t][i]
将i=1的C[0]=A[t]设置为nc[i]=R[t][i]
An alternative description of the key wrap algorithm involves indexing rather than shifting. This approach allows one to calculate the wrapped key in place, avoiding the rotation in the previous description. This produces identical results and is more easily implemented in software.
密钥换行算法的另一种描述涉及索引而不是移位。这种方法允许计算在位的包裹关键点,避免前面描述中的旋转。这会产生相同的结果,并且更容易在软件中实现。
Inputs: Plaintext, n 64-bit values {P[1], P[2], ..., P[n]}, and Key, K (the KEK). Outputs: Ciphertext, (n+1) 64-bit values {C[0], C[1], ..., C[n]}.
输入:明文,n个64位值{P[1],P[2],…,P[n]},键,K(KEK)。输出:密文,(n+1)64位值{C[0],C[1],…,C[n]}。
1) Initialize variables.
1) 初始化变量。
Set A = IV, an initial value (see Section 3.4) For i = 1 to n R[i] = P[i]
设置A=IV,i=1到nR[i]=P[i]的初始值(见第3.4节)
2) Calculate intermediate values.
2) 计算中间值。
For j = 0 to 5
For i=1 to n
B = Camellia(K, A | R[i])
A = MSB(64, B) ^ t where t = (n*j)+i
R[i] = LSB(64, B)
For j = 0 to 5
For i=1 to n
B = Camellia(K, A | R[i])
A = MSB(64, B) ^ t where t = (n*j)+i
R[i] = LSB(64, B)
3) Output the results.
3) 输出结果。
Set C[0] = A For i = 1 to n C[i] = R[i]
将i=1的C[0]=A设置为nc[i]=R[i]
Key unwrapping with Camellia is identical to Section 2.2.2 of [RFC3394], with "AES" replaced by "Camellia".
使用Camellia展开钥匙与[RFC3394]第2.2.2节相同,“AES”替换为“Camellia”。
The inputs to the unwrap process are the KEK and (n+1) 64-bit blocks of ciphertext consisting of previously wrapped key. It returns n blocks of plaintext consisting of the n 64-bit blocks of the decrypted key data.
解包裹过程的输入是KEK和(n+1)64位密文块,由先前包装的密钥组成。它返回由n个64位解密密钥数据块组成的n个明文块。
Inputs: Ciphertext, (n+1) 64-bit values {C[0], C[1], ..., C[n]}, and Key, K (the KEK). Outputs: Plaintext, n 64-bit values {P[1], P[2], ..., P[n]}.
输入:密文,(n+1)64位值{C[0],C[1],…,C[n]},以及密钥K(KEK)。输出:明文,n个64位值{P[1],P[2],…,P[n]}。
1) Initialize variables.
1) 初始化变量。
Set A[s] = C[0] where s = 6n For i = 1 to n R[s][i] = C[i]
设置A[s]=C[0],其中i=1的s=6n到n R[s][i]=C[i]
2) Calculate the intermediate values.
2) 计算中间值。
For t = s to 1
A[t-1] = MSB(64, Camellia-1(K, ((A[t] ^ t) | R[t][n]))
R[t-1][1] = LSB(64, Camellia-1(K, ((A[t]^t) | R[t][n]))
For i = 2 to n
R[t-1][i] = R[t][i-1]
For t = s to 1
A[t-1] = MSB(64, Camellia-1(K, ((A[t] ^ t) | R[t][n]))
R[t-1][1] = LSB(64, Camellia-1(K, ((A[t]^t) | R[t][n]))
For i = 2 to n
R[t-1][i] = R[t][i-1]
3) Output the results.
3) 输出结果。
If A[0] is an appropriate initial value (see Section 3.4), Then For i = 1 to n P[i] = R[0][i] Else Return an error
如果[0]是一个合适的初始值(见第3.4节),则对于i=1到n P[i]=R[0][i],否则返回一个错误
The unwrap algorithm can also be specified as an index based operation, allowing the calculations to be carried out in place. Again, this produces the same results as the register shifting approach.
展开算法也可以指定为基于索引的操作,允许就地执行计算。同样,这会产生与寄存器移位方法相同的结果。
Inputs: Ciphertext, (n+1) 64-bit values {C[0], C[1], ..., C[n]}, and Key, K (the KEK). Outputs: Plaintext, n 64-bit values {P[0], P[1], ..., P[n]}.
输入:密文,(n+1)64位值{C[0],C[1],…,C[n]},以及密钥K(KEK)。输出:明文,n个64位值{P[0],P[1],…,P[n]}。
1) Initialize variables.
