rfc9579xml2.original.xml   rfc9579.xml 
<?xml version="1.0" encoding="US-ASCII"?> <?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY RFC2104 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.2104.xml">
<!ENTITY RFC2119 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.2119.xml">
<!ENTITY RFC6194 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.6194.xml">
<!ENTITY RFC7292 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.7292.xml">
<!ENTITY RFC7914 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.7914.xml">
<!ENTITY RFC8018 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.8018.xml">
<!ENTITY RFC8174 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/referen
ce.RFC.8174.xml">
<!DOCTYPE rfc [
<!ENTITY nbsp "&#160;">
<!ENTITY zwsp "&#8203;">
<!ENTITY nbhy "&#8209;">
<!ENTITY wj "&#8288;">
]> ]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc strict="yes" ?> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-i
<?rfc toc="yes"?> etf-lamps-pkcs12-pbmac1-08" number="9579" ipr="trust200902" updates="7292, 8018"
<?rfc tocdepth="4"?> obsoletes="" submissionType="IETF" xml:lang="en" consensus="true" tocInclude="t
<?rfc symrefs="yes"?> rue" tocDepth="4" symRefs="true" sortRefs="true" version="3">
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="info" docName="draft-ietf-lamps-pkcs12-pbmac1-08" ipr="trust20090
2"
updates="7292, 8018">
<!-- ***** FRONT MATTER ***** -->
<front> <front>
<title abbrev="PBMAC1 in PKCS#12">Use of Password Based Message <title abbrev="PBMAC1 in PKCS #12">Use of Password-Based Message
Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title> Authentication Code 1 (PBMAC1) in PKCS #12 Syntax</title>
<seriesInfo name="RFC" value="9579"/>
<author fullname="Hubert Kario" initials="H." role="editor" <author fullname="Hubert Kario" initials="H." surname="Kario">
surname="Kario">
<organization>Red Hat, Inc.</organization> <organization>Red Hat, Inc.</organization>
<address> <address>
<postal> <postal>
<street>Purkynova 115</street> <street>Purkynova 115</street>
<city>Brno</city> <city>Brno</city>
<region></region>
<code>61200</code> <code>61200</code>
<country>Czech Republic</country> <country>Czech Republic</country>
</postal> </postal>
<phone></phone>
<email>hkario@redhat.com</email> <email>hkario@redhat.com</email>
</address> </address>
</author> </author>
<date month="May" year="2024"/>
<date day="22" month="February" year="2024" /> <area>SEC</area>
<workgroup>lamps</workgroup>
<area>General</area>
<workgroup>Internet Engineering Task Force</workgroup>
<keyword>pbmac1, pkcs12, pbkdf2</keyword> <keyword>pbmac1</keyword>
<keyword>pkcs12</keyword>
<keyword>pbkdf2</keyword>
<abstract> <abstract>
<t>This document specifies additions and amendments to <t>This document specifies additions and amendments to
RFCs 7292 and 8018. It defines a way to use RFCs 7292 and 8018. It defines a way to use
the Password Based Message Authentication Code 1, defined the Password-Based Message Authentication Code 1 (PBMAC1), defined
in RFC 8018, inside the PKCS #12 in RFC 8018, inside the PKCS #12
syntax. The purpose of this specification is to permit use of more syntax. The purpose of this specification is to permit the use of mo re
modern Password-Based Key Derivation Functions (PBKDFs) modern Password-Based Key Derivation Functions (PBKDFs)
and allow for regulatory compliance. and allow for regulatory compliance.
</t> </t>
</abstract> </abstract>
</front> </front>
<middle> <middle>
<section title="Introduction"> <section numbered="true" toc="default">
<t>The <xref target="RFC7292">PKCS #12</xref> format is widely used <name>Introduction</name>
for interoperable transfer of certificate, key, and other
<t>The PKCS #12 format <xref target="RFC7292" format="default"/> is widely used
for the interoperable transfer of certificate, key, and other
miscellaneous secrets between machines, applications, browsers, etc. miscellaneous secrets between machines, applications, browsers, etc.
Unfortunately, the original specification mandates the use Unfortunately, <xref target="RFC7292" format="default"/> mandates the us
of a specific password based key derivation function, the PBKDF1, e
allowing only for change of the underlying message digest function.</t> of a PKCS #12 specific password-based key derivation function
that only allows for change of the underlying message digest function.</
t>
</section> </section>
<section numbered="true" toc="default">
<name>Rationale</name>
<section title="Rationale"> <t>Due to security concerns with the key derivation function from
<t>Due to security concerns with PBKDF1 and much higher extensibility <xref target="RFC7292"/> and the much higher
of PBMAC1 <xref target="RFC8018"/>, we propose the use of PBMAC1 extensibility of PBMAC1 <xref target="RFC8018" format="default"/>, we
for integrity protection propose the use of PBMAC1 for integrity protection of PKCS #12
of PKCS #12 structures. The new syntax is designed to allow legacy structures. The new syntax is designed to allow legacy applications to
applications to still be able to decrypt the key material, even if they still be able to decrypt the key material, even if they are unable to
are unable to interpret the new integrity protection, provided that interpret the new integrity protection, provided that they can ignore
they can ignore failures in MAC verification. failures in Message Authentication Code (MAC) verification. This change
This change allows for use of PBKDF2 <xref target="RFC8018"/> allows for the use of PBKDF2 <xref target="RFC8018" format="default"/>
or scrypt <xref target="RFC7914"/> or scrypt PBKDFs <xref target="RFC7914" format="default"/> for
KDFs for derivation of MAC keys and future extensibility. derivation of MAC keys and future extensibility. Use of the extensible
Use of the extensible PBMAC1 mechanism also allows for greater PBMAC1 mechanism also allows for greater flexibility and alignment with
flexibility and alignment to different government regulations, different government regulations, for example, in environments where
for example, in environments where PBKDF2 is the only allowed PBKDF2 is the only allowed password-based key derivation function.
password-based key derivation function. </t>
</t>
<t>As recommended methods for key protection require both encryption <t>As the recommended methods for key protection require both encryption
and integrity protection, we've decided to amend the PKCS #12 format and integrity protection, we decided to amend the PKCS #12 format
to support different key derivation functions rather than extending the to support different key derivation functions rather than extending the
PKCS #5 by a new field allowing integrity protection. PKCS #5 format by a new field that allows integrity protection.
