Internet Engineering Task Force (IETF)                         J. Schaad
Request for Comments: 6210                       Soaring Hawk Consulting
Category: Experimental                                        April 2011
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                         J. Schaad
Request for Comments: 6210                       Soaring Hawk Consulting
Category: Experimental                                        April 2011
ISSN: 2070-1721
        

Experiment: Hash Functions with Parameters in the Cryptographic Message Syntax (CMS) and S/MIME

实验:具有加密消息语法(CMS)和S/MIME中参数的哈希函数

Abstract

摘要

New hash algorithms are being developed that may include parameters. Cryptographic Message Syntax (CMS) has not currently defined any hash algorithms with parameters, but anecdotal evidence suggests that defining one could cause major problems. This document defines just such an algorithm and describes how to use it so that experiments can be run to find out how bad including hash parameters will be.

正在开发新的散列算法,其中可能包括参数。加密消息语法(CMS)目前还没有定义任何带有参数的哈希算法,但轶事证据表明,定义一个哈希算法可能会导致重大问题。本文档定义了这样一个算法,并描述了如何使用它,以便可以运行实验来发现包含散列参数会有多糟糕。

Status of This Memo

关于下段备忘

This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation.

本文件不是互联网标准跟踪规范;它是为检查、实验实施和评估而发布的。

This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741.

本文档为互联网社区定义了一个实验协议。本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。并非IESG批准的所有文件都适用于任何级别的互联网标准;见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6210.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc6210.

Copyright Notice

版权公告

Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2011 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Notation . . . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  XOR-MD5 Digest Algorithm . . . . . . . . . . . . . . . . . . .  5
   3.  ASN.1 Encoding . . . . . . . . . . . . . . . . . . . . . . . .  6
   4.  CMS ASN.1 Handling . . . . . . . . . . . . . . . . . . . . . .  6
   5.  MIME Handling  . . . . . . . . . . . . . . . . . . . . . . . .  6
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     8.1.  Normative References . . . . . . . . . . . . . . . . . . .  7
     8.2.  Informative References . . . . . . . . . . . . . . . . . .  8
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . .  9
     A.1.  Encapsulated Signed Data Example . . . . . . . . . . . . .  9
     A.2.  Multipart Signed Message . . . . . . . . . . . . . . . . . 10
     A.3.  Authenticated Data Example . . . . . . . . . . . . . . . . 12
   Appendix B.  2008 ASN.1 Module . . . . . . . . . . . . . . . . . . 13
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Notation . . . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  XOR-MD5 Digest Algorithm . . . . . . . . . . . . . . . . . . .  5
   3.  ASN.1 Encoding . . . . . . . . . . . . . . . . . . . . . . . .  6
   4.  CMS ASN.1 Handling . . . . . . . . . . . . . . . . . . . . . .  6
   5.  MIME Handling  . . . . . . . . . . . . . . . . . . . . . . . .  6
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  7
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
     8.1.  Normative References . . . . . . . . . . . . . . . . . . .  7
     8.2.  Informative References . . . . . . . . . . . . . . . . . .  8
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . .  9
     A.1.  Encapsulated Signed Data Example . . . . . . . . . . . . .  9
     A.2.  Multipart Signed Message . . . . . . . . . . . . . . . . . 10
     A.3.  Authenticated Data Example . . . . . . . . . . . . . . . . 12
   Appendix B.  2008 ASN.1 Module . . . . . . . . . . . . . . . . . . 13
        
1. Introduction
1. 介绍

At the present time, all hash algorithms that are used in Cryptographic Message Syntax (CMS) implementations are defined as having no parameters. Anecdotal evidence suggests that if a hash algorithm is defined that does require the presence of parameters, there may be extensive problems. This document presents the details needed to run an experiment so that the community can find out just how bad the situation really is and, if needed, either make drastic changes in implementations or make sure that any hash algorithms chosen do not have parameters.

目前,加密消息语法(CMS)实现中使用的所有哈希算法都被定义为没有参数。传闻证据表明,如果定义的哈希算法确实需要存在参数,则可能存在广泛的问题。本文档介绍了运行实验所需的详细信息,以便社区能够了解情况到底有多糟,如果需要,可以在实现中进行重大更改,或者确保选择的任何哈希算法都没有参数。

In CMS data structures, hash algorithms currently exist in the following locations:

在CMS数据结构中,哈希算法目前存在于以下位置:

o SignerInfo.digestAlgorithm - holds the digest algorithm used to compute the hash value over the content.

o SignerInfo.digestAlgorithm—保存用于计算内容哈希值的摘要算法。

o DigestedData.digestAlgorithm - holds the digest algorithm used to compute the hash value over the content.

o DigestedData.digestAlgorithm—保存用于计算内容哈希值的摘要算法。

o AuthenticatedData.digestAlgorithm - holds the digest algorithm used to compute the hash value over the content.

o AuthenticatedData.digestAlgorithm—保存用于计算内容哈希值的摘要算法。

o SignedData.digestAlgorithms - an optional location to hold the set of digest algorithms used in computing the hash value over the content.

o SignedData.digestAlgorithms—一个可选位置,用于保存用于计算内容哈希值的摘要算法集。

o multipart/signed micalg - holds a textual indicator of the hash algorithm for multipart signed MIME messages.

o multipart/signed micalg—保存多部分签名MIME消息的哈希算法的文本指示符。

The first three locations hold the identification of a single hash, and would hold the parameters for that hash. It's mandatory to fill these fields.

前三个位置保存单个散列的标识,并保存该散列的参数。必须填写这些字段。

The ASN.1 structures defined for the DigestedData and AuthenticatedData types place the digest algorithm field before the encapsulated data field. This means that the hash algorithm (including the parameters) is fully defined, and therfore can be instantiated, before the hash function would start hashing the encapsulated data.

为DigestedData和AuthenticatedData类型定义的ASN.1结构将摘要算法字段放在封装的数据字段之前。这意味着哈希算法(包括参数)已完全定义,因此可以在哈希函数开始对封装的数据进行哈希运算之前进行实例化。

In the ASN.1 defined for the SignedData type, the value of SignerInfo.digestAlgorithm is not seen until the content has been processed. This is the reason for the existence of the SignedData.digestAlgorithms field, so that the set of all digest algorithms used can be seen prior to the content being processed. It is not currently mandatory to fill in this field, and the signature

在为SignedData类型定义的ASN.1中,只有在处理完内容后才能看到SignerInfo.digestAlgorithm的值。这就是SignedData.digestAlgorithms字段存在的原因,以便在处理内容之前可以看到所使用的所有摘要算法集。目前不强制填写此字段和签名

validation process is supposed to succeed even if this field is absent. (RFC 5652 says signature validation MAY fail if the digest algorithm is absent.)