1) 初始化变量。
Set A = C[0] For i = 1 to n R[i] = C[i]
将i=1的A=C[0]设置为nr[i]=C[i]
2) Calculate intermediate values.
2) 计算中间值。
For j = 5 to 0
For i = n to 1
B = Camellia-1(K, (A ^ t) | R[i]) where t = n*j+i
A = MSB(64, B)
R[i] = LSB(64, B)
For j = 5 to 0
For i = n to 1
B = Camellia-1(K, (A ^ t) | R[i]) where t = n*j+i
A = MSB(64, B)
R[i] = LSB(64, B)
3) Output results.
3) 输出结果。
If A is an appropriate initial value (see Section 3.4), Then For i = 1 to n P[i] = R[i] Else Return an error
如果A是适当的初始值(见第3.4节),则对于i=1到n P[i]=R[i],否则返回一个错误
The initial value (IV) refers to the value assigned to A[0] in the first step of the wrapping process. This value is used to obtain an integrity check on the key data. In the final step of the unwrapping process, the recovered value of A[0] is compared to the expected value of A[0]. If there is a match, the key is accepted as valid, and the unwrapping algorithm returns it. If there is not a match, then the key is rejected, and the unwrapping algorithm returns an error.
初始值(IV)是指在包装过程的第一步中分配给[0]的值。此值用于获取密钥数据的完整性检查。在展开过程的最后一步中,将[0]的恢复值与[0]的预期值进行比较。如果存在匹配项,则密钥被视为有效密钥,展开算法将返回该密钥。如果不存在匹配项,则拒绝密钥,并且展开算法返回错误。
The exact properties achieved by this integrity check depend on the definition of the initial value. Different applications may call for somewhat different properties; for example, whether there is need to determine the integrity of key data throughout its lifecycle or just when it is unwrapped. This specification defines a default initial value that supports integrity of the key data during the period it is wrapped (in Section 3.4.1). Provision is also made to support alternative initial values (in Section 3.4.2).
此完整性检查实现的确切属性取决于初始值的定义。不同的应用可能需要一些不同的属性;例如,是否需要确定关键数据在其整个生命周期中的完整性,还是仅在其展开时确定其完整性。本规范定义了一个默认初始值,该值支持密钥数据在包装期间的完整性(见第3.4.1节)。还提供了支持备选初始值的规定(见第3.4.2节)。
The default initial value (IV) is defined to be the hexadecimal constant:
默认初始值(IV)定义为十六进制常数:
A[0] = IV = A6A6A6A6A6A6A6A6
A[0]=IV=A6
The use of a constant as the IV supports a strong integrity check on the key data during the period that it is wrapped. If unwrapping produces A[0] = A6A6A6A6A6A6A6A6, then the chance that the key data is corrupt is 2^-64. If unwrapping produces A[0] any other value, then the unwrap must return an error and not return any key data.
将常量用作IV支持在关键数据包装期间对其进行强完整性检查。如果展开生成[0]=A6,则密钥数据损坏的可能性为2^-64。如果展开生成[0]或任何其他值,则展开必须返回错误,而不返回任何关键数据。
When the key wrap is used as part of a larger key management protocol or system, the desired scope for data integrity may be more than just the key data or the desired duration for more than just the period that it is wrapped. Also, if the key data is not just a Camellia
当密钥包装被用作更大密钥管理协议或系统的一部分时,所需的数据完整性范围可能不仅仅是密钥数据或所需的持续时间,而不仅仅是其包装的期间。而且,如果关键数据不仅仅是一株茶花
key, it may not always be a multiple of 64 bits. Alternative definitions of the initial value can be used to address such problems. According to [RFC3394], NIST will define alternative initial values in future key management publications as needed. In order to accommodate a set of alternatives that may evolve over time, key wrap implementations that are not application-specific will require some flexibility in the way that the initial value is set and tested.
键,它可能并不总是64位的倍数。初始值的替代定义可用于解决此类问题。根据[RFC3394],NIST将根据需要在未来的关键管理出版物中定义替代初始值。为了适应一组可能随时间发展的备选方案,非特定于应用程序的密钥封装实现需要在初始值的设置和测试方式上具有一定的灵活性。
An S/MIME client SHOULD announce the set of cryptographic functions it supports by using the S/MIME capabilities attribute. This attribute provides a partial list of OIDs of cryptographic functions and MUST be signed by the client. The functions' OIDs SHOULD be logically separated in functional categories and MUST be ordered with respect to their preference.
