CMS
Cryptographic Message Syntax. RFC 5652 defines the universal binary format of signed and encrypted messages.
Definition
CMS (Cryptographic Message Syntax) is the IETF standard that describes the ASN.1/DER binary format of a cryptographic message — signed, encrypted, digested or authenticated. It directly derives from PKCS#7 published by RSA in 1993. CMS is the technical foundation of S/MIME (itself used by AS1, AS2, AS3) and of qualified XAdES / CAdES signatures.
Origin
CMS was standardised by IETF through a sequence of RFCs: 2630 (1999), 3369 (2002), 3852 (2004), and 5652 (2009, current version). It generalises and clarifies RSA Labs' PKCS#7, adding variants EnvelopedData, SignedData, DigestedData, AuthEnvelopedData, AuthenticatedData. CAdES (RFC 5126 then ETSI EN 319 122) profiles CMS for qualified eIDAS signatures.
Example in context
When an AS2 partner encrypts an EDIFACT order, the resulting payload is actually a DER-encoded CMS EnvelopedData structure: it contains an EncryptedContentInfo, RecipientInfos (one per recipient with the symmetric key encrypted by their RSA public key), and algorithm elements. On reception, the partner decrypts the symmetric key then the content, verifies the expected SignedData envelope, and computes the MIC of the original content.
Related terms
- S/MIME — the MIME use of CMS in email and AS2.
- XAdES — the XML expression of related ideas.
- Non-repudiation — legal property CMS helps to provide.