RIPEM Message and File Formats Mark Riordan 4 May 1993 This document describes the syntax of messages produced by RIPEM, and of files maintained by RIPEM. Format Standards Followed by RIPEM RIPEM messages generally follow the format described in Internet RFC 1421. (In non-PEM mode, some of the fields are different, to account for the lack of certificates in non-PEM mode.) MIME extensions are described in the Internet Engineering Task Force Draft entitled "MIME-PEM Interaction" (draft-ietf-pem-mime- 02.txt). Where applicable, RIPEM databases contain fields in formats conformant with RSA Data Security's Public Key Cryptography Standards. See the documents in the pkcs directory on FTP site rsa.com. Messages produced by RIPEM and files maintained by RIPEM are kept entirely in 7-bit ASCII format. Information which is inherently non-ASCII ("binary" data such as the output from DES encryption) is encoded either in ASCII hexadecimal, or in a uuencode-like format in which three 8-bit bytes are represented with four ASCII characters. (The details of this encoding, which are not identical to those of the Unix uuencode program, are described in RFC 1421.) Complex structured information, such as a public key (which contains both a modulus and a public exponent) is first transformed into a portable binary format before being ASCII-encoded. The portable structured format is called DER encoding (for Distinguished Encoding Rules). Descriptions of DER encoding can be found in documents written by Burt Kaliski and available from the FTP site rsa.com in the pkcs directory. Factors Affecting Message Formats Each RIPEM-encrypted message consists of two fundamental parts: a set of "headers" containing bookkeeping information such as the sender's identity, encryption modes used, etc; and a "body" containing the (usually) encrypted message itself. The precise format of RIPEM message headers depends upon several factors: * Whether the message is enciphered in "RIPEM mode", which does not support certificates, or "PEM mode", which does. * Whether the message is encrypted, or just signed. * Whether MIME ("Multipurpose Internet Mail Extensions") is used. MIME format is generally used only when the message being encrypted is not plain ASCII. PEM-Mode Messages We will start by describing RIPEM messages produced in PEM mode. Here is an annotated example. (Annotations are indented.) -----BEGIN PRIVACY-ENHANCED MESSAGE----- All RIPEM messages start with this line. Proc-Type: 4,ENCRYPTED "4" indicates standard Internet RFC 1421 PEM. The second parameter can be ENCRYPTED, MIC-ONLY, or MIC- CLEAR. The message is encrypted only in the case of ENCRYPTED, but a signature is always computed. Content-Domain: RFC822 RFC822 indicates that the message plaintext is in standard email (ASCII-only) form. This is currently the only allowable value for this field. DEK-Info: DES-CBC,401E9139E4867FF7 This field is present only for ENCRYPTED messages, and indicates the message data encryption algorithm and mode (always DES-CBC), and the initialization vector in hex. Originator-Certificate: MIIBpjCCAUICARYwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl cnRpZmljYXRlMB4XDTkzMDQxOTIwMDI1MFoXDTk1MDQxOTAwMDAwMFowZDELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRUwEwYDVQQDEwxNYXJrIFJpb3JkYW4w WTAKBgRVCAEBAgICBgNLADBIAkEylZc/H+pNFRQqHC4abJQV4gTzRuGoXmOFgdeP kDshmAB4dAa6qY8ypsLqDFmXfbEInjzwxz8weBHGRnTZwFcrMwIDAQABMA0GCSqG SIb3DQEBAgUAA08ABMavdfXztriNQZwk8Ma/YbMOd81sg/bASPXKi2FhmDn2WhdZ 967PW+ZPYkCDn0JdUikP/41xvKuHhOPDNROvN+Sltgf0aFenF2m8/voX This is the certificate of the sender of the message. It contains the sender's public key. See the section below on certificates. Key-Info: RSA, LookV1eGyPwZJ4sz2Eyf1ak3re3Sti2JeSIIaost1SeW93L3eqcXCAqGz7GBBJfN hSziXJDIbNEGGXdm9Zuoc0E= The Key-Info field gives the message key of this message, encrypted under the recipient's public key component. This first occurrence of Key-Info, appearing before the first Recipient-ID-Asymmetric field, is optional and applies to the sender of the message. That is, the value of this field as it appears here is the DES message key encrypted with the sender's public key. This allows the sender to decrypt his own messages and is similar to the sender making himself a recipient of all his messages. The "RSA" here