Diff: rfc9879.original.xml

	rfc9879.original.xml	rfc9879.xml

	<?xml version='1.0' encoding='utf-8'?>	<?xml version='1.0' encoding='UTF-8'?>

		<!-- [rfced] This document updates RFCs 7292 and 8018. Please review
		the errata reported these RFCs and let us know if you confirm our
		opinion that none of them are relevant to the content of this
		document.

		Links to errata:
		https://www.rfc-editor.org/errata/rfc7292
		https://www.rfc-editor.org/errata/rfc8018
		-->

	<!DOCTYPE rfc [	<!DOCTYPE rfc [
	<!ENTITY nbsp " ">	<!ENTITY nbsp " ">
	<!ENTITY zwsp "">	<!ENTITY zwsp "">
	<!ENTITY nbhy "‑">	<!ENTITY nbhy "‑">
	<!ENTITY wj "⁠">	<!ENTITY wj "⁠">
	]>	]>


	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-i etf-lamps-rfc9579bis-06" ipr="trust200902" updates="7292, 8018" obsoletes="9579" xml:lang="en" tocInclude="true" tocDepth="4" symRefs="true" sortRefs="true" ver sion="3">	<rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-i etf-lamps-rfc9579bis-06" number="9879" consensus="true" submissionType="IETF" ip r="trust200902" updates="7292, 8018" obsoletes="9579" xml:lang="en" tocInclude=" true" tocDepth="4" symRefs="true" sortRefs="true" version="3">

	<front>	<front>
	<title abbrev="PBMAC1 in PKCS #12">Use of Password-Based Message	<title abbrev="PBMAC1 in PKCS #12">Use of Password-Based Message
	Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title>	Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title>

		<seriesInfo name="RFC" value="9879"/>
	<author fullname="Alicja Kario" initials="A." surname="Kario">	<author fullname="Alicja Kario" initials="A." surname="Kario">
	<organization>Red Hat, Inc.</organization>	<organization>Red Hat, Inc.</organization>
	<address>	<address>
	<postal>	<postal>
	<street>Purkynova 115</street>	<street>Purkynova 115</street>
	<city>Brno</city>	<city>Brno</city>
	<code>61200</code>	<code>61200</code>
	<country>Czech Republic</country>	<country>Czech Republic</country>
	</postal>	</postal>
	<email>hkario@redhat.com</email>	<email>hkario@redhat.com</email>
	</address>	</address>
	</author>	</author>

	<date day="25" month="April" year="2025"/>	<date month="September" year="2025"/>

	<area>SEC</area>	<area>SEC</area>
	<workgroup>lamps</workgroup>	<workgroup>lamps</workgroup>

	<keyword>pbmac1</keyword>	<keyword>pbmac1</keyword>
	<keyword>pkcs12</keyword>	<keyword>pkcs12</keyword>
	<keyword>pbkdf2</keyword>	<keyword>pbkdf2</keyword>

	<abstract>	<abstract>
	<t>This document specifies additions and amendments to	<t>This document specifies additions and amendments to

	skipping to change at line 52 ¶	skipping to change at line 63 ¶
	syntax. The purpose of this specification is to permit the use of mo re	syntax. The purpose of this specification is to permit the use of mo re
	modern Password-Based Key Derivation Functions (PBKDFs)	modern Password-Based Key Derivation Functions (PBKDFs)
	and allow for regulatory compliance.	and allow for regulatory compliance.
	</t>	</t>
	</abstract>	</abstract>
	</front>	</front>
	<middle>	<middle>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Introduction</name>	<name>Introduction</name>


		<!-- [rfced] Although "use of a PKCS #12 specific" appeared in RFC 9579, may
		we update this phrase in one of the following ways to improve clarity?

		Original:
		Unfortunately, [RFC7292]
		mandates the use of a PKCS #12 specific password-based key derivation
		function that only allows for change of the underlying message digest
		function.

		Perhaps:
		Unfortunately, [RFC7292]
		mandates the use of a specific PKCS #12 password-based key derivation
		function that only allows for change of the underlying message digest
		function.

