RIPEM Message and File Formats

Mark Riordan

4 May 1993

This document describes the syntax of messages produced by RIPEM, and of
files maintained by RIPEM.
Format Standards Followed by RIPEM

RIPEM messages generally follow the format described in Internet RFC
1421. (In non-PEM mode, some of the fields are different, to account
for the lack of certificates in non-PEM mode.) MIME extensions are
described in the Internet Engineering Task Force Draft entitled "MIME-
PEM Interaction" (draft-ietf-pem-mime-02.txt).

Where applicable, RIPEM databases contain fields in formats conformant
with RSA Data Security's Public Key Cryptography Standards. See the
documents in the pkcs directory on FTP site rsa.com.

Messages produced by RIPEM and files maintained by RIPEM are kept
entirely in 7-bit ASCII format. Information which is inherently non-
ASCII ("binary" data such as the output from DES encryption) is encoded
either in ASCII hexadecimal, or in a uuencode-like format in which three
8-bit bytes are represented with four ASCII characters. (The details of
this encoding, which are not identical to those of the Unix uuencode
program, are described in RFC 1421.) Complex structured information,
such as a public key (which contains both a modulus and a public
exponent) is first transformed into a portable binary format before
being ASCII-encoded. The portable structured format is called DER
encoding (for Distinguished Encoding Rules). Descriptions of DER
encoding can be found in documents written by Burt Kaliski and available
from the FTP site rsa.com in the pkcs directory.
Factors Affecting Message Formats

Each RIPEM-encrypted message consists of two fundamental parts: a set
of "headers" containing bookkeeping information such as the sender's
identity, encryption modes used, etc; and a "body" containing the
(usually) encrypted message itself. The precise format of RIPEM message
headers depends upon several factors:

* Whether the message is enciphered in "RIPEM mode", which does not
support certificates, or "PEM mode", which does.

* Whether the message is encrypted, or just signed.

* Whether MIME ("Multipurpose Internet Mail Extensions") is used. MIME
format is generally used only when the message being encrypted is not
plain ASCII.
PEM-Mode Messages

We will start by describing RIPEM messages produced in PEM mode. Here
is an annotated example. (Annotations are indented.)

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
All RIPEM messages start with this line.
Proc-Type: 4,ENCRYPTED
"4" indicates standard Internet RFC 1421 PEM.
The second parameter can be ENCRYPTED, MIC-ONLY, or MIC-CLEAR.
The message is encrypted only in the case of ENCRYPTED, but a
signature is always computed.
Content-Domain: RFC822
RFC822 indicates that the message plaintext is in standard email
(ASCII-only) form. This is currently the only allowable value for
this field.
DEK-Info: DES-CBC,401E9139E4867FF7
This field is present only for ENCRYPTED messages, and indicates
the message data encryption algorithm and mode (always DES-CBC),
and the initialization vector in hex.
Originator-Certificate:
MIIBpjCCAUICARYwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV
BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl
cnRpZmljYXRlMB4XDTkzMDQxOTIwMDI1MFoXDTk1MDQxOTAwMDAwMFowZDELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD
VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRUwEwYDVQQDEwxNYXJrIFJpb3JkYW4w
WTAKBgRVCAEBAgICBgNLADBIAkEylZc/H+pNFRQqHC4abJQV4gTzRuGoXmOFgdeP
kDshmAB4dAa6qY8ypsLqDFmXfbEInjzwxz8weBHGRnTZwFcrMwIDAQABMA0GCSqG
SIb3DQEBAgUAA08ABMavdfXztriNQZwk8Ma/YbMOd81sg/bASPXKi2FhmDn2WhdZ
967PW+ZPYkCDn0JdUikP/41xvKuHhOPDNROvN+Sltgf0aFenF2m8/voX
This is the certificate of the sender of the message. It contains
the sender's public key. See the section below on certificates.
Issuer-Certificate:
MIIBxjCCAVACBF4AAAMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAe
BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVMb3cgQXNz
dXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkyMTIyMzA4MDAwMFoX
DTk0MDEwMTA3NTk1OVowTTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRh
IFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENlcnRpZmljYXRlMGkw
DQYJKoZIhvcNAQEBBQADWAAwVQJOBqoIUA2vV4v9swHWBKiVSHGIZSzdRaSPbV0N
Zus2d/T2FyvFIaI9BLO5Fkb/IQtOL6pDisJ3Vm81bb6B0Dpj/JzpJLgYvgEL4BaE
XIDlAgMBAAEwDQYJKoZIhvcNAQECBQADYQCPF1HZAPzWWKSyspFjbUGkmQAWGLtz
3Zvl1nn3EztPPVtR6GirTpFRa07ov7isHWEdZxGKIwbmFPJuh8pn8tTrSyYfWfD6
/CHEa04fhZ4jVoAmKmjdgbRTqfraABsBAC8=
This is the certificate of the authority that issued and signed
the Originator-Certificate. This field is optional. It may be
followed by the certificate of the authority that issued
thiscertificate, and so on up to the root of the certificate
hierarchy. RIPEM does not do this. In fact, there is currently
no Internet PEM hierarchy.
Key-Info: RSA,
LookV1eGyPwZJ4sz2Eyf1ak3re3Sti2JeSIIaost1SeW93L3eqcXCAqGz7GBBJfN
hSziXJDIbNEGGXdm9Zuoc0E=
The Key-Info field gives the message key of this message,
encrypted under the recipient's public key component. This first
occurrence of Key-Info, appearing before the first Recipient-ID-
Asymmetric field, is optional and applies to the sender of the
message. That is, the value of this field as it appears here is
the DES message key encrypted with the sender's public key. This
allows the sender to decrypt his own messages and is similar to
the sender making himself a recipient of all his messages.
The "RSA" here indicates use of the RSA public key algorithm;
there are no other legal values for the first parameter.
MIC-Info: RSA-MD5,RSA,
93KkysZ67I408OZOr6GaimrSez7XUW9ezIWhqtDeXSNNomyeBPrr9EAPDKb52Y97
KKhSksBlJKaF5J+1KclEihUns91EGUfA
MIC-Info gives the message digest of the message, encrypted with
the sender's private component. That is, this is the "signature".
The first parameter is the message digest algorithm. RIPEM always
uses RSA-MD5 during encryption, but will also recognize RSA-MD2
upon decryption.
The second parameter specifies the public key cipher used to
encrypt the digest. This is always RSA.
Recipient-ID-Asymmetric:
ME0xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5j
LjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZQ==,12
This field identifies a recipient, and may occur multiple times.
The first parameter is an encoding of the name of the issuer of
the recipient's certificate, and the second parameter is the
serial number of the recipient's certificate. Thus, the recipient
is not identified directly. If you decode this particular
example, you will see that it says that this recipient is the
owner of the 12th certificate issued by RSA Data Security, Inc.
Key-Info: RSA,
UCoYCx7e3nap6HvKN3w5dVs6Nv4Vzw7kwvxE6SRq4c/fr0SL4hJGCZLKTerhb5Ly
KvUrRTm/9MAmWJNhmT+Hqi925V66QVrDmzazDSMfESM81ovc5APWr2Eb7xNrOEM1
Key-Info describes the message key as encrypted under the public
key of the most recently-named recipient.
Recipient-ID-Asymmetric:
ME0xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5j
LjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZpY2F0ZQ==,16
Key-Info: RSA,
LookV1eGyPwZJ4sz2Eyf1ak3re3Sti2JeSIIaost1SeW93L3eqcXCAqGz7GBBJfN
hSziXJDIbNEGGXdm9Zuoc0E=
In this example, there are two recipients; hence, there are two
occurrences of the recipient identifier & message key fields.
Note that in many cases, the first parameter of Recipient-ID-
Asymmetric will be identical from one recipient to the next, since
often several recipients will have obtained their certificates
from the same issuer.