</t>
<t>We included an ASN.1 module <xref target="x680"
format="default"/> <xref target="x681" format="default"/> <xref
target="x682" format="default"/> <xref target="x683" format="default"/>
<xref target="x690" format="default"/> that can be combined with the
ASN.1 modules in <xref target="RFC7292" format="default"/> and <xref
target="RFC8018" format="default"/> to incorporate additional MAC
algorithms.</t>
</section>
<section numbered="true" toc="default">
<name>Requirements Language</name>
<t>
The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>",
"<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>
",
"<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>",
"<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to
be
interpreted as described in BCP&nbsp;14 <xref target="RFC2119"/> <xref
target="RFC8174"/> when, and only when, they appear in all capitals, as
shown here.
</t> </t>
<t>We have included an ASN.1 module <xref target="x680"/>
<xref target="x681"/><xref target="x682"/><xref target="x683"/>
<xref target="x690"/> that
can be combined with the ASN.1 module in <xref target="RFC8018"/> to
incorporate additional MAC algorithms.</t>
</section> </section>
<section title="Requirements Language"> <section numbered="true" toc="default">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", <name>Embedding PBMAC1 in PKCS #12</name>
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described in
<xref target="RFC2119">BCP 14</xref><xref target="RFC8174"/> when, and
only when, they appear in all capitabls, as shown here.</t>
</section>
<!-- This PI places the pagebreak correctly (before the section title) in th <t>The MacData structure in the PFX
e text output. --> object, as described in item #3 in <xref target="RFC7292"
sectionFormat="of" section="4"/>, is updated to include the following PBMA
C1-specific
guidance:
</t>
<blockquote>
<ol spacing="normal" type="a">
<li>
The id-PBMAC1 object identifier is permitted as a valid type for the
DigestAlgorithmIdentifier inside the DigestInfo object. If the
algorithm field of the DigestAlgorithmIdentifier is id-PBMAC1, then
the parameters field <bcp14>MUST</bcp14> be present and have a
value consistent with PBMAC1-params parameters.
</li>
<li>
If the PBMAC1 algorithm is used, the digest value of the DigestInfo
object <bcp14>MUST</bcp14> be the result of the PBMAC1 calculation
over the authSafe field using the PBMAC1-params parameters.
</li>
<li>
If the PBMAC1 algorithm is used, the macSalt value
<bcp14>MUST</bcp14> be ignored. For backwards compatibility, it
<bcp14>SHOULD NOT</bcp14> be empty.
</li>
<li>
If the PBMAC1 algorithm is used, the iterations value
<bcp14>MUST</bcp14> be ignored. For backwards compatibility, it
<bcp14>SHOULD</bcp14> have a non-zero positive value.
</li>
</ol>
</blockquote>
</section>
<section numbered="true" toc="default">
<name>Recommended Parameters</name>
<?rfc needLines="8" ?> <t>To provide interoperability between different implementations, all
implementations of this specification <bcp14>MUST</bcp14> support the PBKD
F2 key derivation function
paired with SHA-256 HMAC <xref target="SHA2" format="default"/> <xref
target="RFC2104" format="default"/> for both integrity check and the
PBKDF2 pseudorandom function (PRF). It's <bcp14>RECOMMENDED</bcp14> for
implementations to support other SHA-2-based HMACs. Implementations
<bcp14>MAY</bcp14> use other hash functions, like the SHA-3 family of
hash functions <xref target="SHA3" format="default"/>. Implementations
<bcp14>MAY</bcp14> use other KDF methods, like the scrypt PBKDF <xref
target="RFC7914" format="default"/>.
</t>
<section title="Embedding PBMAC1 in PKCS #12"> <t>The length of the key generated by the used KDF <bcp14>MUST</bcp14> be
<t>The MacData structure in the PFX object, as described in encoded
<xref target="RFC7292">bullet #3 in section 4 of RFC 7292</xref>, explicitly in the parameters field and <bcp14>SHOULD</bcp14> be the same
is updated to include this additional PBMAC1-specific guidance: size as the
<list style="numbers"> HMAC function output size. This means that PBMAC1-params specifying
<t>the id-PBMAC1 object identifier is permitted as a valid type SHA-256 HMAC should also include KDF parameters that generate a 32-octet
for the DigestAlgorithmIdentifier inside the DigestInfo object. key. In particular, when using the PBKDF2, implementations
If the algorithm field of the DigestAlgorithmIdentifier is <bcp14>MUST</bcp14> include the keyLength field in the encoded PBKDF2-pa
id-PBMAC1, then the parameters field MUST be present and have rams.
the value consistent with PBMAC1-params</t> Implementations <bcp14>MUST NOT</bcp14> accept PBKDF2 KDF with PBKDF2-pa
<t>if the PBMAC1 algorithm is used, the digest value of the rams that
DigestInfo object MUST be the result of the PBMAC1 calculation omit the keyLength field.