		Or:
		Unfortunately, [RFC7292]
		mandates the use of a password-based key derivation
		function that is specific PKCS #12 and only allows for change of the underlyi
		ng message digest
		function.
		-->

	<t>The PKCS #12 format <xref target="RFC7292" format="default"/> is widely used	<t>The PKCS #12 format <xref target="RFC7292" format="default"/> is widely used
	for the interoperable transfer of certificate, key, and other	for the interoperable transfer of certificate, key, and other
	miscellaneous secrets between machines, applications, browsers, etc.	miscellaneous secrets between machines, applications, browsers, etc.
	Unfortunately, <xref target="RFC7292" format="default"/> mandates the us e	Unfortunately, <xref target="RFC7292" format="default"/> mandates the us e
	of a PKCS #12 specific password-based key derivation function	of a PKCS #12 specific password-based key derivation function
	that only allows for change of the underlying message digest function.</ t>	that only allows for change of the underlying message digest function.</ t>
	<section anchor="Changes" numbered="true" toc="default">	<section anchor="Changes" numbered="true" toc="default">
	<name>Changes since RFC 9579</name>	<name>Changes since RFC 9579</name>

	<t>This document changes the specified format of password passed to	<t>This document changes the specified format of the password passed t
	the key derivation function. Previously it was a BMPString, now	o
		the key derivation function. Previously, it was a BMPString, but now
	it's declared as a UTF8String. It should be noted that the	it's declared as a UTF8String. It should be noted that the
	test vectors attached to <xref target="RFC9579" format="default"/>	test vectors attached to <xref target="RFC9579" format="default"/>
	use UTF8String encoding. This resolves	use UTF8String encoding. This resolves
	<xref target="Err7974" format="default"/>.	<xref target="Err7974" format="default"/>.
	</t>	</t>
	</section>	</section>
	</section>	</section>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Rationale</name>	<name>Rationale</name>


	skipping to change at line 105 ¶	skipping to change at line 138 ¶
	format="default"/> <xref target="x681" format="default"/> <xref	format="default"/> <xref target="x681" format="default"/> <xref
	target="x682" format="default"/> <xref target="x683" format="default"/>	target="x682" format="default"/> <xref target="x683" format="default"/>
	<xref target="x690" format="default"/> that can be combined with the	<xref target="x690" format="default"/> that can be combined with the
	ASN.1 modules in <xref target="RFC7292" format="default"/> and <xref	ASN.1 modules in <xref target="RFC7292" format="default"/> and <xref
	target="RFC8018" format="default"/> to incorporate additional MAC	target="RFC8018" format="default"/> to incorporate additional MAC
	algorithms.</t>	algorithms.</t>
	</section>	</section>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Requirements Language</name>	<name>Requirements Language</name>
	<t>	<t>

	The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",	The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQU
	"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>	IRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
	",	NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>
	"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",	RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
	"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",	"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
	"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to	be interpreted as
	be	described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
	interpreted as described in BCP 14 <xref target="RFC2119"/> <xref	when, and only when, they appear in all capitals, as shown here.
	target="RFC8174"/> when, and only when, they appear in all capitals, as
	shown here.
	</t>	</t>
	</section>	</section>

	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Embedding PBMAC1 in PKCS #12</name>	<name>Embedding PBMAC1 in PKCS #12</name>

	<t>The MacData structure in the PFX	<t>The MacData structure in the PFX
	object, as described in item #3 in <xref target="RFC7292"	object, as described in item #3 in <xref target="RFC7292"
	sectionFormat="of" section="4"/>, is updated to include the following PBMA C1-specific	sectionFormat="of" section="4"/>, is updated to include the following PBMA C1-specific
	guidance:	guidance:

	skipping to change at line 179 ¶	skipping to change at line 209 ¶
	SHA-256 HMAC should also include KDF parameters that generate a 32-octet key. In particular, when using the PBKDF2, implementations	SHA-256 HMAC should also include KDF parameters that generate a 32-octet key. In particular, when using the PBKDF2, implementations
	<bcp14>MUST</bcp14> include the keyLength field in the encoded PBKDF2-pa rams.	<bcp14>MUST</bcp14> include the keyLength field in the encoded PBKDF2-pa rams.
	Implementations <bcp14>MUST NOT</bcp14> accept PBKDF2 KDF with PBKDF2-pa rams that	Implementations <bcp14>MUST NOT</bcp14> accept PBKDF2 KDF with PBKDF2-pa rams that
	omit the keyLength field.	omit the keyLength field.
	</t>	</t>
	</section>	</section>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Password Encoding</name>	<name>Password Encoding</name>
	<t>As documented in <xref target="RFC7292" sectionFormat="of"	<t>As documented in <xref target="RFC7292" sectionFormat="of"
	section="B.1"/>, the handling of password encoding in the underlying	section="B.1"/>, the handling of password encoding in the underlying

