| rfc7292v2.txt | rfc7292.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) K. Moriarty, Ed. | Internet Engineering Task Force (IETF) K. Moriarty, Ed. | |||
| Request for Comments: 7292 EMC | Request for Comments: 7292 EMC | |||
| Category: Informational M. Nystrom | Category: Informational M. Nystrom | |||
| ISSN: 2070-1721 Microsoft Corporation | ISSN: 2070-1721 Microsoft Corporation | |||
| S. Parkinson | S. Parkinson | |||
| A. Rusch | A. Rusch | |||
| M. Scott | M. Scott | |||
| RSA | RSA | |||
| June 2014 | July 2014 | |||
| PKCS #12: Personal Information Exchange Syntax v1.1 | PKCS #12: Personal Information Exchange Syntax v1.1 | |||
| Abstract | Abstract | |||
| PKCS #12 v1.1 describes a transfer syntax for personal identity | PKCS #12 v1.1 describes a transfer syntax for personal identity | |||
| information, including private keys, certificates, miscellaneous | information, including private keys, certificates, miscellaneous | |||
| secrets, and extensions. Machines, applications, browsers, Internet | secrets, and extensions. Machines, applications, browsers, Internet | |||
| kiosks, and so on, that support this standard will allow a user to | kiosks, and so on, that support this standard will allow a user to | |||
| import, export, and exercise a single set of personal identity | import, export, and exercise a single set of personal identity | |||
| skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
| information under several privacy and integrity modes. | information under several privacy and integrity modes. | |||
| This document represents a republication of PKCS #12 v1.1 from RSA | This document represents a republication of PKCS #12 v1.1 from RSA | |||
| Laboratories' Public Key Cryptography Standard (PKCS) series. By | Laboratories' Public Key Cryptography Standard (PKCS) series. By | |||
| publishing this RFC, change control is transferred to the IETF. | publishing this RFC, change control is transferred to the IETF. | |||
| IESG Note | IESG Note | |||
| The IESG thanks RSA Laboratories for transferring change control to | The IESG thanks RSA Laboratories for transferring change control to | |||
| the IETF. Enhancements to this specification that preserve backward | the IETF. Enhancements to this specification that preserve backward | |||
| compatibility are expected in an upcoming IETF standards track | compatibility are expected in an upcoming IETF Standards Track | |||
| document. | document. | |||
| Status of This Memo | Status of This Memo | |||
| This document is not an Internet Standards Track specification; it is | This document is not an Internet Standards Track specification; it is | |||
| published for informational purposes. | published for informational purposes. | |||
| This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
| (IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| skipping to change at page 2, line 26 | skipping to change at page 3, line 7 | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.1. Changes from PKCS #12 Version 1 . . . . . . . . . . . . . 4 | 1.1. Changes from PKCS #12 Version 1 . . . . . . . . . . . . . 4 | |||
| 2. Definitions and Notation . . . . . . . . . . . . . . . . . . 4 | 2. Definitions and Notation . . . . . . . . . . . . . . . . . . 5 | |||
| 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.1. Exchange Modes . . . . . . . . . . . . . . . . . . . . . 6 | 3.1. Exchange Modes . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.2. Mode Choice Policies . . . . . . . . . . . . . . . . . . 7 | 3.2. Mode Choice Policies . . . . . . . . . . . . . . . . . . 8 | |||
| 3.3. Trusted Public Keys . . . . . . . . . . . . . . . . . . . 7 | 3.3. Trusted Public Keys . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.4. The AuthenticatedSafe . . . . . . . . . . . . . . . . . . 8 | 3.4. The AuthenticatedSafe . . . . . . . . . . . . . . . . . . 9 | |||
| 4. PFX PDU Syntax . . . . . . . . . . . . . . . . . . . . . . . 9 | 4. PFX PDU Syntax . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 4.1. The AuthenticatedSafe Type . . . . . . . . . . . . . . . 10 | 4.1. The AuthenticatedSafe Type . . . . . . . . . . . . . . . 11 | |||
| 4.2. The SafeBag Type . . . . . . . . . . . . . . . . . . . . 11 | 4.2. The SafeBag Type . . . . . . . . . . . . . . . . . . . . 12 | |||