over the authSafe field using the PBMAC1-params parameters</t> </t>
<t>if the PBMAC1 algorithm is used, the macSalt value MUST be
ignored, for backwards compatibility it SHOULD NOT be empty</t>
<t>if the PBMAC1 algorithm is used, the iterations value MUST be
ignored, for backwards compatibility it SHOULD have a non-zero
positive value</t>
</list>
</t>
</section> </section>
<section numbered="true" toc="default">
<section title="Recommended parameters"> <name>Password Encoding</name>
<t>To provide interoperability between different implementations, <t>As documented in <xref target="RFC7292" sectionFormat="of"
all implementations of this specification MUST support the PBKDF2 section="B.1"/>, the handling of password encoding in the underlying
key derivation function paired with SHA-256 HMAC standards is underspecified. However, just as with
<xref target="SHA2"/> PBES1 and PBES2 when used in the context of
<xref target="RFC2104"/> PKCS #12 objects, all passwords used with PBMAC1 <bcp14>MUST</bcp14> be
for both integrity created from BMPStrings with a NULL terminator.
check and as the PBKDF2 pseudorandom function (PRF). It's RECOMMENDED </t>
for implementations to support other SHA-2 based HMACs.
Implementations MAY use other hash functions, like the SHA-3 family
of hash functions <xref target="SHA3">SHA-3</xref>.
Implementations MAY use other KDF methods, like the scrypt PBKDF
<xref target="RFC7914"/>.
</t>
<t>The length of the key generated by the used KDF MUST be encoded
explicitly in the parameters field and SHOULD be the same size as the
HMAC function output size. That means that PBMAC1-params specifying
SHA-256 HMAC should also include KDF parameters that generate 32 octet
long key. In particular, when using the PBKDF2, the implementations
MUST include the keyLen field in the encoded PBKDF2-params.
Implementations MUST NOT accept PBKDF2 KDF with PBKDF2-params that
omit the keyLen field.
</t>
</section> </section>
<section numbered="true" toc="default">
<name>Deprecated Algorithms</name>
<section title="Password encoding"> <t>While attacks against SHA-1 HMACs are not considered practical
<t>As documented in <xref target="RFC7292">Appendix B.1 of RFC <xref target="RFC6194" format="default"/> to limit the number of alg
7292</xref> handling of password encoding in the underlying standards orithms needed
is underspecified. However, just as with PBES1 and PBES2 when used in for interoperability, implementations of this specification
the context of PKCS#12 objects, all passwords used with PBMAC1 MUST <bcp14>SHOULD NOT</bcp14> use PBKDF2 with the SHA-1 HMAC. In additio
be created from BMPStrings with a NULL terminator. n,
</t> implementations <bcp14>MUST NOT</bcp14> use any other message digest
functions
with an output of 160 bits or less.</t>
</section> </section>
<section title="Deprecated Algorithms"> <section anchor="IANA" numbered="true" toc="default">
<t>While attacks against SHA-1 HMACs are not considered practical <name>IANA Considerations</name>
<xref target="RFC6194"/> to limit the number of algorithms needed <t>IANA has registered the following object identifier in the
for interoperatbility, implementations of this specification "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" r
SHOULD NOT use PBKDF2 with the SHA-1 HMAC. Additionally egistry. See <xref target="asn1-module"/> for the ASN.1 module. </t>
the implementation MUST NOT use any other message digest functions
with output of 160 bits or smaller.</t>
</section>
<!-- Possibly a 'Contributors' section ... --> <table anchor="iana-table">
<name></name>
<thead>
<tr>
<th>Decimal</th>
<th>Description</th>
<th>Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td>76</td>
<td>id-pkcs12-pbmac1-2023</td>
<td>RFC 9579</td>
</tr>
</tbody>
</table>
<section anchor="IANA" title="IANA Considerations">
<t>IANA is requested to assign an object identifier from the
SMI Security for S/MIME Module Identifier registry for the
ASN.1 module found in Appendix B.</t>
</section> </section>
<section anchor="Security" numbered="true" toc="default">
<section anchor="Security" title="Security Considerations"> <name>Security Considerations</name>
<t>Except for use of different key derivation functions, this document <t>Except for the use of different key derivation functions, this document
doesn't change how the integrity protection on PKCS #12 objects is doesn't change how the integrity protection on PKCS #12 objects is
computed; therefore all the original security considerations from computed; therefore, all the security considerations from
<xref target="RFC7292">RFC 7292</xref> apply. <xref target="RFC7292" format="default"/> apply.
</t> </t>
<t>Use of PBMAC1 and PBKDF2 is unchanged from <xref target="RFC8018"> <t>Use of PBMAC1 and PBKDF2 is unchanged from <xref target="RFC8018"
RFC 8018</xref>; therefore all the original security considerations format="default"/>; therefore, all the security considerations from
apply. <xref target="RFC8018" format="default"/> apply.
</t> </t>
<t>The KDFs generally don't have a lower limit for the generated <t>The KDFs generally don't have a lower limit for the generated
key size, allowing specifying very small key sizes (of 1 octet), which key size, allowing the specification of very small key sizes (of 1 octet), which
can facilitate brute-force attacks on the HMAC. can facilitate brute-force attacks on the HMAC.
Since the KDF parameters are not cryptographically protected and Since the KDF parameters are not cryptographically protected and
HMACs accept arbitrary key sizes, HMACs accept arbitrary key sizes,
implementations MAY refuse to process KDF parameters that specify small implementations <bcp14>MAY</bcp14> refuse to process KDF parameters that s
key output sizes or weak parameters. It's RECOMMENDED to reject any KDF pecify small
parameters that specify key lengths below 20 octets. key output sizes or weak parameters. It's <bcp14>RECOMMENDED</bcp14> to re
ject any KDF
parameters that specify key lengths less than 20 octets.