即使没有该字段,验证过程也应该成功。(RFC5652说,如果没有摘要算法,签名验证可能会失败。)

For the case of detached content, the ASN.1 structures need to be processed before processing the detached content in order to obtain the parameters of the hash function. The MIME multipart/signature content type attempts to avoid this problem by defining a micalg field that contains the set of hash algorithms (with parameters) so that the hash functions can be set up prior to processing the content.

对于分离内容的情况,需要在处理分离内容之前处理ASN.1结构,以便获得哈希函数的参数。MIME multipart/signature内容类型试图通过定义包含哈希算法集(带参数)的micalg字段来避免此问题,以便可以在处理内容之前设置哈希函数。

When processing multipart/signed messages, two paths exists:

处理多部分/签名消息时,存在两条路径:

1. Process the message content before the ASN.1. The steps involved are:

1. 在ASN.1之前处理消息内容。所涉及的步骤包括:

* Get a set of hash functions by looking at the micalg parameter and potentially add a set of generic algorithms.

* 通过查看micalg参数获得一组哈希函数,并可能添加一组通用算法。

* Create a hasher for each of those algorithms.

* 为每种算法创建一个哈希器。

* Hash the message content (the first part of the multipart).

* 散列消息内容(多部分的第一部分)。

* Process the ASN.1 and have a potential failure point if a hash algorithm is required but was not computed.

* 处理ASN.1,如果需要哈希算法但未计算,则可能出现故障点。

2. Process the message content after the ASN.1. The steps involved are:

2. 在ASN.1之后处理消息内容。所涉及的步骤包括:

* Save the message content for later processing.

* 保存邮件内容以供以后处理。

* Parse the ASN.1 and build a list of hash functions based on its content.

* 解析ASN.1并基于其内容构建哈希函数列表。

* Create a hasher for each of those algorithms.

* 为每种算法创建一个哈希器。

* Hash the saved message content.

* 散列保存的邮件内容。

* Perform the signature validation.

* 执行签名验证。

The first path allows for single-pass processing, but has the potential that a fallback path needs to be added in some cases. The second path does not need a fallback path, but does not allow for single-pass processing.

第一条路径允许单程处理,但在某些情况下可能需要添加回退路径。第二条路径不需要回退路径,但不允许单通道处理。

The fallback path above may also be needed for the encapsulated content case. Since it is optional to place hash algorithms in the SignedData.digestAlgorithms field, the content will be completely parsed before the set of hash algorithms used in the various SignerInfo structures are determined. It may be that an update to CMS is required to make population of the SignedData.digestAlgorithms field mandatory, in the event that a parameterized hash algorithm is adopted.

封装的内容案例也可能需要上面的回退路径。由于在SignedData.digestAlgorithms字段中放置哈希算法是可选的,因此在确定各种SignerInfo结构中使用的哈希算法集之前,内容将被完全解析。在采用参数化哈希算法的情况下,可能需要更新CMS以强制填充SignedData.digestAlgorithms字段。

In this document, a new hash function is created that is based on the XOR operator and on MD5. MD5 was deliberately used as the basis of this digest algorithm since it is known to be insecure, and I do not want to make any statements that the hash algorithm designed here is in any way secure. This hash function MUST NOT be released as shipping code, it is designed only for use in experimentation. An example of a parameterized hash algorithm that might be standardized is a scheme developed by Shai Halevi and Hugo Krawczyk [RANDOM-HASH].

在本文档中,基于XOR运算符和MD5创建了一个新的哈希函数。MD5被故意用作这个摘要算法的基础,因为它是不安全的,我不想声明这里设计的哈希算法在任何方面都是安全的。此哈希函数不能作为装运代码发布,它仅设计用于实验。Shai Halevi和Hugo Krawczyk[RANDOM-hash]开发的方案就是一个可能标准化的参数化哈希算法的示例。

1.1. Notation
1.1. 符号

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. XOR-MD5 Digest Algorithm
2. XOR-MD5摘要算法

The XOR-MD5 digest algorithm has been designed to use two existing operators, XOR and the MD5 hash algorithm [MD5]. The hash algorithm works as follows:

XOR-MD5摘要算法被设计为使用两个现有的操作符,XOR和MD5哈希算法[MD5]。哈希算法的工作原理如下:

1. A random XOR string consisting of exactly 64 bytes is created.

1. 创建了一个正好由64个字节组成的随机XOR字符串。

2. The input content is broken up into 64-byte blocks. The last block may be less that 64 bytes.

2. 输入内容被分成64字节的块。最后一个块可能小于64字节。

3. Each block is XOR-ed with the random string. The last block uses the same number of bits from the random string as it contains.

3. 每个块用随机字符串进行异或运算。最后一个块使用随机字符串中与其包含的位数相同的位数。

4. The resulting string is run through the MD5 hash function.

4. 结果字符串通过MD5哈希函数运行。

The length of the XOR string was designed to match the barrel size of the MD5 hash function.

XOR字符串的长度设计为匹配MD5哈希函数的桶大小。

3. ASN.1 Encoding
3. ASN.1编码

The following ASN.1 is used to define the algorithm:

以下ASN.1用于定义算法:

   mda-xor-md5-EXPERIMENT DIGEST-ALGORITHM ::= {
      IDENTIFIER id-alg-MD5-XOR-EXPERIMENT
      PARAMS TYPE MD5-XOR-EXPERIMENT ARE required
   }
        
   mda-xor-md5-EXPERIMENT DIGEST-ALGORITHM ::= {
      IDENTIFIER id-alg-MD5-XOR-EXPERIMENT
      PARAMS TYPE MD5-XOR-EXPERIMENT ARE required
   }
        
   id-alg-MD5-XOR-EXPERIMENT OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549)
      pkcs(1) pkcs-9(9) smime(16) id-alg(3) 13
   }
        
   id-alg-MD5-XOR-EXPERIMENT OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549)
      pkcs(1) pkcs-9(9) smime(16) id-alg(3) 13
   }
        
   MD5-XOR-EXPERIMENT ::= OCTET STRING (SIZE(64))
        
   MD5-XOR-EXPERIMENT ::= OCTET STRING (SIZE(64))
        

The octet string holds the value of the random XOR string.

八进制字符串保存随机XOR字符串的值。

4. CMS ASN.1 Handling
4. CMS ASN.1处理

The algorithm is added to the DigestAlgorithmSet in [CMS].