S/MIME客户端应通过使用S/MIME capabilities属性来宣布其支持的加密函数集。此属性提供加密函数OID的部分列表,必须由客户端签名。函数的OID应按功能类别进行逻辑分隔,并且必须根据其偏好进行排序。
RFC 2633 [RFC2633], Section 2.5.2 defines the SMIMECapabilities signed attribute (defined as a SEQUENCE of SMIMECapability SEQUENCEs) to be used to specify a partial list of algorithms that the software announcing the SMIMECapabilities can support.
RFC 2633[RFC2633],第2.5.2节定义了SMIMECapability签名属性(定义为SMIMECapability序列),用于指定宣布SMIMECapability的软件可以支持的算法的部分列表。
If an S/MIME client is required to support symmetric encryption with Camellia, the capabilities attribute MUST contain the Camellia OID specified above in the category of symmetric algorithms. The parameter associated with this OID MUST be CamelliaSMimeCapability.
如果S/MIME客户端需要支持Camellia的对称加密,则“能力”属性必须包含上述对称算法类别中指定的Camellia OID。与此OID关联的参数必须是CamelliaSMimeCapability。
CamelliaSMimeCapabilty ::= NULL
CamelliaSMimeCapabilty ::= NULL
The SMIMECapability SEQUENCE representing Camellia MUST be DER-encoded as the following hexadecimal strings:
代表Camellia的SMIMECapability序列必须按以下十六进制字符串进行DER编码:
Key Size Capability 128 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 01 02 05 00 196 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 01 03 05 00 256 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 01 04 05 00
关键尺寸能力128 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 02 05 00 196 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 01 03 05 00 256 30 0f 06 0b 2a 83 08 8c 9a 4b 3d 01 01 01 04 05 00
When a sending agent creates an encrypted message, it has to decide which type of encryption algorithm to use. In general the decision process involves information obtained from the capabilities lists included in messages received from the recipient, as well as other information such as private agreements, user preferences, legal restrictions, and so on. If users require Camellia for symmetric encryption, it MUST be supported by the S/MIME clients on both the sending and receiving side, and it MUST be set in the user preferences.
当发送代理创建加密消息时,它必须决定使用哪种类型的加密算法。一般来说,决策过程涉及从收件人收到的消息中包含的功能列表中获得的信息,以及其他信息,如私人协议、用户偏好、法律限制等。如果用户需要Camellia进行对称加密,则发送端和接收端的S/MIME客户端都必须支持该加密,并且必须在用户首选项中进行设置。
This document specifies the use of Camellia for encrypting the content of a CMS message and for encrypting the symmetric key used to encrypt the content of a CMS message, and the other mechanisms are the same as the existing ones. Therefore, the security considerations described in the CMS specifications [CMS][CMSALG] and the AES key wrap algorithm [RFC3394] can be applied to this document. No security problem has been found on Camellia [CRYPTREC][NESSIE].
本文件规定使用Camellia加密CMS消息内容,并加密用于加密CMS消息内容的对称密钥,其他机制与现有机制相同。因此,CMS规范[CMS][CMSALG]和AES密钥封装算法[RFC3394]中描述的安全注意事项可应用于本文件。在Camellia[CRYPTREC][NESSIE]上未发现任何安全问题。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights.
IETF已收到关于本文件所含部分或全部规范的知识产权声明。有关更多信息,请查阅在线权利主张列表。
[CamelliaSpec] Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai,
S., Nakajima, J., and Tokita, T., "Specification of
Camellia - a 128-bit Block Cipher".
http://info.isl.ntt.co.jp/camellia/
[CamelliaSpec] Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai,
S., Nakajima, J., and Tokita, T., "Specification of
Camellia - a 128-bit Block Cipher".
http://info.isl.ntt.co.jp/camellia/
[CMS] Housley, R., "Cryptographic Message Syntax", RFC 3369, August 2002.
[CMS]Housley,R.,“加密消息语法”,RFC 3369,2002年8月。
[CMSALG] Housley, R., "Cryptographic Message Syntax (CMS) Algorithms", RFC 3370, August 2002.
[CMSALG]Housley,R.,“加密消息语法(CMS)算法”,RFC3370,2002年8月。
[RFC2633] Ramsdell, B., Editor, "S/MIME Version 3 Message Specification", RFC 2633, June 1999.
[RFC2633]Ramsdell,B.,编辑,“S/MIME版本3消息规范”,RFC 2633,1999年6月。
[RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS)", RFC 3565, July 2003.