indicates use of the RSA public key algorithm; there are no other legal values for the first parameter. Issuer-Certificate: MIIBxjCCAVACBF4AAAMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAe BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVMb3cgQXNz dXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkyMTIyMzA4MDAwMFoX DTk0MDEwMTA3NTk1OVowTTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRh IFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENlcnRpZmljYXRlMGkw DQYJKoZIhvcNAQEBBQADWAAwVQJOBqoIUA2vV4v9swHWBKiVSHGIZSzdRaSPbV0N Zus2d/T2FyvFIaI9BLO5Fkb/IQtOL6pDisJ3Vm81bb6B0Dpj/JzpJLgYvgEL4BaE XIDlAgMBAAEwDQYJKoZIhvcNAQECBQADYQCPF1HZAPzWWKSyspFjbUGkmQAWGLtz 3Zvl1nn3EztPPVtR6GirTpFRa07ov7isHWEdZxGKIwbmFPJuh8pn8tTrSyYfWfD6 /CHEa04fhZ4jVoAmKmjdgbRTqfraABsBAC8= This is the certificate of the authority that issued and signed the Originator-Certificate. This field is optional. It may be followed by the certificate of the authority that issued thiscertificate, and so on up to the root of the certificate hierarchy. RIPEM does not do this. In fact, there is currently no Internet PEM hierarchy. MIC-Info: RSA-MD5,RSA, 93KkysZ67I408OZOr6GaimrSez7XUW9ezIWhqtDeXSNNomyeBPrr9EAPDKb52Y97 KKhSksBlJKaF5J+1KclEihUns91EGUfA MIC-Info gives the message digest of the message, encrypted with the sender's private component. That is, this is the "signature". The first parameter is the message digest algorithm. RIPEM always uses RSA-MD5 during encryption, but will also recognize RSA-MD2 upon decryption. The second parameter specifies the public key cipher used to encrypt the digest. This is always RSA. Recipient-ID-Asymmetric: ME0xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5j LjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZQ==,12 This field identifies a recipient, and may occur multiple times. The first parameter is an encoding of the name of the issuer of the recipient's certificate, and the second parameter is the serial number of the recipient's certificate. Thus, the recipient is not identified directly. If you decode this particular example, you will see that it says that this recipient is the owner of the 12th certificate issued by RSA Data Security, Inc. Key-Info: RSA, UCoYCx7e3nap6HvKN3w5dVs6Nv4Vzw7kwvxE6SRq4c/fr0SL4hJGCZLKTerhb5Ly KvUrRTm/9MAmWJNhmT+Hqi925V66QVrDmzazDSMfESM81ovc5APWr2Eb7xNrOEM1 Key-Info describes the message key as encrypted under the public key of the most recently-named recipient. Recipient-ID-Asymmetric: ME0xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5j LjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZQ==,16 Key-Info: RSA, LookV1eGyPwZJ4sz2Eyf1ak3re3Sti2JeSIIaost1SeW93L3eqcXCAqGz7GBBJfN hSziXJDIbNEGGXdm9Zuoc0E= In this example, there are two recipients; hence, there are two occurrences of the recipient identifier & message key fields. Note that in many cases, the first parameter of Recipient-ID-Asymmetric will be identical from one recipient to the next, since often several recipients will have obtained their certificates from the same issuer. A single blank line separates the headers from the encrypted message. The encrypted message is printably encoded and written out in lines of 64 ASCII characters each (except the last line). vJZOOU8izhi44YZgbGy2U2/oPe+RluWAo6SmPBgVjtgQ+xeZA84uL0Pnljj4moL/ IrzUDgpnzsBqnWcAW2YD7xa7FbJuTC8/cOtgSDLBtmPfc1NhL0JY5eY8Ts7fGSt0 gG0hlfA4deo= -----END PRIVACY-ENHANCED MESSAGE----- All RIPEM messages end with this line. Certificates A certificate is a "document" that states a user, his/her public key component, and validity information. Certificates are printably-encoded. Specifically, a certificate contains the following items. Items of special interest, and most likely to vary from one certificate to another, are marked with a *. * A version number that applies to the format of the certificate; currently, this is always zero. * * A serial number. This serial number is unique amoungst all the certificates issued by a given certifying authority. * The identifier of the algorithm used to sign the certificate. This currently is always the same, and specifies the RSA algorithm. * * The multi-part name of the issuer of the certificate. There can be many different issuers, but in practise the number of different issuers is likely to be small for the near