	standards is underspecified. However, unlike with Password Based	standards is underspecified. However, unlike with Password-Based
	Encryption Scheme 1 (PBES1) <xref target="RFC8018"/>	Encryption Scheme 1 (PBES1) <xref target="RFC8018"/>
	when used in the context of PKCS #12 or the MAC algorithm described	when used in the context of PKCS #12 or the MAC algorithm described

	in <xref target="RFC7292"/> (which use BMPString with NULL-termination),	in <xref target="RFC7292"/> (which use BMPString with NULL termination),
	all passwords used with PBMAC1	all passwords used with PBMAC1

	<bcp14>MUST</bcp14> be created from UTF-8 <xref target="RFC3629"/>	<bcp14>MUST</bcp14> be created from UTF-8
	encoding without a NULL	encoding <xref target="RFC3629"/> without a NULL
	terminator or Byte Order Mark (BOM).	terminator or Byte Order Mark (BOM).
	</t>	</t>
	</section>	</section>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Deprecated Algorithms</name>	<name>Deprecated Algorithms</name>

	<t>While attacks against SHA-1 HMACs are not considered practical	<t>While attacks against SHA-1 HMACs are not considered practical
	<xref target="RFC6194" format="default"/> to limit the number of alg orithms needed	<xref target="RFC6194" format="default"/> to limit the number of alg orithms needed
	for interoperability, implementations of this specification	for interoperability, implementations of this specification
	<bcp14>SHOULD NOT</bcp14> use PBKDF2 with the SHA-1 HMAC. In additio n,	<bcp14>SHOULD NOT</bcp14> use PBKDF2 with the SHA-1 HMAC. In additio n,
	implementations <bcp14>MUST NOT</bcp14> use any other message digest functions	implementations <bcp14>MUST NOT</bcp14> use any other message digest functions
	with an output of 160 bits or less.</t>	with an output of 160 bits or less.</t>
	</section>	</section>

	<section anchor="IANA" numbered="true" toc="default">	<section anchor="IANA" numbered="true" toc="default">
	<name>IANA Considerations</name>	<name>IANA Considerations</name>
	<t>IANA has registered the following object identifier in the	<t>IANA has registered the following object identifier in the
	"SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry. See <xref target="asn1-module"/> for the ASN.1 module. </t>	"SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry. See <xref target="asn1-module"/> for the ASN.1 module. </t>

	<!-- [rfced] please remove the following parargaph -->
	<t>We ask IANA to update the reference to point to this new document.</t>	<t>IANA has updated the reference to point to this document.</t>

	<table anchor="iana-table">	<table anchor="iana-table">
	<name></name>	<name></name>
	<thead>	<thead>
	<tr>	<tr>
	<th>Decimal</th>	<th>Decimal</th>
	<th>Description</th>	<th>Description</th>
	<th>Reference</th>	<th>Reference</th>
	</tr>	</tr>
	</thead>	</thead>
	<tbody>	<tbody>
	<tr>	<tr>
	<td>76</td>	<td>76</td>
	<td>id-pkcs12-pbmac1-2023</td>	<td>id-pkcs12-pbmac1-2023</td>

	<td>[this document]</td>	<td>RFC 9879</td>
	</tr>	</tr>
	</tbody>	</tbody>
	</table>	</table>
	</section>	</section>
	<section anchor="Security" numbered="true" toc="default">	<section anchor="Security" numbered="true" toc="default">
	<name>Security Considerations</name>	<name>Security Considerations</name>
	<t>Except for the use of different key derivation functions, this document	<t>Except for the use of different key derivation functions, this document
	doesn't change how the integrity protection on PKCS #12 objects is	doesn't change how the integrity protection on PKCS #12 objects is
	computed; therefore, all the security considerations from	computed; therefore, all the security considerations from
	<xref target="RFC7292" format="default"/> apply.	<xref target="RFC7292" format="default"/> apply.