</t> </t>
</section> </section>
</middle> </middle>
<!-- *****BACK MATTER ***** -->
<back> <back>
<!-- References split into informative and normative -->
<references title="Normative References">
&RFC2104;
&RFC2119;
&RFC6194;
&RFC7292;
&RFC8018;
&RFC8174; <references>
<name>References</name>
<references>
<name>Normative References</name>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
104.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2
119.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6
194.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
292.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
018.xml"/>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8
174.xml"/>
<reference anchor="x680" <reference anchor="x680" target="https://www.itu.int/rec/T-REC-X.680">
target="https://www.itu.int/rec/T-REC-X.680"> <front>
<front> <title>Information technology - Abstract Syntax
<title>Information Technology - Abstract Syntax
Notation One (ASN.1): Specification of Notation One (ASN.1): Specification of
basic notation</title> basic notation</title>
<author> <author>
<organization>ITU-T <organization>ITU-T
</organization> </organization>
</author> </author>
<date month="February" year="2021"/> <date month="February" year="2021"/>
</front> </front>
<seriesInfo name="ITU-T Recommendation" value="X.680"/> <seriesInfo name="ITU-T Recommendation" value="X.680"/>
<seriesInfo name="ISO/IEC" value="8824-1:2021"/> <seriesInfo name="ISO/IEC" value="8824-1:2021" />
</reference> </reference>
<reference anchor="x681" <reference anchor="x681" target="https://www.itu.int/rec/T-REC-X.681">
target="https://www.itu.int/rec/T-REC-X.681"> <front>
<front> <title>Information technology - Abstract Syntax
<title>Information Technology - Abstract Syntax
Notation One (ASN.1): Information object Notation One (ASN.1): Information object
specification</title> specification</title>
<author> <author>
<organization>ITU-T <organization>ITU-T
</organization> </organization>
</author> </author>
<date month="February" year="2021"/> <date month="February" year="2021"/>
</front> </front>
<seriesInfo name="ITU-T Recommendation" value="X.681"/> <seriesInfo name="ITU-T Recommendation" value="X.681"/>
<seriesInfo name="ISO/IEC" value="8824-2:2021"/> <seriesInfo name="ISO/IEC" value="8824-2:2021" />
</reference> </reference>
<reference anchor="x682" <reference anchor="x682" target="https://www.itu.int/rec/T-REC-X.682">
target="https://www.itu.int/rec/T-REC-X.682"> <front>
<front> <title>Information technology - Abstract Syntax
<title>Information Technology - Abstract Syntax
Notation One (ASN.1): Constraint specification</title> Notation One (ASN.1): Constraint specification</title>
<author> <author>
<organization>ITU-T <organization>ITU-T
</organization> </organization>
</author> </author>
<date month="February" year="2021"/> <date month="February" year="2021"/>
</front> </front>
<seriesInfo name="ITU-T Recommendation" value="X.682"/> <seriesInfo name="ITU-T Recommendation" value="X.682"/>
<seriesInfo name="ISO/IEC" value="8824-3:2021"/> <seriesInfo name="ISO/IEC" value="8824-3:2021" />
</reference> </reference>
<reference anchor="x683" <reference anchor="x683" target="https://www.itu.int/rec/T-REC-X.683">
target="https://www.itu.int/rec/T-REC-X.683"> <front> <title>Information technology - Abstract Syntax Notation One
<front> (ASN.1): Parameterization of ASN.1 specifications</title>
<title>Information Technology - Abstract Syntax <author>
Notation One (ASN.1): Parameterization of ASN.1
specifications</title>
<author>
<organization>ITU-T <organization>ITU-T
</organization> </organization>
</author> </author>
<date month="February" year="2021"/> <date month="February" year="2021"/>
</front> </front>
<seriesInfo name="ITU-T Recommendation" value="X.683"/> <seriesInfo name="ITU-T Recommendation" value="X.683"/>
<seriesInfo name="ISO/IEC" value="8824-4:2021"/> <seriesInfo name="ISO/IEC" value="8824-4:2021" />
</reference> </reference>
<reference anchor="x690" <reference anchor="x690" target="https://www.itu.int/rec/T-REC-X.690">
target="https://www.itu.int/rec/T-REC-X.690"> <front>
<front> <title>Information technology - ASN.1 encoding rules: Specification
<title>Information Technology - ASN.1 encoding rules: of Basic Encoding Rules (BER),
Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)</
Canonical Encoding Rules (CER) and title>
Distinguished Encoding Rules (DER)</title> <author>
<author>
<organization>ITU-T <organization>ITU-T
</organization> </organization>
</author> </author>
<date month="February" year="2021"/> <date month="February" year="2021"/>
</front> </front>
<seriesInfo name="ITU-T Recommendation" value="X.690"/> <seriesInfo name="ITU-T Recommendation" value="X.690"/>