future. * The date range during which the certificate is valid. Typically certificates are valid for two years. * * The multi-part name of the person or entity to whom the certificate was issued. This typically contains not only the proper name of the issuee (e.g., "John Smith"), but the domain with which the issuee is associated (e.g., the issuee's company name ("Acme Widgets") and country ("US")). * * The public key of the issuee of the certificate. This, obviously, is the whole point of the certificate. * * The signature of all of the above information in the certificate, done by the issuer with its private key. If you know the issuer's public key, you can verify this signature. RIPEM-Mode Messages -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,ENCRYPTED DEK-Info: DES-CBC,194E5E0350762C82 Originator-Name: mrr@scss3.cl.msu.edu Originator-Key-Asymmetric: MFkwCgYEVQgBAQICAgYDSwAwSAJBMpWXPx/qTRUUKhwuGmyUFeIE80bhqF5jhYHX j5A7IZgAeHQGuqmPMqbC6gxZl32xCJ488Mc/MHgRxkZ02cBXKzMCAwEAAQ== Key-Info: RSA, IVFGLgKdlQ9pF+qtZpqtJtdxCOJU3ie1SaiVohlmj5zOjs5dl7HZ0UOywTsrR8FN /2jrVT3zg1pphJyE+8M9OJY= MIC-Info: RSA-MD5,RSA, hkoroUoBWqFb5HZDcL3M/DhitmLVX+NyhVobd2Eyde5yZEoLbx3f+TLEahJPkrwM i9PKBur+9O7H+EmLmrqzRCbPFxL2zHKt Recipient-Name: test Key-Info: RSA, Atleg3hO2yJfjdEZfGW9FVZcP9CcrEPus5WIzTfqcQzQSgTyldyV5XPMs/87J6xE MSaytHpMaThNxZuOnc+EaBs= Recipient-Name: raylau@mit.edu Key-Info: RSA, RmaSSj2jz1ZU0j9RWFpSTOp01d1iqB2CsPIBH1vaObjC+r2a4U7sOnyfouZMe2+Q LVIgy6Vzz862e/K0LwKXbyZaaqrE/swAR6QQZqiTLU53/rPLIJGCRTuCPKYCyTAw UeluB7ffHqprsJ1cIrD1uJlBmqk90kyML/LEHnyGJys= -----END PRIVACY-ENHANCED MESSAGE----- RIPEM Public Key Database (aka Directory) User: Raymond Lau.Persona Certificate.RSA Data Security Inc. SubjectInfo: CN=Raymond Lau, OU=Persona Certificate, O=RSA Data Security, Inc., C=US IssuerInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US SerialNumberInfo: 0x12 CertificateInfo: MIIBxTCCAWECARIwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl cnRpZmljYXRlMB4XDTkzMDQxMjIyNTI1N1oXDTk1MDQxMjA1MDAwMFowYzELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRQwEgYDVQQDEwtSYXltb25kIExhdTB5 MAoGBFUIAQECAgMAA2sAMGgCYQC4Lq5eHwr4u4bY7VggmpOwmyqhq9nMVR7VuaUy 4MOTPLPHi/dZM5E2gdODG1uV2YoGDNNTuVFRO4osQwxTOWMt9oEththrXOYI6oZ8 lzyYfmgLVL15S7HCV/GYJdlPuO0CAwEAATANBgkqhkiG9w0BAQIFAANPAAUVNpom zLBp6r72gqG6bBU1eFbv9bNKk4WSQCXYRbulGmhyLCXItASYloprlBxKHm8EP178 P8z1rlbRNAoWw2G5q2550I6UUiJ5OOkVwB== User: Persona Certificate.RSA Data Security Inc. SubjectInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US IssuerInfo: OU=Low Assurance Certification Authority, O=RSA Data Security, Inc., C=US SerialNumberInfo: 0x5E000003 CertificateInfo: MIIBxjCCAVACBF4AAAMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAe BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVMb3cgQXNz dXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkyMTIyMzA4MDAwMFoX DTk0MDEwMTA3NTk1OVowTTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRh IFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENlcnRpZmljYXRlMGkw DQYJKoZIhvcNAQEBBQADWAAwVQJOBqoIUA2vV4v9swHWBKiVSHGIZSzdRaSPbV0N Zus2d/T2FyvFIaI9BLO5Fkb/IQtOL6pDisJ3Vm81bb6B0Dpj/JzpJLgYvgEL4BaE XIDlAgMBAAEwDQYJKoZIhvcNAQECBQADYQCPF1HZAPzWWKSyspFjbUGkmQAWGLtz 3Zvl1nn3EztPPVtR6GirTpFRa07ov7isHWEdZxGKIwbmFPJuh8pn8tTrSyYfWfD6 /CHEa04fhZ4jVoAmKmjdgbRTqfraABsBAC9= Status: Valid by Declaration User: Mark Riordan.Persona Certificate.RSA Data Security Inc. SubjectInfo: CN=Mark Riordan, OU=Persona Certificate, O=RSA Data Security, Inc., C=US IssuerInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US SerialNumberInfo: 0x16 CertificateInfo: MIIBpjCCAUICARYwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl cnRpZmljYXRlMB4XDTkzMDQxOTIwMDI1MFoXDTk1MDQxOTAwMDAwMFowZDELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRUwEwYDVQQDEwxNYXJrIFJpb3JkYW4w WTAKBgRVCAEBAgICBgNLADBIAkEylZc/H+pNFRQqHC4abJQV4gTzRuGoXmOFgdeP kDshmAB4dAa6qY8ypsLqDFmXfbEInjzwxz8weBHGRnTZwFcrMwIDAQABMA0GCSqG SIb3DQEBAgUAA08ABMavdfXztriNQZwk8Ma/YbMOd81sg/bASPXKi2FhmDn2WhdZ 967PW+ZPYkCDn0JdUikP/41xvKuHhOPDNROvN+Sltgf0aFenF2m8/voX Status: Valid by Declaration User: test22 PublicKeyInfo: MFkwCgYEVQgBAQICAgQDSwAwSAJBCcVXx4EuHCsiJgidWtNPyWyTuA5CiTqcKWT8 IujdiMqcSh/iRVO8+nugWDTNwG3LaERzfNe5wLznNpyNSKBwoQcCAwEAAQ== MD5OfPublicKey: E50F516A4626002DF9B877A8D265BBF8