Cryptographic Message Syntax (CMS)

Cryptographic Message Syntax (CMS) uses cryptographic elements to provide encryption and digital signatures. CMS uses a basic type and value format as shown in Figure 1.

CMS defines six basic types that describe the form of cryptographic enhancement that has been applied to the digital data, Figure 2 shows thier basic syntax. The six types are:

• Data – used to refer to arbitrary octet strings (ex. ASCII text) and is generally encapsulated in one of the other types
• Signed-Data – used to cryptographically sign the content, can have more then one signer
• Enveloped-Data – contains the encrypted content along with the one decryption key per recipient creating a “Digital Envelope”
• Digested-Data – this type contains the content and a message digest of the content to provide content integrity
• Encrypted-Data – this is just the encrypted data.
  A method for key management MUST be used! CMS does not define any particular key management method
• Authenticated-Data – this consists of the content, message authentication code (MAC), and encrypted authentication keys for one or more recipients.

The content types can be arbitrarily nested to provide multiple levels of secure protection. Protocols that use CMS:

• Secure Hypertext Transport Protocol (S-HTTP)
• Secure/Multipurpose Internet Mail Extensions (S/MIME)

RFC 3852 – Cryptographic Message
Syntax (CMS) Version 3