<seriesInfo name="ISO/IEC" value="8825-1:2021"/> <seriesInfo name="ISO/IEC" value="8825-1:2021" />
</reference> </reference>
<reference anchor="SHA2" <reference anchor="SHA2" target="https://nvlpubs.nist.gov/nistpubs/FIPS/
target="https://doi.org/10.6028/NIST.FIPS.180-4 "> NIST.FIPS.180-4.pdf">
<front> <front>
<title>Secure Hash Standard (SHS)</title> <title>Secure Hash Standard (SHS)</title>
<author> <author>
<organization>National Institute of Standards and Technology <organization>National Institute of Standards and Technology (NIST
)
</organization> </organization>
</author> </author>
<date month="August" year="2015"/> <date month="August" year="2015"/>
</front> </front>
</reference> <seriesInfo name="FIPS PUB" value="180-4"/>
<seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>
</references> </reference>
</references>
<references title="Informative References">
&RFC7914; <references>
<name>Informative References</name>
<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7
914.xml"/>
<reference anchor="SHA3" <reference anchor="SHA3" target="https://nvlpubs.nist.gov/nistpubs/FIPS/
target="https://doi.org/10.6028/NIST.FIPS.202"> NIST.FIPS.202.pdf">
<front> <front>
<title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output <title>SHA-3 Standard: Permutation-Based Hash and Extendable-Output
Functions</title> Functions</title>
<author> <author>
<organization>National Institute of Standards and Technology <organization>National Institute of Standards and Technology (NIST
)
</organization> </organization>
</author> </author>
<date month="August" year="2015"/> <date month="August" year="2015"/>
</front> </front>
</reference> <seriesInfo name="FIPS PUB" value="202"/>
<seriesInfo name="DOI" value="10.6028/NIST.FIPS.202"/>
</reference>
</references>
</references> </references>
<section anchor="test-vectors" title="Test Vectors"> <section anchor="test-vectors" numbered="true" toc="default">
<name>Test Vectors</name>
<t>All test vectors use "1234" as the password for both encryption <t>All test vectors use "1234" as the password for both encryption
and integrity protection.</t> and integrity protection.</t>
<section title="Valid PKCS#12 file with SHA-256 HMAC and PRF"> <section numbered="true" toc="default">
<t>The following base64 encoded PKCS#12 file MUST be readable by <name>Valid PKCS #12 File with SHA-256 HMAC and PRF</name>
<t>The following base64-encoded PKCS #12 file <bcp14>MUST</bcp14> be rea
dable by
implementations following this RFC. implementations following this RFC.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb
7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb 7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb
+TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF +TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF
Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9 Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9
5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy 5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy
IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP
H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ
skipping to change at line 418 skipping to change at line 419
qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm
p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU
QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0 QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0
7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE 7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE
IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM
FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF
DjA8MCwGCSqGSIb3DQEFDDAfBAhvRzw4sC4xcwICCAACASAwDAYIKoZIhvcNAgkF DjA8MCwGCSqGSIb3DQEFDDAfBAhvRzw4sC4xcwICCAACASAwDAYIKoZIhvcNAgkF
ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG
3QQITk9UIFVTRUQCAQE= 3QQITk9UIFVTRUQCAQE=
</artwork></t> ]]></sourcecode>
</section> </section>
<section title="Valid PKCS#12 file with SHA-256 HMAC and SHA-512 PRF"> <section numbered="true" toc="default">
<t>The following base64 encoded PKCS#12 file SHOULD be readable by <name>Valid PKCS #12 File with SHA-256 HMAC and SHA-512 PRF</name>
<t>The following base64-encoded PKCS #12 file <bcp14>SHOULD</bcp14> be r
eadable by
implementations following this RFC. implementations following this RFC.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAi4j6UBBY2iOgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAi4j6UBBY2iOgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEEFpHSS5zrk/9pkDo1JRbtE6AggPgtbMLGoFd5KLpVXMdcxLrT129L7/vCr0B ASoEEFpHSS5zrk/9pkDo1JRbtE6AggPgtbMLGoFd5KLpVXMdcxLrT129L7/vCr0B
0I2tnhPPA7aFtRjjuGbwooCMQwxw9qzuCX1eH4xK2LUw6Gbd2H47WimSOWJMaiUb 0I2tnhPPA7aFtRjjuGbwooCMQwxw9qzuCX1eH4xK2LUw6Gbd2H47WimSOWJMaiUb