| 4.2.1. The KeyBag Type . . . . . . . . . . . . . . . . . . . 12 | 4.2.1. The KeyBag Type . . . . . . . . . . . . . . . . . . . 13 | |||
| 4.2.2. The PKCS8ShroudedKeyBag Type . . . . . . . . . . . . 12 | 4.2.2. The PKCS8ShroudedKeyBag Type . . . . . . . . . . . . 13 | |||
| 4.2.3. The CertBag Type . . . . . . . . . . . . . . . . . . 13 | 4.2.3. The CertBag Type . . . . . . . . . . . . . . . . . . 13 | |||
| 4.2.4. The CRLBag Type . . . . . . . . . . . . . . . . . . . 13 | 4.2.4. The CRLBag Type . . . . . . . . . . . . . . . . . . . 14 | |||
| 4.2.5. The SecretBag Type . . . . . . . . . . . . . . . . . 14 | 4.2.5. The SecretBag Type . . . . . . . . . . . . . . . . . 14 | |||
| 4.2.6. The SafeContents Type . . . . . . . . . . . . . . . . 14 | 4.2.6. The SafeContents Type . . . . . . . . . . . . . . . . 14 | |||
| 5. Using PFX PDUs . . . . . . . . . . . . . . . . . . . . . . . 14 | 5. Using PFX PDUs . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.1. Creating PFX PDUs . . . . . . . . . . . . . . . . . . . . 14 | 5.1. Creating PFX PDUs . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.2. Importing Keys, etc., from a PFX PDU . . . . . . . . . . 15 | 5.2. Importing Keys, etc., from a PFX PDU . . . . . . . . . . 16 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | |||
| 7. Normative References . . . . . . . . . . . . . . . . . . . . 16 | 7. Normative References . . . . . . . . . . . . . . . . . . . . 17 | |||
| Appendix A. Message Authentication Codes (MACs) . . . . . . . . 19 | Appendix A. Message Authentication Codes (MACs) . . . . . . . . 19 | |||
| Appendix B. Deriving Keys and IVs from Passwords and Salt . . . 19 | Appendix B. Deriving Keys and IVs from Passwords and Salt . . . 19 | |||
| B.1. Password Formatting . . . . . . . . . . . . . . . . . . . 19 | B.1. Password Formatting . . . . . . . . . . . . . . . . . . . 19 | |||
| B.2. General Method . . . . . . . . . . . . . . . . . . . . . 20 | B.2. General Method . . . . . . . . . . . . . . . . . . . . . 20 | |||
| B.3. More on the ID Byte . . . . . . . . . . . . . . . . . . . 22 | B.3. More on the ID Byte . . . . . . . . . . . . . . . . . . . 22 | |||
| B.4. Keys for Password Integrity Mode . . . . . . . . . . . . 22 | B.4. Keys for Password Integrity Mode . . . . . . . . . . . . 22 | |||
| Appendix C. Keys and IVs for Password Privacy Mode . . . . . . . 22 | Appendix C. Keys and IVs for Password Privacy Mode . . . . . . . 22 | |||
| Appendix D. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 24 | Appendix D. ASN.1 Module . . . . . . . . . . . . . . . . . . . . 24 | |||
| Appendix E. Intellectual Property Considerations . . . . . . . . 28 | Appendix E. Intellectual Property Considerations . . . . . . . . 28 | |||
| Appendix F. Acknowledgments . . . . . . . . . . . . . . . . . . 28 | Appendix F. Acknowledgments . . . . . . . . . . . . . . . . . . 28 | |||
| skipping to change at page 11, line 25 | skipping to change at page 12, line 25 | |||
| bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), | bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), | |||
| bagAttributes SET OF PKCS12Attribute OPTIONAL | bagAttributes SET OF PKCS12Attribute OPTIONAL | |||
| } | } | |||
| PKCS12Attribute ::= SEQUENCE { | PKCS12Attribute ::= SEQUENCE { | |||
| attrId ATTRIBUTE.&id ({PKCS12AttrSet}), | attrId ATTRIBUTE.&id ({PKCS12AttrSet}), | |||
| attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) | attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) | |||
| } -- This type is compatible with the X.500 type 'Attribute' | } -- This type is compatible with the X.500 type 'Attribute' | |||
| PKCS12AttrSet ATTRIBUTE ::= { | PKCS12AttrSet ATTRIBUTE ::= { | |||
| friendlyName | -- from PKCS #9 [22] | friendlyName | -- from PKCS #9 [23] | |||
| localKeyId, -- from PKCS #9 | localKeyId, -- from PKCS #9 | |||
| ... -- Other attributes are allowed | ... -- Other attributes are allowed | |||
| } | } | |||
| The optional bagAttributes field allows users to assign nicknames and | The optional bagAttributes field allows users to assign nicknames and | |||
| identifiers to keys, etc., and permits visual tools to display | identifiers to keys, etc., and permits visual tools to display | |||
| meaningful strings of some sort to the user. | meaningful strings of some sort to the user. | |||
| Six types of SafeBags are defined in this version of this document: | Six types of SafeBags are defined in this version of this document: | |||