	skipping to change at line 338 ¶	skipping to change at line 368 ¶
	<date month="February" year="2021"/>	<date month="February" year="2021"/>
	</front>	</front>
	<seriesInfo name="ITU-T Recommendation" value="X.690"/>	<seriesInfo name="ITU-T Recommendation" value="X.690"/>
	<seriesInfo name="ISO/IEC" value="8825-1:2021" />	<seriesInfo name="ISO/IEC" value="8825-1:2021" />
	</reference>	</reference>

	<reference anchor="SHA2" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf">	<reference anchor="SHA2" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.180-4.pdf">
	<front>	<front>
	<title>Secure Hash Standard (SHS)</title>	<title>Secure Hash Standard (SHS)</title>
	<author>	<author>

	<organization>National Institute of Standards and Technology (NIST )	<organization abbrev="NIST">National Institute of Standards and Te chnology (NIST)
	</organization>	</organization>
	</author>	</author>
	<date month="August" year="2015"/>	<date month="August" year="2015"/>
	</front>	</front>
	<seriesInfo name="FIPS PUB" value="180-4"/>	<seriesInfo name="FIPS PUB" value="180-4"/>
	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>
	</reference>	</reference>
	</references>	</references>

	<references>	<references>
	<name>Informative References</name>	<name>Informative References</name>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 914.xml"/>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7 914.xml"/>
	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9 579.xml"/>	<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9 579.xml"/>

	<reference anchor="SHA3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.202.pdf">	<reference anchor="SHA3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/ NIST.FIPS.202.pdf">
	<front>	<front>
	<title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output	<title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output
	Functions</title>	Functions</title>
	<author>	<author>

	<organization>National Institute of Standards and Technology (NIST )	<organization abbrev="NIST">National Institute of Standards and Te chnology (NIST)
	</organization>	</organization>
	</author>	</author>
	<date month="August" year="2015"/>	<date month="August" year="2015"/>
	</front>	</front>
	<seriesInfo name="FIPS PUB" value="202"/>	<seriesInfo name="FIPS PUB" value="202"/>
	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.202"/>	<seriesInfo name="DOI" value="10.6028/NIST.FIPS.202"/>
	</reference>	</reference>

	<reference anchor="Err7974" target="https://www.rfc-editor.org/errata/ei d7974">	<reference anchor="Err7974" quote-title="false" target="https://www.rfc- editor.org/errata/eid7974">
	<front>	<front>

	<title>RFC Errata Report 7974, RFC 9579,</title>	<title>Erratum ID 7974</title>
	<author fullname="Alicja Kario" />	<author>
		<organization>RFC Errata</organization>
		</author>
	</front>	</front>

		<refcontent>RFC 9579</refcontent>
	</reference>	</reference>
	</references>	</references>
	</references>	</references>

	<section anchor="test-vectors" numbered="true" toc="default">	<section anchor="test-vectors" numbered="true" toc="default">
	<name>Test Vectors</name>	<name>Test Vectors</name>
	<t>All test vectors use "1234" as the password for both encryption	<t>All test vectors use "1234" as the password for both encryption
	and integrity protection.</t>	and integrity protection.</t>
	<section numbered="true" toc="default">	<section numbered="true" toc="default">
	<name>Valid PKCS #12 File with SHA-256 HMAC and PRF</name>	<name>Valid PKCS #12 File with SHA-256 HMAC and PRF</name>

	skipping to change at line 898 ¶	skipping to change at line 931 ¶
	prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1	prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
	}	}

	PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }	PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }

	END	END
	]]></sourcecode>	]]></sourcecode>
	</section>	</section>
	</back>	</back>


		<!-- [rfced] Please review the "Inclusive Language" portion of the online
		Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language>
		and let us know if any changes are needed. Updates of this nature typically
		result in more precise language, which is helpful for readers.

		Note that our script did not flag any words in particular, but this should
		still be reviewed as a best practice.
		-->

	</rfc>	</rfc>

End of changes. 18 change blocks.
	27 lines changed or deleted	72 lines changed or added
This html diff was produced by rfcdiff 1.48.