wy4alIWELYufe74kXPmKPCyH92lN1hqu8s0EGhIl7nBhWbFzow1+qpIc9/lpujJo wy4alIWELYufe74kXPmKPCyH92lN1hqu8s0EGhIl7nBhWbFzow1+qpIc9/lpujJo
wodSY+pNBD8oBeoU1m6DgOjgc62apL7m0nwavDUqEt7HAqtTBxKxu/3lpb1q8nbl wodSY+pNBD8oBeoU1m6DgOjgc62apL7m0nwavDUqEt7HAqtTBxKxu/3lpb1q8nbl
XLTqROax5feXErf+GQAqs24hUJIPg3O1eCMDVzH0h5pgZyRN9ZSIP0HC1i+d1lnb XLTqROax5feXErf+GQAqs24hUJIPg3O1eCMDVzH0h5pgZyRN9ZSIP0HC1i+d1lnb
JwHyrAhZv8GMdAVKaXHETbq8zTpxT3UE/LmH1gyZGOG2B21D2dvNDKa712sHOS/t JwHyrAhZv8GMdAVKaXHETbq8zTpxT3UE/LmH1gyZGOG2B21D2dvNDKa712sHOS/t
3XkFngHDLx+a9pVftt6p7Nh6jqI581tb7fyc7HBV9VUc/+xGgPgHZouaZw+I3PUz 3XkFngHDLx+a9pVftt6p7Nh6jqI581tb7fyc7HBV9VUc/+xGgPgHZouaZw+I3PUz
skipping to change at line 481 skipping to change at line 484
clYKzNwmgwbdtmVAXmQxLuhmEpXfstIzkBrNJzChzb2onNSfa+r5L6XEHNHl7wCw clYKzNwmgwbdtmVAXmQxLuhmEpXfstIzkBrNJzChzb2onNSfa+r5L6XEHNHl7wCw
TuuV/JWldNuYXLfVfuv3msfSjSWkv6aRtRWIvmOv0Qba2o05LlwFMd1PzKM5uN4D TuuV/JWldNuYXLfVfuv3msfSjSWkv6aRtRWIvmOv0Qba2o05LlwFMd1PzKM5uN4D
DYtsS9A6yQOXEsvUkWcLOJnCs8SkJRdXhJTxdmzeBqM1JttKwLbgGMbpjbxlg3ns DYtsS9A6yQOXEsvUkWcLOJnCs8SkJRdXhJTxdmzeBqM1JttKwLbgGMbpjbxlg3ns
N+Z+sEFox+2ZWOglgnBHj0mCZOiAC8wqUu+sxsLT4WndaPWKVqoRQChvDaZaNOaN N+Z+sEFox+2ZWOglgnBHj0mCZOiAC8wqUu+sxsLT4WndaPWKVqoRQChvDaZaNOaN
qHciF9HPUcfZow+fH8TnSHneiQcDe6XcMhSaQ2MtpY8/jrgNKguZt22yH9gw/VpT qHciF9HPUcfZow+fH8TnSHneiQcDe6XcMhSaQ2MtpY8/jrgNKguZt22yH9gw/VpT
3/QOB7FBgKFIEbvUaf3nVjFIlryIheg+LeiBd2isoMNNXaBwcg2YXukxJTAjBgkq 3/QOB7FBgKFIEbvUaf3nVjFIlryIheg+LeiBd2isoMNNXaBwcg2YXukxJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF
DjA8MCwGCSqGSIb3DQEFDDAfBAgUr2yP+/DBrgICCAACASAwDAYIKoZIhvcNAgsF DjA8MCwGCSqGSIb3DQEFDDAfBAgUr2yP+/DBrgICCAACASAwDAYIKoZIhvcNAgsF
ADAMBggqhkiG9w0CCQUABCA5zFL93jw8ItGlcbHKhqkNwbgpp6layuOuxSju4/Vd ADAMBggqhkiG9w0CCQUABCA5zFL93jw8ItGlcbHKhqkNwbgpp6layuOuxSju4/Vd
6QQITk9UIFVTRUQCAQE= 6QQITk9UIFVTRUQCAQE=
</artwork></t> ]]></sourcecode>
</section> </section>
<section title="Valid PKCS#12 file with SHA-512 HMAC and PRF"> <section numbered="true" toc="default">
<t>The following base64 encoded PKCS#12 file SHOULD be readable by <name>Valid PKCS #12 File with SHA-512 HMAC and PRF</name>
<t>The following base64-encoded PKCS #12 file <bcp14>SHOULD</bcp14> be r
eadable by
implementations following this RFC. implementations following this RFC.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKrAIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKrAIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAisrqL8obSBaQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAisrqL8obSBaQICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEECjXYYca0pwsgn1Imb9WqFGAggPgT7RcF5YzEJANZU9G3tSdpCHnyWatTlhm ASoEECjXYYca0pwsgn1Imb9WqFGAggPgT7RcF5YzEJANZU9G3tSdpCHnyWatTlhm
iCEcBGgwI5gz0+GoX+JCojgYY4g+KxeqznyCu+6GeD00T4Em7SWme9nzAfBFzng0 iCEcBGgwI5gz0+GoX+JCojgYY4g+KxeqznyCu+6GeD00T4Em7SWme9nzAfBFzng0
3lYCSnahSEKfgHerbzAtq9kgXkclPVk0Liy92/buf0Mqotjjs/5o78AqP86Pwbj8 3lYCSnahSEKfgHerbzAtq9kgXkclPVk0Liy92/buf0Mqotjjs/5o78AqP86Pwbj8
xYNuXOU1ivO0JiW2c2HefKYvUvMYlOh99LCoZPLHPkaaZ4scAwDjFeTICU8oowVk xYNuXOU1ivO0JiW2c2HefKYvUvMYlOh99LCoZPLHPkaaZ4scAwDjFeTICU8oowVk
LKvslrg1pHbfmXHMFJ4yqub37hRtj2CoJNy4+UA2hBYlBi9WnuAJIsjv0qS3kpLe LKvslrg1pHbfmXHMFJ4yqub37hRtj2CoJNy4+UA2hBYlBi9WnuAJIsjv0qS3kpLe
4+J2DGe31GNG8pD01XD0l69OlailK1ykh4ap2u0KeD2z357+trCFbpWMMXQcSUCO 4+J2DGe31GNG8pD01XD0l69OlailK1ykh4ap2u0KeD2z357+trCFbpWMMXQcSUCO
OcVjxYqgv/l1++9huOHoPSt224x4wZfJ7cO2zbAAx/K2CPhdvi4CBaDHADsRq/c8 OcVjxYqgv/l1++9huOHoPSt224x4wZfJ7cO2zbAAx/K2CPhdvi4CBaDHADsRq/c8
skipping to change at line 544 skipping to change at line 549
nRwtjpevqAnIuK6K3Y02LY4FXTNQpC37Xb04bmdIQAcE0MaoP4/hY87aS82PQ68g nRwtjpevqAnIuK6K3Y02LY4FXTNQpC37Xb04bmdIQAcE0MaoP4/hY87aS82PQ68g
3bI79uKo4we2g+WaEJlEzQ7147ZzV2wbDq89W69x1MWTfaDwlEtd4UaacYchAv7B 3bI79uKo4we2g+WaEJlEzQ7147ZzV2wbDq89W69x1MWTfaDwlEtd4UaacYchAv7B
TVaaVFiRAUywWaHGePpZG2WV1feH/zd+temxWR9qMFgBZySg1jipBPVciwl0LqlW TVaaVFiRAUywWaHGePpZG2WV1feH/zd+temxWR9qMFgBZySg1jipBPVciwl0LqlW
s/raIBYmLmAaMMgM3759UkNVznDoFHrY4z2EADXp0RHHVzJS1x+yYvp/9I+AcW55 s/raIBYmLmAaMMgM3759UkNVznDoFHrY4z2EADXp0RHHVzJS1x+yYvp/9I+AcW55
oN0UP/3uQ6eyz/ix22sovQwhMJ8rmgR6CfyRPKmXu1RPK3puNv7mbFTfTXpYN2vX oN0UP/3uQ6eyz/ix22sovQwhMJ8rmgR6CfyRPKmXu1RPK3puNv7mbFTfTXpYN2vX
vhEZReXY8hJF/9o4G3UrJ1F0MgUHMCG86cw1z0bhPSaXVoufOnx/fRoxJTAjBgkq vhEZReXY8hJF/9o4G3UrJ1F0MgUHMCG86cw1z0bhPSaXVoufOnx/fRoxJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwgZ0wgY0wSQYJKoZIhvcN hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwgZ0wgY0wSQYJKoZIhvcN
AQUOMDwwLAYJKoZIhvcNAQUMMB8ECFDaXOUaOcUPAgIIAAIBQDAMBggqhkiG9w0C AQUOMDwwLAYJKoZIhvcNAQUMMB8ECFDaXOUaOcUPAgIIAAIBQDAMBggqhkiG9w0C
CwUAMAwGCCqGSIb3DQILBQAEQHIAM8C9OAsHUCj9CmOJioqf7YwD4O/b3UiZ3Wqo CwUAMAwGCCqGSIb3DQILBQAEQHIAM8C9OAsHUCj9CmOJioqf7YwD4O/b3UiZ3Wqo