| skipping to change at page 16, line 26 | skipping to change at page 17, line 7 | |||
| into account. It is also important that passwords be protected well | into account. It is also important that passwords be protected well | |||
| if stored. | if stored. | |||
| When choosing a salt value in password privacy or integrity mode, the | When choosing a salt value in password privacy or integrity mode, the | |||
| recommendations in Section 4 of PKCS #5 2.1 [13] [22] should be taken | recommendations in Section 4 of PKCS #5 2.1 [13] [22] should be taken | |||
| into account. Ideally, the salt is as long as the output of the hash | into account. Ideally, the salt is as long as the output of the hash | |||
| function being used and consists of randomly generated data. | function being used and consists of randomly generated data. | |||
| 7. Normative References | 7. Normative References | |||
| [1] Dobbertin, H., "The status of MD5 after a recent attack.", | [1] Dobbertin, H., "The status of MD5 after a recent attack.", | |||
| CryptoBytes Vol. 2, #2, 1996. | CryptoBytes Vol. 2, #2, 1996. | |||
| [2] ISO/IEC, "Information technology -- Abstract Syntax | [2] ISO/IEC, "Information technology -- Abstract Syntax Notation | |||
| Notation One (ASN.1) -- Specification of basic notation", | One (ASN.1) -- Specification of basic notation", ISO/IEC | |||
| ISO/IEC 8824-1:2008, 2008. | 8824-1:2008, 2008. | |||
| [3] ISO/IEC, "Information technology -- Abstract Syntax | [3] ISO/IEC, "Information technology -- Abstract Syntax Notation | |||
| Notation One (ASN.1) -- Information object specification", | One (ASN.1) -- Information object specification", ISO/IEC | |||
| ISO/IEC 8824-2:2008, 2008. | 8824-2:2008, 2008. | |||
| [4] ISO/IEC, "Information technology -- Abstract Syntax | [4] ISO/IEC, "Information technology -- Abstract Syntax Notation | |||
| Notation One (ASN.1) -- Constraint specification", ISO/IEC | One (ASN.1) -- Constraint specification", ISO/IEC 88247-3:2008, | |||
| 88247-3:2008, 2008. | 2008. | |||
| [5] ISO/IEC, "Information technology -- Abstract Syntax | [5] ISO/IEC, "Information technology -- Abstract Syntax Notation | |||
| Notation One (ASN.1) -- Parameterization of ASN.1 | One (ASN.1) -- Parameterization of ASN.1 specifications", | |||
| specifications", ISO/IEC 8824-4:2008, 2008. | ISO/IEC 8824-4:2008, 2008. | |||
| [6] ISO/IEC, "Information Technology - ASN.1 Encoding Rules: | [6] ISO/IEC, "Information Technology - ASN.1 Encoding Rules: | |||
| Specification of Basic Encoding Rules (BER), Canonical | Specification of Basic Encoding Rules (BER), Canonical Encoding | |||
| Encoding Rules (CER), and Distinguished Encoding Rules", | Rules (CER), and Distinguished Encoding Rules", ISO/IEC | |||
| ISO/IEC 8825-1:2008, 2008. | 8825-1:2008, 2008. | |||
| [7] ISO/IEC, "Information technology -- Open Systems | [7] ISO/IEC, "Information technology -- Open Systems | |||
| Interconnection -- The Directory: Models", ISO/IEC | Interconnection -- The Directory: Models", ISO/IEC 9594-2:1997, | |||
| 9594-2:1997, 1997. | 1997. | |||
| [8] ISO/IEC, "Information technology -- Open Systems | [8] ISO/IEC, "Information technology -- Open Systems | |||
| Interconnection -- The Directory: Authentication | Interconnection -- The Directory: Authentication Framework", | |||
| Framework", ISO/IEC 9594-8:1997, 1997. | ISO/IEC 9594-8:1997, 1997. | |||
| [9] Microsoft, "PFX: Personal Exchange Syntax and Protocol | [9] Microsoft, "PFX: Personal Exchange Syntax and Protocol | |||
| Standard", ISO/IEC Version 0.020, January 1997. | Standard", ISO/IEC Version 0.020, January 1997. | |||
| [10] National Institute of Standards and Technology (NIST), | [10] National Institute of Standards and Technology (NIST), "Secure | |||
| "Secure Hash Standard", FIPS Publication 180-4, March | Hash Standard", FIPS Publication 180-4, March 2012. | |||
| 2012. | ||||
| [11] National Institute of Standards and Technology (NIST), | [11] National Institute of Standards and Technology (NIST), "The | |||
| "The Keyed-Hash Message Authentication Code (HMAC)", FIPS | Keyed-Hash Message Authentication Code (HMAC)", FIPS | |||
| Publication 198-1, July 2008. | Publication 198-1, July 2008. | |||
| [12] National Institute of Standards and Technology (NIST), | [12] National Institute of Standards and Technology (NIST), "The | |||