该算法被添加到[CMS]中的DigestAlgorithmSet中。

When this algorithm is used in a signed message, it is REQUIRED that the algorithm be placed in the SignedData.digestAlgorithms sequence. The algorithm MUST appear in the sequence at least once for each unique set of parameters. The algorithm SHOULD NOT appear multiple times with the same set of parameters.

在签名消息中使用此算法时,需要将该算法置于SignedData.digestAlgorithms序列中。对于每个唯一的参数集,算法必须在序列中至少出现一次。该算法不应使用同一组参数多次出现。

5. MIME Handling
5. MIME处理

This section defines the string that appears in the micalg parameter.

本节定义出现在micalg参数中的字符串。

The algorithm is identified by the string xor-md5. The parameters for the algorithm are the hex-encoded Distinguished Encoding Rules (DER) ASN.1 encoding. The parameters and the identifier string are separated by a colon. One of the issues that needs to be addressed is the fact that this will generate very long data values for parameters. These will be too long for many systems to deal with. The issue of how to deal with this has been addressed in [RFC2231] by creating a method to fragment values. An example content-type string that has been fragmented is:

该算法由字符串xor-md5标识。该算法的参数是十六进制编码的区分编码规则(DER)ASN.1编码。参数和标识符字符串用冒号分隔。需要解决的问题之一是,这将为参数生成很长的数据值。对于许多系统来说,这些时间太长,无法处理。[RFC2231]通过创建一个分割值的方法解决了如何处理这个问题。已分段的内容类型字符串示例如下:

   Content-Type: multipart/signed;
     protocol="application/pkcs7-signature";
     micalg*0="sha1, xor-md5:04400102030405060708090a0b0c0d0e0f0011";
     micalg*1="12131415161718191a1b1c1d1e1f102122232425262728292a2b";
     micalg*2="2c2d2e2f203132333435363738";
     micalg*3="393a3b3c3d3e3f30";  boundary=boundar42
        
   Content-Type: multipart/signed;
     protocol="application/pkcs7-signature";
     micalg*0="sha1, xor-md5:04400102030405060708090a0b0c0d0e0f0011";
     micalg*1="12131415161718191a1b1c1d1e1f102122232425262728292a2b";
     micalg*2="2c2d2e2f203132333435363738";
     micalg*3="393a3b3c3d3e3f30";  boundary=boundar42
        

Arguments could be made that the string should be base64 encoded rather than hex encoded. The advantage is that the resulting encoding is shorter. This could be significant if there are a substantial number of parameters and of a substantial size. Even with the above example, it was necessary to break the encoding across multiple lines. The downside would be the requirement that the micalg parameter always be quoted.

参数可以设置为字符串应该是base64编码的,而不是十六进制编码的。其优点是所产生的编码更短。如果有大量的参数和大量的数据,这可能是非常重要的。即使使用上面的示例,也有必要跨多行中断编码。缺点是要求始终引用micalg参数。

It may be reasonable to require that whitespace be inserted only on encoding boundaries, but it seems to be overly restrictive.

要求仅在编码边界上插入空格可能是合理的,但似乎过于严格。

6. IANA Considerations
6. IANA考虑

All identifiers are assigned out of the S/MIME OID arc.

所有标识符都在S/MIME OID弧外分配。

7. Security Considerations
7. 安全考虑

The algorithm XOR-MD5 is not designed for general-purpose use. The hash algorithm included here is designed for running this experiment and nothing more.

XOR-MD5算法不是为通用而设计的。这里包含的哈希算法是为运行这个实验而设计的,仅此而已。

This document makes no representation that XOR-MD5 is a secure digest algorithm. I believe that the algorithm is no more secure than MD5, and I consider MD5 to be a broken hash algorithm for many purposes.

本文档没有说明XOR-MD5是一种安全摘要算法。我相信该算法不比MD5更安全,并且我认为MD5是一个用于许多目的的破散列算法。

One known issue with the algorithm at present is the fact that the XOR pattern is always 64 bytes long, even if the data is shorter. This means that there is a section of the data than can be manipulated without changing the hash. In a real algorithm, this should either be truncated or forced to a known value.

目前,该算法的一个已知问题是,即使数据较短,XOR模式的长度始终为64字节。这意味着有一部分数据可以在不更改哈希的情况下进行操作。在实际算法中,该值应该被截断或强制为已知值。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[ASN.1-2008] ITU-T, "ITU-T Recommendations X.680, X.681, X.682, and X.683", 2008.

[ASN.1-2008]ITU-T,“ITU-T建议X.680、X.681、X.682和X.683”,2008年。

[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 5652, September 2009.

[CMS]Housley,R.,“加密消息语法(CMS)”,RFC 56522009年9月。

[MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[MD5]Rivest,R.,“MD5消息摘要算法”,RFC 13211992年4月。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations", RFC 2231, November 1997.

[RFC2231]Freed,N.和K.Moore,“MIME参数值和编码字扩展:字符集、语言和连续体”,RFC 22311997年11月。

[SMIME-MSG] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification", RFC 5751, January 2010.

[SMIME-MSG]Ramsdell,B.和S.Turner,“安全/多用途Internet邮件扩展(S/MIME)版本3.2消息规范”,RFC 57512010年1月。

8.2. Informative References
8.2. 资料性引用

[CMS-ASN] Hoffman, P. and J. Schaad, "New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME", RFC 5911, June 2010.

[CMS-ASN]Hoffman,P.和J.Schaad,“用于加密消息语法(CMS)和S/MIME的新ASN.1模块”,RFC 59112010年6月。

[RANDOM-HASH] Halevi, S. and H. Krawczyk, "Strengthening Digital Signatures via Random Hashing", January 2007, <http://webee.technion.ac.il/~hugo/rhash/rhash.pdf>.

[随机散列]Halevi,S.和H.Krawczyk,“通过随机散列增强数字签名”,2007年1月<http://webee.technion.ac.il/~hugo/rhash/rhash.pdf>。

[RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, June 2010.

[RFC5912]Hoffman,P.和J.Schaad,“使用X.509(PKIX)的公钥基础设施的新ASN.1模块”,RFC 5912,2010年6月。

[SMIME-EXAMPLES] Hoffman, P., "Examples of S/MIME Messages", RFC 4134, July 2005.

[SMIME-EXAMPLES]Hoffman,P.,“S/MIME消息的示例”,RFC 41342005年7月。

Appendix A. Examples
附录A.示例

Provided here are a set of simple S/MIME messages [SMIME-MSG] that are for testing. The content used is the same as that found in Section 2.1 of [SMIME-EXAMPLES]. The certificates and key pairs found in [SMIME-EXAMPLES] are also used here.