F6OmQIRDc68SdkZJ6024l4nWlnhTE7a4lb2Tru4k3NOTa1oECE5PVCBVU0VEAgEB F6OmQIRDc68SdkZJ6024l4nWlnhTE7a4lb2Tru4k3NOTa1oECE5PVCBVU0VEAgEB
</artwork> ]]></sourcecode>
</t>
</section> </section>
<section title="Invalid PKCS#12 file with incorrect iteration count"> <section numbered="true" toc="default">
<t>The following base64 encoded PKCS#12 file MUST NOT be readable <name>Invalid PKCS #12 File with Incorrect Iteration Count</name>
<t>The following base64-encoded PKCS #12 file <bcp14>MUST NOT</bcp14> be
readable
by an implementation following this RFC when it is verifying by an implementation following this RFC when it is verifying
itegrity protection. integrity protection.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKiwIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKiwIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb
7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb 7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb
+TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF +TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF
Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9 Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9
5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy 5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy
IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP
H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ
skipping to change at line 609 skipping to change at line 615
qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm
p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU
QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0 QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0
7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE 7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE
IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM
FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfTBtMEkGCSqGSIb3DQEF hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfTBtMEkGCSqGSIb3DQEF
DjA8MCwGCSqGSIb3DQEFDDAfBAhvRzw4sC4xcwICCAECASAwDAYIKoZIhvcNAgkF DjA8MCwGCSqGSIb3DQEFDDAfBAhvRzw4sC4xcwICCAECASAwDAYIKoZIhvcNAgkF
ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG
3QQITk9UIFVTRUQCAggA 3QQITk9UIFVTRUQCAggA
</artwork> ]]></sourcecode>
</t>
</section> </section>
<section title="Invalid PKCS#12 file with incorrect salt"> <section numbered="true" toc="default">
<t>The following base64 encoded PKCS#12 file MUST NOT be readable <name>Invalid PKCS #12 File with Incorrect Salt</name>
<t>The following base64-encoded PKCS #12 file <bcp14>MUST NOT</bcp14> be
readable
by an implementation following this RFC when it is verifying by an implementation following this RFC when it is verifying
itegrity protection. integrity protection.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKigIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb
7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb 7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb
+TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF +TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF
Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9 Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9
5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy 5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy
IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP
H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ
skipping to change at line 674 skipping to change at line 681
qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm
p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU
QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0 QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0
7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE 7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE
IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM
FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwfDBtMEkGCSqGSIb3DQEF
DjA8MCwGCSqGSIb3DQEFDDAfBAhOT1QgVVNFRAICCAACASAwDAYIKoZIhvcNAgkF DjA8MCwGCSqGSIb3DQEFDDAfBAhOT1QgVVNFRAICCAACASAwDAYIKoZIhvcNAgkF
ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG ADAMBggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG
3QQIb0c8OLAuMXMCAQE= 3QQIb0c8OLAuMXMCAQE=
</artwork> ]]></sourcecode>
</t> </section>
</section> <section numbered="true" toc="default">
<section title="Invalid PKCS#12 file with missing key length"> <name>Invalid PKCS #12 File with Missing Key Length</name>
<t>The following base64 encoded PKCS#12 file MUST NOT be readable <t>The following base64-encoded PKCS #12 file <bcp14>MUST NOT</bcp14> be
readable
by an implementation following this RFC when it is verifying by an implementation following this RFC when it is verifying
itegrity protection. integrity protection.
