PKCS #7: Cryptographic Message Syntax Version 1.5
RFC 2315

Document Type RFC - Informational (March 1998; No errata)
Author Burt Kaliski 
Last updated 2013-03-02
Stream Legacy stream
Formats plain text html pdf htmlized (tools) htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2315 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          B. Kaliski
Request for Comments: 2315                         RSA Laboratories, East
Category: Informational                                        March 1998

                 PKCS #7: Cryptographic Message Syntax
                              Version 1.5

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.


   This document describes a general syntax for data that may have
   cryptography applied to it, such as digital signatures and digital
   envelopes. The syntax admits recursion, so that, for example, one
   envelope can be nested inside another, or one party can sign some
   previously enveloped digital data.  It also allows arbitrary
   attributes, such as signing time, to be authenticated along with the
   content of a message, and provides for other attributes such as
   countersignatures to be associated with a signature. A degenerate
   case of the syntax provides a means for disseminating certificates
   and certificate-revocation lists.

1. Scope

   This document is compatible with Privacy-Enhanced Mail (PEM) in that
   signed-data and signed-and-enveloped-data content, constructed in a
   PEM-compatible mode, can be converted into PEM messages without any
   cryptographic operations. PEM messages can similarly be converted
   into the signed-data and signed-and-enveloped data content types.

   This document can support a variety of architectures for
   certificate-based key management, such as the one proposed for
   Privacy-Enhanced Mail in RFC 1422. Architectural decisions such as
   what certificate issuers are considered "top-level," what entities
   certificate issuers are authorized to certify, what distinguished
   names are considered acceptable, and what policies certificate
   issuers must follow (such as signing only with secure hardware, or
   requiring entities to present specific forms of identification) are
   left outside the document.

Kaliski                      Informational                      [Page 1]
RFC 2315          PKCS #7: Crytographic Message Syntax        March 1998

   The values produced according to this document are intended to be
   BER-encoded, which means that the values would typically be
   represented as octet strings. While many systems are capable of
   transmitting arbitrary octet strings reliably, it is well known that
   many electronic-mail systems are not. This document does not address
   mechanisms for encoding octet strings as (say) strings of ASCII
   characters or other techniques for enabling reliable transmission by
   re-encoding the octet string. RFC 1421 suggests one possible solution
   to this problem.

2. References

      FIPS PUB 46-1  National Bureau of Standards. FIPS PUB 46-1:
                Data Encryption Standard. January 1988.

      PKCS #1   RSA Laboratories. PKCS #1: RSA Encryption.
                Version 1.5, November 1993.

      PKCS #6   RSA Laboratories. PKCS #6: Extended-Certificate
                Syntax. Version 1.5, November 1993.

      PKCS #9   RSA Laboratories. PKCS #9: Selected Attribute
                Types. Version 1.1, November 1993.

      RFC 1421  Linn, J., "Privacy Enhancement for
                Internet Electronic Mail: Part I: Message
                Encryption and Authentication Procedures," RFC 1421
                February 1993.

      RFC 1422  Kent, S., "Privacy Enhancement for
                Internet Electronic Mail: Part II: Certificate-
                Based Key Management," RFC 1422, February 1993.

      RFC 1423  Balenson, D., "Privacy Enhancement for
                Internet Electronic Mail: Part III: Algorithms,
                Modes, and Identifiers," RFC 1423, February 1993.

      RFC 1424  Kaliski, B., "Privacy Enhancement for
                Internet Electronic Mail: Part IV: Key
                Certification and Related Services," RFC 1424,
                February 1993.

Kaliski                      Informational                      [Page 2]
RFC 2315          PKCS #7: Crytographic Message Syntax        March 1998

      RFC 1319  Kaliski, B., "The MD2 Message-Digest
                Algorithm," RFC 1319, April 1992.

      RFC 1321  Rivest, R., "The MD5 Message-Digest
                Algorithm," RFC 1321, April 1992.

      X.208     CCITT. Recommendation X.208: Specification of
                Abstract Syntax Notation One (ASN.1). 1988.

      X.209     CCITT. Recommendation X.209: Specification of
                Basic Encoding Rules for Abstract Syntax Notation
                One (ASN.1). 1988.

      X.500     CCITT. Recommendation X.500: The Directory--
                Overview of Concepts, Models and
                Services. 1988.

      X.501     CCITT. Recommendation X.501: The Directory--
Show full document text