这里提供了一组用于测试的简单S/MIME消息[SMIME-MSG]。使用的内容与[SMIME-EXAMPLES]第2.1节中的内容相同。这里还使用了[SMIME-EXAMPLES]中的证书和密钥对。

The Perl script in Appendix A of [SMIME-EXAMPLES] can be used to extract the binary examples from this file. The MIME examples can be extracted with a standard text editor.

[SMIME-EXAMPLES]附录A中的Perl脚本可用于从该文件中提取二进制示例。可以使用标准文本编辑器提取MIME示例。

Note: The examples presented here have not been independently verified. I was unable to use the Microsoft APIs because of the new cryptographic hash algorithm. However, for the purposes of this experiment, I believe that the form of the messages, which can be verified visually as correct, is more important than the question of the message validating.

注:此处给出的示例未经独立验证。由于新的加密哈希算法,我无法使用Microsoft API。然而,为了这个实验的目的,我相信消息的形式比消息验证的问题更重要,因为它可以被直观地验证为正确的。

A.1. Encapsulated Signed Data Example
A.1. 封装签名数据示例

This section contains a detached signed data example. The content was hashed with the MD5-XOR algorithm defined in this document. The signature is performed using RSA with MD5. The signature is wrapped as an embedded signed mime message.

本节包含一个分离的有符号数据示例。内容使用本文档中定义的MD5-XOR算法进行散列。签名是使用RSA和MD5执行的。签名被包装为嵌入的签名mime消息。

 MIME-Version: 1.0
 To: BobRSA@example.com
 From: AliceDss@example.com
 Subject: MD5-XOR example message
 Message-Id: <34567809323489fd.esc@example.com>
 Date: Wed, 16 Dec 2010 23:13:00 -0500
 Content-Type: application/pkcs7-mime; smime-type=signed-data;
   name=smime.p7m;
   micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
   micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c";
   micalg*2="2d2e2f30313233435363738393a3b3c3d3e3f40"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename=smime.p7m
        
 MIME-Version: 1.0
 To: BobRSA@example.com
 From: AliceDss@example.com
 Subject: MD5-XOR example message
 Message-Id: <34567809323489fd.esc@example.com>
 Date: Wed, 16 Dec 2010 23:13:00 -0500
 Content-Type: application/pkcs7-mime; smime-type=signed-data;
   name=smime.p7m;
   micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
   micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c";
   micalg*2="2d2e2f30313233435363738393a3b3c3d3e3f40"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename=smime.p7m
        

MIIEqAYJKoZIhvcNAQcCoIIEmTCCBJUCAQExUTBPBgsqhkiG9w0BCRADDQRAAQIDBAUGBw gJCgsMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8 PT4/QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqCCAi swggInMIIBkKADAgECAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBBQUAMBIxEDAO BgNVBAMTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTAyWhcNMzkxMjMxMjM1OTU5WjARMQ8wDQ YDVQQDEwZCb2JSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKnhZ5g/OdVf8qCT QV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmRuBlpN235ZR572a kzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtdYMTgXB9T039T2GkB8QX4enDR voPGXzjPHCyqaqfrAgMBAAGjfzB9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB

MiieqayjkozihvcnaqccoqucaquCbGbGbGjCdQ4PebesewqvFfHcyGrob0Ehyahiimezynkqkywtl8WmTizBdU2NZg5OjCs8 PT4/qArbGkQhkig9W0BbWgGHgVgPcYBcYBcZb21HbSzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBzBGNVBAMTB0NHCMXSU0EWHCNOTKWOTE5全方位HcnmzkxMjmXmjm1otu5Wjarmq8Wdq YdvqdEwgz8Wdqyjkozihvcnaqaqaqdgy0AmigjaogbakNHz5g/OdVf8qCT QV6meYmFyDVdmpFb+X0B2HlwjCpVaui0DwfbxHrBxHrBxxHrBxM+3Wg7Cwg7CCmlPN235Zr572a KzjjKjKjKn/O7Uv7UvrggGnjGnjqyqyyWdqd8Hd8Hg8HdqHdGxBxBxBxBxBxB9HVOPGXZJPHCYQAQFAGMBAAGJFZB9MAWGALUDEWEB/wQCMAAwDgYDVR0PAQH/BAQDAGGMB

 8GA1UdIwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrz
 Eaop05Vahha0JDAdBgNVHREEFjAUgRJCb2JSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQ
 EFBQADgYEAe45mxfEQPxAgTIhxq3tAayEz+kqV3p0OW2uUIQXA8uF+Ks2ck4iH+4u3fn1B
 YeHk1m354gRVYUW8ZCdEwKG9WXnZHWQ8IdZFsF1oM5LqrPFX5YF9mOY1kaM53nf06Bw7Kd
 x/UQeX8zbwUArdm962XjgRK/tX6oltrcmI2I/PK9MxggHfMIIB2wIBATAmMBIxEDAOBgNV
 BAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwTwYLKoZIhvcNAQkQAw0EQAECAwQFBg
 cICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUmJygpKissLS4vMDEyMwQ1Njc4OTo7
 PD0+P0CggcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMD
 kxMjEwMjMyNTAwWjAfBgkqhkiG9w0BCQQxEgQQlmmuYRtXnoPqECtrSd3A+TBvBgkqhkiG
 9w0BCTQxYjBgME8GCyqGSIb3DQEJEAMNBEABAgMEBQYHCAkKCwwNDg8QERITBBUWFxgZGh
 scHR4fICEiIwQlJicoKSorLC0uLzAxMjMENTY3ODk6Ozw9Pj9AoQ0GCSqGSIb3DQEBBAUA
 MA0GCSqGSIb3DQEBBAUABIGAClMpfG4IL1yAdRxWdvYKbtuFz1XKnFqo9ui7V5PndjlDut
 yib02knY7UtGNhg6oVEkiZHxYh/iLuoLOHSFA1P4ZacTYrEKChF4K18dsqvlFip1vn8BG/
 ysFUDfbx5VcTG2Md0/NHV+qj5ihqM+Pye6Urp+5jbqVgpZOXSLfP+pI=
        