<artwork> </t>
<sourcecode type="test-vectors"><![CDATA[
MIIKiAIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH MIIKiAIBAzCCCgUGCSqGSIb3DQEHAaCCCfYEggnyMIIJ7jCCBGIGCSqGSIb3DQEH
BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG BqCCBFMwggRPAgEAMIIESAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqG
SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME SIb3DQEFDDAcBAg9pxXxY2yscwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQME
ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb ASoEEK7yYaFQDi1pYwWzm9F/fs+AggPgFIT2XapyaFgDppdvLkdvaF3HXw+zjzKb
7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb 7xFC76DtVPhVTWVHD+kIss+jsj+XyvMwY0aCuAhAG/Dig+vzWomnsqB5ssw5/kTb
+TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF +TMQ5PXLkNeoBmB6ArKeGc/QmCBQvQG/a6b+nXSWmxNpP+71772dmWmB8gcSJ0kF
Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9 Fj75NrIbmNiDMCb71Q8gOzBMFf6BpXf/3xWAJtxyic+tSNETfOJa8zTZb0+lV0w9
5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy 5eUmDrPUpuxEVbb0KJtIc63gRkcfrPtDd6Ii4Zzbzj2Evr4/S4hnrQBsiryVzJWy
IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP IEjaD0y6+DmG0JwMgRuGi1wBoGowi37GMrDCOyOZWC4n5wHLtYyhR6JaElxbrhxP
H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ H46z2USLKmZoF+YgEQgYcSBXMgP0t36+XQocFWYi2N5niy02TnctwF430FYsQlhJ
skipping to change at line 739 skipping to change at line 747
qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm qniZjKzSZepxlZq+J792u8vtMnuzzChxu0Bf3PhIXcJNcVhwUtr0yKe/N+NvC0tm
p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU p8wyik/BlndxN9eKbdTOi2wIi64h2QG8nOk66wQ/PSIJYwZl6eDNEQSzH/1mGCfU
QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0 QnUT17UC/p+Qgenf6Auap2GWlvsJrB7u/pytz65rtjt/ouo6Ih6EwWqwVVpGXZD0
7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE 7gVWH0Ke/Vr6aPGNvkLcmftPuDZsn9jiig3guhdeyRVf10Ox369kKWcG75q77hxE
IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM IzSzDyUlBNbnom9SIjut3r+qVYmWONatC6q/4D0I42Lnjd3dEyZx7jmH3g/S2ASM
FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq FzWr9pvXc61dsYOkdZ4PYa9XPUZxXFagZsoS3F1sU799+IJVU0tC0MExJTAjBgkq
hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwejBqMEYGCSqGSIb3DQEF hkiG9w0BCRUxFgQUwWO5DorvVWYF3BWUmAw0rUEajScwejBqMEYGCSqGSIb3DQEF
DjA5MCkGCSqGSIb3DQEFDDAcBAhvRzw4sC4xcwICCAAwDAYIKoZIhvcNAgkFADAM DjA5MCkGCSqGSIb3DQEFDDAcBAhvRzw4sC4xcwICCAAwDAYIKoZIhvcNAgkFADAM
BggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG3QQI BggqhkiG9w0CCQUABCB6pW2FOdcCNj87zS64NUXG36K5aXDnFHctIk5Bf4kG3QQI
b0c8OLAuMXMCAggA b0c8OLAuMXMCAggA
</artwork> ]]></sourcecode>
</t> </section>
</section>
</section> </section>
<section anchor="asn1-module" numbered="true" toc="default">
<name>ASN.1 Module</name>
<t>This appendix documents ASN.1 <xref target="x680"
format="default"/> <xref target="x681" format="default"/> <xref
target="x682" format="default"/> <xref target="x683"
format="default"/> <xref target="x690" format="default"/> types, values,
and object sets for this specification. It does so by providing an
ASN.1 module called PKCS12-PBMAC1-2023.</t>
<section anchor="asn1-module" title="ASN.1 Module"> <t>Combine this module with the PKCS-12 ASN.1 module found in <xref
<t>Note to RFC Editor: please change the TBD value below with the value target="RFC7292" sectionFormat="of" section="D"/> and the pkcs5v2-1 ASN.1
assigned by IANA</t> module in <xref
<t>This appendix documents ASN.1 <xref target="x680"/> target="RFC8018" sectionFormat="of" section="C"/> to add SHA-2-based
<xref target="x681"/><xref target="x682"/><xref target="x683"/> HMACs by replacing the PBKDF2-PRFs class referenced from
<xref target="x690"/> types, values, and object sets for <xref target="RFC7292"/>.</t>
this specification. It does so by providing an ASN.1 module
called PKCS12-PBMAC1-2023.</t> <sourcecode type="asn.1"><![CDATA[
<t>Combine this module with the PKCS-12 ASN.1 module found in Appendix
D of <xref target="RFC8018"/> to add SHA-2 based HMACs by
replacing the PBKDF2-PRFs class found therein.</t>
<artwork>
PKCS12-PBMAC1-2023 PKCS12-PBMAC1-2023
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) id-mod(0) pbkc12-pbamc1-2023(TBD) } smime(16) id-mod(0) id-pkcs12-pbmac1-2023(76) }
DEFINITIONS EXPLICIT TAGS ::= DEFINITIONS EXPLICIT TAGS ::=
BEGIN BEGIN
IMPORTS IMPORTS
AlgorithmIdentifier, ALGORITHM-IDENTIFIER, rsadsi AlgorithmIdentifier, ALGORITHM-IDENTIFIER, rsadsi
FROM PKCS5v2-1 -- From [RFC8018] FROM PKCS5v2-1 -- From [RFC8018]
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5)
modules(16) pkcs5v2-1(2) } modules(16) pkcs5v2-1(2) }
skipping to change at line 859 skipping to change at line 870
otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
}, },
iterationCount INTEGER (1..MAX), iterationCount INTEGER (1..MAX),
keyLength INTEGER (1..MAX) OPTIONAL, keyLength INTEGER (1..MAX) OPTIONAL,
prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
} }
PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... }
END END
</artwork> ]]></sourcecode>
</section> </section>
</back> </back>
</rfc> </rfc>
 End of changes. 84 change blocks. 
324 lines changed or deleted 365 lines changed or added

This html diff was produced by rfcdiff 1.48.