[RFC3565]Schaad,J.,“在加密消息语法(CMS)中使用高级加密标准(AES)加密算法”,RFC 3565,2003年7月。
[RFC3394] Schaad, J. and R. Housley, "Advanced Encryption Standard (AES) Key Wrap Algorithm", RFC 3394, September 2002.
[RFC3394]Schaad,J.和R.Housley,“高级加密标准(AES)密钥包裹算法”,RFC 3394,2002年9月。
[DES] National Institute of Standards and Technology. FIPS Pub 46: Data Encryption Standard. 15 January 1977.
[DES]国家标准与技术研究所。FIPS Pub 46:数据加密标准。1977年1月15日。
[CamelliaTech] Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., and Tokita, T., "Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis -", In Selected Areas in Cryptography, 7th Annual International Workshop, SAC 2000, August 2000, Proceedings, Lecture Notes in Computer Science 2012, pp.39-56, Springer-Verlag, 2001.
[CamelliaTech]青木,K.,一川,T.,神田,M.,松井,M.,森爱,S.,中岛,J.,和Tokita,T.,“茶花:一种适用于多平台的128位分组密码-设计和分析-”,在密码学的选定领域,第七届年度国际研讨会,SAC 2000,2000年8月,会议记录,2012年计算机科学讲稿,第39-56页,斯普林格·维拉格,2001年。
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
CRYPTREC.
http://www.ipa.go.jp/security/enc/CRYPTREC/index-
e.html
[CRYPTREC] Information-technology Promotion Agency (IPA), Japan,
CRYPTREC.
http://www.ipa.go.jp/security/enc/CRYPTREC/index-
e.html
[NESSIE] New European Schemes for Signatures, Integrity and Encryption (NESSIE) project. http://www.cryptonessie.org
[NESSIE]新的欧洲签名、完整性和加密方案(NESSIE)项目。http://www.cryptonessie.org
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
Appendix A ASN.1 Module
附录A ASN.1模块
CamelliaEncryptionAlgorithmInCMS
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs9(9) smime(16) modules(0) id-mod-cms-camellia(23) }
CamelliaEncryptionAlgorithmInCMS
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs9(9) smime(16) modules(0) id-mod-cms-camellia(23) }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- Camellia using CBC-chaining mode for key sizes of 128, 192, 256
--Camellia使用CBC链接模式,密钥大小为128、192、256
id-camellia128-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia128-cbc(2) }
id-camellia128-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia128-cbc(2) }
id-camellia192-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia192-cbc(3) }
id-camellia192-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia192-cbc(3) }
id-camellia256-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia256-cbc(4) }
id-camellia256-cbc OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) symmetric-encryption-algorithm(1)
camellia256-cbc(4) }
-- Camellia-IV is the parameter for all the above object identifiers.
--Camellia IV是上述所有对象标识符的参数。
Camellia-IV ::= OCTET STRING (SIZE(16))
Camellia-IV ::= OCTET STRING (SIZE(16))
-- Camellia S/MIME Capabilty parameter for all the above object
-- identifiers.
-- Camellia S/MIME Capabilty parameter for all the above object
-- identifiers.
CamelliaSMimeCapability ::= NULL
CamelliaSMimeCapability ::= NULL
-- Camellia Key Wrap Algorithm identifiers - Parameter is absent.
--Camellia密钥包裹算法标识符-缺少参数。
id-camellia128-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) }
id-camellia128-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia128-wrap(2) }
id-camellia192-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) }
id-camellia192-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia192-wrap(3) }
id-camellia256-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) }
id-camellia256-wrap OBJECT IDENTIFIER ::=
{ iso(1) member-body(2) 392 200011 61 security(1)
algorithm(1) key-wrap-algorithm(3)
camellia256-wrap(4) }
END
终止
Authors' Addresses
作者地址
Shiho Moriai Sony Computer Entertainment Inc. Phone: +81-3-6438-7523 Fax: +81-3-6438-8629 EMail: camellia@isl.ntt.co.jp (Camellia team) shiho@rd.scei.sony.co.jp (Shiho Moriai)
Shiho Morai Sony Computer Entertainment Inc.电话:+81-3-6438-7523传真:+81-3-6438-8629电子邮件:camellia@isl.ntt.co.jp(茶花队)shiho@rd.scei.sony.co.jp(森井世和)
Akihiro Kato NTT Software Corporation Phone: +81-45-212-7934 Fax: +81-45-212-9800 EMail: akato@po.ntts.co.jp
Akihiro Kato NTT软件公司电话:+81-45-212-7934传真:+81-45-212-9800电子邮件:akato@po.ntts.co.jp
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。