 8GA1UdIwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrz
 Eaop05Vahha0JDAdBgNVHREEFjAUgRJCb2JSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQ
 EFBQADgYEAe45mxfEQPxAgTIhxq3tAayEz+kqV3p0OW2uUIQXA8uF+Ks2ck4iH+4u3fn1B
 YeHk1m354gRVYUW8ZCdEwKG9WXnZHWQ8IdZFsF1oM5LqrPFX5YF9mOY1kaM53nf06Bw7Kd
 x/UQeX8zbwUArdm962XjgRK/tX6oltrcmI2I/PK9MxggHfMIIB2wIBATAmMBIxEDAOBgNV
 BAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwTwYLKoZIhvcNAQkQAw0EQAECAwQFBg
 cICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUmJygpKissLS4vMDEyMwQ1Njc4OTo7
 PD0+P0CggcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMD
 kxMjEwMjMyNTAwWjAfBgkqhkiG9w0BCQQxEgQQlmmuYRtXnoPqECtrSd3A+TBvBgkqhkiG
 9w0BCTQxYjBgME8GCyqGSIb3DQEJEAMNBEABAgMEBQYHCAkKCwwNDg8QERITBBUWFxgZGh
 scHR4fICEiIwQlJicoKSorLC0uLzAxMjMENTY3ODk6Ozw9Pj9AoQ0GCSqGSIb3DQEBBAUA
 MA0GCSqGSIb3DQEBBAUABIGAClMpfG4IL1yAdRxWdvYKbtuFz1XKnFqo9ui7V5PndjlDut
 yib02knY7UtGNhg6oVEkiZHxYh/iLuoLOHSFA1P4ZacTYrEKChF4K18dsqvlFip1vn8BG/
 ysFUDfbx5VcTG2Md0/NHV+qj5ihqM+Pye6Urp+5jbqVgpZOXSLfP+pI=
        
 |>sd.bin
 |MIIEqAYJKoZIhvcNAQcCoIIEmTCCBJUCAQExUTBPBgsqhkiG9w0BCRADDQRAAQIDBAUGBw
 |gJCgsMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8
 |PT4/QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqCCAi
 |swggInMIIBkKADAgECAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBBQUAMBIxEDAO
 |BgNVBAMTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTAyWhcNMzkxMjMxMjM1OTU5WjARMQ8wDQ
 |YDVQQDEwZCb2JSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKnhZ5g/OdVf8qCT
 |QV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmRuBlpN235ZR572a
 |kzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtdYMTgXB9T039T2GkB8QX4enDR
 |voPGXzjPHCyqaqfrAgMBAAGjfzB9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB
 |8GA1UdIwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrz
 |Eaop05Vahha0JDAdBgNVHREEFjAUgRJCb2JSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQ
 |EFBQADgYEAe45mxfEQPxAgTIhxq3tAayEz+kqV3p0OW2uUIQXA8uF+Ks2ck4iH+4u3fn1B
 |YeHk1m354gRVYUW8ZCdEwKG9WXnZHWQ8IdZFsF1oM5LqrPFX5YF9mOY1kaM53nf06Bw7Kd
 |x/UQeX8zbwUArdm962XjgRK/tX6oltrcmI2I/PK9MxggHfMIIB2wIBATAmMBIxEDAOBgNV
 |BAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwTwYLKoZIhvcNAQkQAw0EQAECAwQFBg
 |cICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUmJygpKissLS4vMDEyMwQ1Njc4OTo7
 |PD0+P0CggcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMD
 |kxMjEwMjMyNTAwWjAfBgkqhkiG9w0BCQQxEgQQlmmuYRtXnoPqECtrSd3A+TBvBgkqhkiG
 |9w0BCTQxYjBgME8GCyqGSIb3DQEJEAMNBEABAgMEBQYHCAkKCwwNDg8QERITBBUWFxgZGh
 |scHR4fICEiIwQlJicoKSorLC0uLzAxMjMENTY3ODk6Ozw9Pj9AoQ0GCSqGSIb3DQEBBAUA
 |MA0GCSqGSIb3DQEBBAUABIGAClMpfG4IL1yAdRxWdvYKbtuFz1XKnFqo9ui7V5PndjlDut
 |yib02knY7UtGNhg6oVEkiZHxYh/iLuoLOHSFA1P4ZacTYrEKChF4K18dsqvlFip1vn8BG/
 |ysFUDfbx5VcTG2Md0/NHV+qj5ihqM+Pye6Urp+5jbqVgpZOXSLfP+pI=
 |<sd.bin
        
 |>sd.bin
 |MIIEqAYJKoZIhvcNAQcCoIIEmTCCBJUCAQExUTBPBgsqhkiG9w0BCRADDQRAAQIDBAUGBw
 |gJCgsMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8
 |PT4/QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqCCAi
 |swggInMIIBkKADAgECAhBGNGvHgABWvBHTbi7NXXHQMA0GCSqGSIb3DQEBBQUAMBIxEDAO
 |BgNVBAMTB0NhcmxSU0EwHhcNOTkwOTE5MDEwOTAyWhcNMzkxMjMxMjM1OTU5WjARMQ8wDQ
 |YDVQQDEwZCb2JSU0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKnhZ5g/OdVf8qCT
 |QV6meYmFyDVdmpFb+x0B2hlwJhcPvaUi0DWFbXqYZhRBXM+3twg7CcmRuBlpN235ZR572a
 |kzJKN/O7uvRgGGNjQyywcDWVL8hYsxBLjMGAgUSOZPHPtdYMTgXB9T039T2GkB8QX4enDR
 |voPGXzjPHCyqaqfrAgMBAAGjfzB9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgUgMB
 |8GA1UdIwQYMBaAFOngkCeseCB6mtNM8kI3TiKunji7MB0GA1UdDgQWBBTo9Lhn2LOWpCrz
 |Eaop05Vahha0JDAdBgNVHREEFjAUgRJCb2JSU0FAZXhhbXBsZS5jb20wDQYJKoZIhvcNAQ
 |EFBQADgYEAe45mxfEQPxAgTIhxq3tAayEz+kqV3p0OW2uUIQXA8uF+Ks2ck4iH+4u3fn1B
 |YeHk1m354gRVYUW8ZCdEwKG9WXnZHWQ8IdZFsF1oM5LqrPFX5YF9mOY1kaM53nf06Bw7Kd
 |x/UQeX8zbwUArdm962XjgRK/tX6oltrcmI2I/PK9MxggHfMIIB2wIBATAmMBIxEDAOBgNV
 |BAMTB0NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwTwYLKoZIhvcNAQkQAw0EQAECAwQFBg
 |cICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUmJygpKissLS4vMDEyMwQ1Njc4OTo7
 |PD0+P0CggcowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMD
 |kxMjEwMjMyNTAwWjAfBgkqhkiG9w0BCQQxEgQQlmmuYRtXnoPqECtrSd3A+TBvBgkqhkiG
 |9w0BCTQxYjBgME8GCyqGSIb3DQEJEAMNBEABAgMEBQYHCAkKCwwNDg8QERITBBUWFxgZGh
 |scHR4fICEiIwQlJicoKSorLC0uLzAxMjMENTY3ODk6Ozw9Pj9AoQ0GCSqGSIb3DQEBBAUA
 |MA0GCSqGSIb3DQEBBAUABIGAClMpfG4IL1yAdRxWdvYKbtuFz1XKnFqo9ui7V5PndjlDut
 |yib02knY7UtGNhg6oVEkiZHxYh/iLuoLOHSFA1P4ZacTYrEKChF4K18dsqvlFip1vn8BG/
 |ysFUDfbx5VcTG2Md0/NHV+qj5ihqM+Pye6Urp+5jbqVgpZOXSLfP+pI=
 |<sd.bin
        
A.2. Multipart Signed Message
A.2. 多部分签名消息

This section contains a detached signed data example. The content was hashed with the MD5-XOR algorithm defined in this document. The signature is performed using RSA with MD5. The signature is wrapped as a detached signed mime message.