| "The Recommendation for Password-Based Key Derivation, | Recommendation for Password-Based Key Derivation, Part 1: | |||
| Part 1: Storage Applications", NIST Special Publication | Storage Applications", NIST Special Publication 800-132, | |||
| 800-132, December 2010. | December 2010. | |||
| [13] RSA Laboratories, "PKCS #5: Password-Based Encryption | [13] RSA Laboratories, "PKCS #5: Password-Based Encryption | |||
| Standard", PKCS Version 2.1, October 2012. | Standard", PKCS Version 2.1, October 2012. | |||
| [14] RSA Laboratories, "PKCS #7: Cryptographic Message Syntax | [14] RSA Laboratories, "PKCS #7: Cryptographic Message Syntax | |||
| Standard", PKCS Version 1.5, November 1993. | Standard", PKCS Version 1.5, November 1993. | |||
| [15] RSA Laboratories, "PKCS #8: Private-Key Information Syntax | [15] RSA Laboratories, "PKCS #8: Private-Key Information Syntax | |||
| Standard", PKCS Version 1.2, November 1993. | Standard", PKCS Version 1.2, November 1993. | |||
| [16] RSA Laboratories, "PKCS #12: Personal Information Exchange | [16] RSA Laboratories, "PKCS #12: Personal Information Exchange | |||
| Syntax", PKCS Version 1.1, December 2012. | Syntax", PKCS Version 1.1, December 2012. | |||
| [17] Rivest, R. and B. Lampson, "SDSI - A Simple Distributed | [17] Rivest, R. and B. Lampson, "SDSI - A Simple Distributed | |||
| Security Infrastructure", 1996, | Security Infrastructure", 1996, | |||
| <http://people.csail.mit.edu/rivest/sdsi10.html>. | <http://people.csail.mit.edu/rivest/sdsi10.html>. | |||
| [18] Turner, S. and L. Chen, "MD2 to Historic Status", RFC | [18] Turner, S. and L. Chen, "MD2 to Historic Status", RFC 6149, | |||
| 6149, March 2011. | March 2011. | |||
| [19] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, | [19] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April | |||
| April 1992. | 1992. | |||
| [20] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [20] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | |||
| Hashing for Message Authentication", RFC 2104, February | Hashing for Message Authentication", RFC 2104, February 1997. | |||
| 1997. | ||||
| [21] Kaliski, B., "PKCS #7: Cryptographic Message Syntax | [21] Kaliski, B., "PKCS #7: Cryptographic Message Syntax Version | |||
| Version 1.5", RFC 2315, March 1998. | 1.5", RFC 2315, March 1998. | |||
| [22] Kaliski, B., "PKCS #5: Password-Based Cryptography | [22] Kaliski, B., "PKCS #5: Password-Based Cryptography | |||
| Specification Version 2.0", RFC 2898, September 2000. | Specification Version 2.0", RFC 2898, September 2000. | |||
| [23] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object | [23] Nystrom, M. and B. Kaliski, "PKCS #9: Selected Object Classes | |||
| Classes and Attribute Types Version 2.0", RFC 2985, | and Attribute Types Version 2.0", RFC 2985, November 2000. | |||
| November 2000. | ||||
| [24] Turner, S., "Asymmetric Key Packages", RFC 5958, August | [24] Turner, S., "Asymmetric Key Packages", RFC 5958, August 2010. | |||
| 2010. | ||||
| [25] Turner, S. and L. Chen, "Updated Security Considerations | [25] Turner, S. and L. Chen, "Updated Security Considerations for | |||
| for the MD5 Message-Digest and the HMAC-MD5 Algorithms", | the MD5 Message-Digest and the HMAC-MD5 Algorithms", RFC 6151, | |||
| RFC 6151, March 2011. | March 2011. | |||
| Appendix A. Message Authentication Codes (MACs) | Appendix A. Message Authentication Codes (MACs) | |||
| A MAC is a special type of function of a message (data bits) and an | A MAC is a special type of function of a message (data bits) and an | |||
| integrity key. It can be computed or checked only by someone | integrity key. It can be computed or checked only by someone | |||
| possessing both the message and the integrity key. Its security | possessing both the message and the integrity key. Its security | |||
| follows from the secrecy of the integrity key. In this standard, | follows from the secrecy of the integrity key. In this standard, | |||
| MACing is used in password integrity mode. | MACing is used in password integrity mode. | |||
| This document uses a particular type of MAC called HMAC [11] [20], | This document uses a particular type of MAC called HMAC [11] [20], | |||
| End of changes. 33 change blocks. | ||||
| 86 lines changed or deleted | 82 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||