本节包含一个分离的有符号数据示例。内容使用本文档中定义的MD5-XOR算法进行散列。签名是使用RSA和MD5执行的。签名包装为分离的签名mime消息。

MIME-Version: 1.0
To: User2@example.com
From: BobRSA@example.com
Subject: MD5-XOR signing example
Message-Id: <091218002550300.249@example.com>
Date: Fri, 18 Dec 2010 00:25:21 -0300
Content-Type: multipart/signed;
  micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
  micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c2d2e";
  micalg*2="2f30313233435363738393a3b3c3d3e3f40";
    boundary="----=_NextBoundry____Fri,_18_Dec_2009_00:25:21";
    protocol="application/pkcs7-signature"
        
MIME-Version: 1.0
To: User2@example.com
From: BobRSA@example.com
Subject: MD5-XOR signing example
Message-Id: <091218002550300.249@example.com>
Date: Fri, 18 Dec 2010 00:25:21 -0300
Content-Type: multipart/signed;
  micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
  micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c2d2e";
  micalg*2="2f30313233435363738393a3b3c3d3e3f40";
    boundary="----=_NextBoundry____Fri,_18_Dec_2009_00:25:21";
    protocol="application/pkcs7-signature"
        

This is a multi-part message in MIME format.

这是MIME格式的多部分消息。

------=_NextBoundry____Fri,_18_Dec_2009_00:25:21
        
------=_NextBoundry____Fri,_18_Dec_2009_00:25:21
        
This is some sample content.
------=_NextBoundry____Fri,_18_Dec_2009_00:25:21
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
        
This is some sample content.
------=_NextBoundry____Fri,_18_Dec_2009_00:25:21
Content-Type: application/pkcs7-signature; name=smime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7s
        

MIIEiAYJKoZIhvcNAQcCoIIEeTCCBHUCAQExUTBPBgsqhkiG9w0BCRADDQRAAQIDBAUGBw gJCgsMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8 PT4/QDALBgkqhkiG9w0BBwGgggIrMIICJzCCAZCgAwIBAgIQRjRrx4AAVrwR024uzV1x0D ANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwdDYXJsUlNBMB4XDTk5MDkxOTAxMDkwMloX DTM5MTIzMTIzNTk1OVowETEPMA0GA1UEAxMGQm9iUlNBMIGfMA0GCSqGSIb3DQEBAQUAA4 GNADCBiQKBgQCp4WeYPznVX/Kgk0FepnmJhcg1XZqRW/sdAdoZcCYXD72lItA1hW16mGYU QVzPt7cIOwnJkbgZaTdt+WUee9mpMySjfzu7r0YBhjY0MssHA1lS/IWLMQS4zBgIFEjmTx z7XWDE4FwfU9N/U9hpAfEF+Hpw0b6Dxl84zxwsqmqn6wIDAQABo38wfTAMBgNVHRMBAf8E AjAAMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTp4JAnrHggeprTTPJCN04irp44uz AdBgNVHQ4EFgQU6PS4Z9izlqQq8xGqKdOVWoYWtCQwHQYDVR0RBBYwFIESQm9iUlNBQGV4 YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUAA4GBAHuOZsXxED8QIEyIcat7QGshM/pKld6dDl trlCEFwPLhfirNnJOIh/uLt359QWHh5NZt+eIEVWFFvGQnRMChvVl52R1kPCHWRbBdaDOS 6qzxV+WBfZjmNZGjOd539OgcOyncf1EHl/M28FAK3Zvetl44ESv7V+qJba3JiNiPzyvTMY IB3zCCAdsCAQEwJjASMRAwDgYDVQQDEwdDYXJsUlNBAhBGNGvHgABWvBHTbi7NXXHQME8G CyqGSIb3DQEJEAMNBEABAgMEBQYHCAkKCwwNDg8QERITBBUWFxgZGhscHR4fICEiIwQlJi coKSorLC0uLzAxMjMENTY3ODk6Ozw9Pj9AoIHKMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTEwMTIxMDIzMjUwMFowHwYJKoZIhvcNAQkEMRIEEJZprm EbV56D6hAra0ndwPkwbwYJKoZIhvcNAQk0MWIwYDBPBgsqhkiG9w0BCRADDQRAAQIDBAUG BwgJCgsMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Oj s8PT4/QKENBgkqhkiG9w0BAQQFADANBgkqhkiG9w0BAQQFAASBgEDMeyAkXMYqg/wW2B3P i8HWwGnZVA/4muJJ7+dEPacv3bRqE7n4dP0vXIYR7TJ1eRJk9uB/wry2fRPcnG3Y/Rn0Jy CqXsb+dXXfwOGK/rvLvJOloXUCy4+HxQk6eaYIBrjiVIUgZjpZXGJcZg2xq5yH1e4aw5Ov fQlfQXPiKp1l

根据GJCGSDQ4PEBESEW GJCGMDQ4PEBESEWVfHcyGrobHB0EhyahiimeJSynkkQkywtli8WMTIZBDU2NZG5OJS8 PT4/QDALBGKQHKIG9W0BBWgGgGirmiCzcCazcAwibagIQRJrX4AAVR024UzV10D和BGKQQQQD9W0BaqUdKwKwDxOxOxDxOxOxDxOxOxDxOxOxDxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxOxDTM5mtizmtizntk1ovowetpepma0GA1EAXMGqm9IULNbGMa0GCSqgSib3dQeba4GbGqp4WeyPznVx/Kgk0FepnmJhcg1XZqRW/SdadozcyXd72lita1Hw16Mgyu QvzpT7CiownJkbgZatTd7R0Wue9mMmySjFzZf7R0R0R0YY0MsHa1Ls/IwLmQwLmQdE4FwFwFfU9N/U9Hb9Hb9Hb9HbG9HbG9Hf8Hf8Hf8HbG8HbG8HbG8HbG8HbG8Ajaama4ga1 uddweb/WqeawafidafbgWbGbGbGbGbGbGbGb4JanRhggeprttpJcn04IRP44UZ ADbgNvHqEfGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGb7QbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbG6qzxV+WBfZjmNZGjOd539OgcOyncf1EHl/M28FAK3Zvetl44ESv7V+qJba3JiNiPzyvTMY IB3ZCADCADSCAWJJASMRAWDGYDVQDYDYXULNBAGNGVHGABWVBHTBI7NXHQME8G CYQGSIBQE3ZJEAMBAGMEBYHCACKCWWNDG8QEBBK8QEBUFXGZGHZCHR4FICEIWJJJASMRAWDGYK9OYGGCSQQQQZYBK9OYKKK9BBwewhayjkozihvcnaqkFmq8xdtewmqtIzmJuwmfowhyjkozihvcnaqkemeriejzprm EBV56D6hara0和WPKwwwyjkozihvcnaqk0BcRaddqraaqbag BwgGjcGcgsmqdQ4pebesewHcyHcyHyHiimeKyKyKyKyKyWt8WtzU2Nzg5Oj PT4/QkenbgKhKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKyKi8HWwGnZVA/4MUJJJ7+dEPacv3bRqE7n4dP0vXIYR7TJ1eRJk9uB/wry2fRPcnG3Y/Rn0Jy CqXsb+dXXfwOGK/rvLvJOloXUCy4+HXQK6EAYIBRJIVIUGZJPZXGJCZ2XQ5YH1E4AW5OV fQlfQXPiKp1l

------=_NextBoundry____Fri,_18_Dec_2009_00:25:21--
        
------=_NextBoundry____Fri,_18_Dec_2009_00:25:21--
        
A.3. Authenticated Data Example
A.3. 验证数据示例

This section contains an authenticated data example. The content was hashed with the MD5-XOR algorithm defined in this document. The authentication was done with the HMAC-SHA1 algorithm. The key is transported using RSA encryption to BobRSASignByCarl certificate.

本节包含一个经过身份验证的数据示例。内容使用本文档中定义的MD5-XOR算法进行散列。身份验证使用HMAC-SHA1算法完成。使用RSA加密将密钥传输到BobRSASignByCarl证书。

MIME-Version: 1.0
To: BobRSA@example.com
From: AliceDss@example.com
Subject: MD5-XOR example message
Message-Id: <34567809323489fd.esc@example.com>
Date: Wed, 16 Dec 2010 23:13:00 -0500
Content-Type: application/pkcs7-mime; smime-type=authenticated-data;
  name=smime.p7m;
  micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
  micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c2d2e";
  micalg*2="2f30313233435363738393a3b3c3d3e3f40"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
        
MIME-Version: 1.0
To: BobRSA@example.com
From: AliceDss@example.com
Subject: MD5-XOR example message
Message-Id: <34567809323489fd.esc@example.com>
Date: Wed, 16 Dec 2010 23:13:00 -0500
Content-Type: application/pkcs7-mime; smime-type=authenticated-data;
  name=smime.p7m;
  micalg*0="xor-md5: 0440010203405060708090a0b0c0d0e0f10";
  micalg*1="111213415161718191a1b1c1d1e1f20212223425262728292a2b2c2d2e";
  micalg*2="2f30313233435363738393a3b3c3d3e3f40"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=smime.p7m
        

MIICRQYLKoZIhvcNAQkQAQKgggI0MIICMAIBADGBwDCBvQIBADAmMBIxEDAOBgNVBAMMB0 NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwDQYJKoZIhvcNAQEBBQAEgYCH70EpEikY7deb 859YJRAWfFondQv1D4NFltw6C1ceheWnlAU0C2WEXr3LUBXZp1/PSte29FnJxu5bXCTn1g elMm6zNlZNWNd0KadVBcaxi1n8L52tVM5sWFGJPO5cStOyAka2ucuZM6iAnCSkn1Ju7fgU 5j2g3bZ/IM8nHTcygjAKBggrBgEFBQgBAqFPBgsqhkiG9w0BCRADDQRAAQIDBAUGBwgJCg sMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8PT4/ QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqKBxzAYBg kqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTAyMzI1MDBa MB8GCSqGSIb3DQEJBDESBBCWaa5hG1eeg+oQK2tJ3cD5MGwGCSqGSIb3DQEJNDFfMF0wTw YLKoZIhvcNAQkQAw0EQAECAwQFBgcICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUm JygpKissLS4vMDEyMwQ1Njc4OTo7PD0+P0CiCgYIKwYBBQUIAQIEFLjUxQ9PJFzFnWraxb EIbVbg2xql

Miicrqylkozihvcnaqqqqkgggi0miicmabadgwdcbvqbaddammbixedaobgnvbamb0 nhcmxsu0eceey0a8 eaafa8 ednulscdqyjkozihvcnaqqqaqaqgggggggg7eqaqaqaqggggggg7eqaqaqaqaqaqggggggggggg7eqaqaqaqaqaqaqaqaqggggggggggggg7eqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqaqgggg5j2g3bZ/IM8NHTCYGJAKBGGRBGEFBQBGGBQPGSQHKIG9W0BcRaddQraQidBaugBwGJCG SMDQ4PebeSewQvHcyGrob0EhyahiimeJsynkCqKyWtli8WmTizBdU2NZG5OjS8PT4/QDARBGQHKIG9W0BgGvGhPcYBcBcZB21HnBcBc2HnBc2HbSzBc250ZbW50BcQbW0BcKbW0BfXxZbJbGbJbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbGbMB8GCSqGSIb3DQEJBDESBBCWaa5hG1eeg+OQK2TJ3CD5MGWGCSQGSIB3DQEJDFFMF0WTW YLKOZIHVCNAQKQAW0EQAECAWQFBGCQOLDA0ODXAREHMEFRYXGBKAGXWDHHHH8GISIJBCUM JYGPKISS4VMDEYMWQ1NJC4PD0+P0CICGYKZFWYBQUAIAQIEFLJUQ9PJFFFFJFFFFFFNWRAXB EIBVG2XQL

|>ad.bin
|MIICRQYLKoZIhvcNAQkQAQKgggI0MIICMAIBADGBwDCBvQIBADAmMBIxEDAOBgNVBAMMB0
|NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwDQYJKoZIhvcNAQEBBQAEgYCH70EpEikY7deb
|859YJRAWfFondQv1D4NFltw6C1ceheWnlAU0C2WEXr3LUBXZp1/PSte29FnJxu5bXCTn1g
|elMm6zNlZNWNd0KadVBcaxi1n8L52tVM5sWFGJPO5cStOyAka2ucuZM6iAnCSkn1Ju7fgU
|5j2g3bZ/IM8nHTcygjAKBggrBgEFBQgBAqFPBgsqhkiG9w0BCRADDQRAAQIDBAUGBwgJCg
|sMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8PT4/
|QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqKBxzAYBg
|kqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTAyMzI1MDBa
|MB8GCSqGSIb3DQEJBDESBBCWaa5hG1eeg+oQK2tJ3cD5MGwGCSqGSIb3DQEJNDFfMF0wTw
|YLKoZIhvcNAQkQAw0EQAECAwQFBgcICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUm
|JygpKissLS4vMDEyMwQ1Njc4OTo7PD0+P0CiCgYIKwYBBQUIAQIEFLjUxQ9PJFzFnWraxb
|EIbVbg2xql
|<ad.bin
        
|>ad.bin
|MIICRQYLKoZIhvcNAQkQAQKgggI0MIICMAIBADGBwDCBvQIBADAmMBIxEDAOBgNVBAMMB0
|NhcmxSU0ECEEY0a8eAAFa8EdNuLs1dcdAwDQYJKoZIhvcNAQEBBQAEgYCH70EpEikY7deb
|859YJRAWfFondQv1D4NFltw6C1ceheWnlAU0C2WEXr3LUBXZp1/PSte29FnJxu5bXCTn1g
|elMm6zNlZNWNd0KadVBcaxi1n8L52tVM5sWFGJPO5cStOyAka2ucuZM6iAnCSkn1Ju7fgU
|5j2g3bZ/IM8nHTcygjAKBggrBgEFBQgBAqFPBgsqhkiG9w0BCRADDQRAAQIDBAUGBwgJCg
|sMDQ4PEBESEwQVFhcYGRobHB0eHyAhIiMEJSYnKCkqKywtLi8wMTIzBDU2Nzg5Ojs8PT4/
|QDArBgkqhkiG9w0BBwGgHgQcVGhpcyBpcyBzb21lIHNhbXBsZSBjb250ZW50LqKBxzAYBg
|kqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wOTEyMTAyMzI1MDBa
|MB8GCSqGSIb3DQEJBDESBBCWaa5hG1eeg+oQK2tJ3cD5MGwGCSqGSIb3DQEJNDFfMF0wTw
|YLKoZIhvcNAQkQAw0EQAECAwQFBgcICQoLDA0ODxAREhMEFRYXGBkaGxwdHh8gISIjBCUm
|JygpKissLS4vMDEyMwQ1Njc4OTo7PD0+P0CiCgYIKwYBBQUIAQIEFLjUxQ9PJFzFnWraxb
|EIbVbg2xql
|<ad.bin
        
Appendix B. 2008 ASN.1 Module
附录B.2008 ASN.1模块

The ASN.1 module defined uses the 2008 ASN.1 definitions found in [ASN.1-2008]. This module contains the ASN.1 module that contains the required definitions for the types and values defined in this document. The module uses the class defined in [CMS-ASN] and [RFC5912].

定义的ASN.1模块使用[ASN.1-2008]中的2008 ASN.1定义。此模块包含ASN.1模块,该模块包含本文档中定义的类型和值所需的定义。模块使用[CMS-ASN]和[RFC5912]中定义的类。

  MD5-HASH-EXPERIMENT
    { iso(1) member-body(2) us(840) rsadsi(113549)
      pkcs(1) pkcs-9(9) smime(16) modules(0)
      id-mod-MD5-XOR-EXPERIMENT(999) }
  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN
   IMPORTS
        
  MD5-HASH-EXPERIMENT
    { iso(1) member-body(2) us(840) rsadsi(113549)
      pkcs(1) pkcs-9(9) smime(16) modules(0)
      id-mod-MD5-XOR-EXPERIMENT(999) }
  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN
   IMPORTS
        

-- Cryptographic Message Syntax (CMS) [CMS]

--加密消息语法(CMS)[CMS]

     DigestAlgorithmIdentifier, MessageAuthenticationCodeAlgorithm,
     SignatureAlgorithmIdentifier, DIGEST-ALGORITHM
     FROM  CryptographicMessageSyntax-2009
       { iso(1) member-body(2) us(840) rsadsi(113549)
         pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
        
     DigestAlgorithmIdentifier, MessageAuthenticationCodeAlgorithm,
     SignatureAlgorithmIdentifier, DIGEST-ALGORITHM
     FROM  CryptographicMessageSyntax-2009
       { iso(1) member-body(2) us(840) rsadsi(113549)
         pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }
        

-- Common PKIX structures [RFC5912]

--通用PKIX结构[RFC5912]

     ATTRIBUTE
     FROM PKIX-CommonTypes-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkixCommon-02(57)};
        
     ATTRIBUTE
     FROM PKIX-CommonTypes-2009
       { iso(1) identified-organization(3) dod(6) internet(1)
         security(5) mechanisms(5) pkix(7) id-mod(0)
         id-mod-pkixCommon-02(57)};
        
     mda-xor-md5-EXPERIMENT DIGEST-ALGORITHM ::= {
        IDENTIFIER id-alg-MD5-XOR-EXPERIMENT
        PARAMS TYPE MD5-XOR-EXPERIMENT ARE required
     }
        
     mda-xor-md5-EXPERIMENT DIGEST-ALGORITHM ::= {
        IDENTIFIER id-alg-MD5-XOR-EXPERIMENT
        PARAMS TYPE MD5-XOR-EXPERIMENT ARE required
     }
        
     id-alg-MD5-XOR-EXPERIMENT OBJECT IDENTIFIER ::= {
        iso(1) member-body(2) us(840) rsadsi(113549)
        pkcs(1) pkcs-9(9) smime(16) id-alg(3) 13
     }
        
     id-alg-MD5-XOR-EXPERIMENT OBJECT IDENTIFIER ::= {
        iso(1) member-body(2) us(840) rsadsi(113549)
        pkcs(1) pkcs-9(9) smime(16) id-alg(3) 13
     }
        
     MD5-XOR-EXPERIMENT ::= OCTET STRING (SIZE(64))
        
     MD5-XOR-EXPERIMENT ::= OCTET STRING (SIZE(64))
        

END

终止

Author's Address

作者地址

Jim Schaad Soaring Hawk Consulting

吉姆·沙德·霍克咨询公司

   EMail: ietf@augustcellars.com
        
   EMail: ietf@augustcellars.com