A single blank line separates the headers from the encrypted
message. The encrypted message is printably encoded and written
out in lines of 64 ASCII characters each (except the last line).
vJZOOU8izhi44YZgbGy2U2/oPe+RluWAo6SmPBgVjtgQ+xeZA84uL0Pnljj4moL/
IrzUDgpnzsBqnWcAW2YD7xa7FbJuTC8/cOtgSDLBtmPfc1NhL0JY5eY8Ts7fGSt0
gG0hlfA4deo=
-----END PRIVACY-ENHANCED MESSAGE-----
All RIPEM messages end with this line.

Certificates

A certificate is a "document" that states a user, his/her public key
component, and validity information. Certificates are printably-
encoded. Specifically, a certificate contains the following items.
Items of special interest, and most likely to vary from one certificate
to another, are marked with a *.

* A version number that applies to the format of the certificate;
currently, this is always zero.
* * A serial number. This serial number is unique amoungst all the
certificates issued by a given certifying authority.
* The identifier of the algorithm used to sign the certificate. This
currently is always the same, and specifies the RSA algorithm.
* * The multi-part name of the issuer of the certificate. There can be
many different issuers, but in practise the number of different
issuers is likely to be small for the near future.
* The date range during which the certificate is valid. Typically
certificates are valid for two years.
* * The multi-part name of the person or entity to whom the certificate
was issued. This typically contains not only the proper name of the
issuee (e.g., "John Smith"), but the domain with which the issuee is
associated (e.g., the issuee's company name ("Acme Widgets") and
country ("US")).
* * The public key of the issuee of the certificate. This, obviously,
is the whole point of the certificate.
* * The signature of all of the above information in the certificate,
done by the issuer with its private key. If you know the issuer's
public key, you can verify this signature.


RIPEM-Mode Messages

-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 2001,ENCRYPTED
DEK-Info: DES-CBC,194E5E0350762C82
Originator-Name: mrr@scss3.cl.msu.edu
Originator-Key-Asymmetric:
MFkwCgYEVQgBAQICAgYDSwAwSAJBMpWXPx/qTRUUKhwuGmyUFeIE80bhqF5jhYHX
j5A7IZgAeHQGuqmPMqbC6gxZl32xCJ488Mc/MHgRxkZ02cBXKzMCAwEAAQ==
Key-Info: RSA,
IVFGLgKdlQ9pF+qtZpqtJtdxCOJU3ie1SaiVohlmj5zOjs5dl7HZ0UOywTsrR8FN
/2jrVT3zg1pphJyE+8M9OJY=
MIC-Info: RSA-MD5,RSA,
hkoroUoBWqFb5HZDcL3M/DhitmLVX+NyhVobd2Eyde5yZEoLbx3f+TLEahJPkrwM
i9PKBur+9O7H+EmLmrqzRCbPFxL2zHKt
Recipient-Name: test
Key-Info: RSA,
Atleg3hO2yJfjdEZfGW9FVZcP9CcrEPus5WIzTfqcQzQSgTyldyV5XPMs/87J6xE
MSaytHpMaThNxZuOnc+EaBs=
Recipient-Name: raylau@mit.edu
Key-Info: RSA,
RmaSSj2jz1ZU0j9RWFpSTOp01d1iqB2CsPIBH1vaObjC+r2a4U7sOnyfouZMe2+Q
LVIgy6Vzz862e/K0LwKXbyZaaqrE/swAR6QQZqiTLU53/rPLIJGCRTuCPKYCyTAw

UeluB7ffHqprsJ1cIrD1uJlBmqk90kyML/LEHnyGJys=
-----END PRIVACY-ENHANCED MESSAGE-----


RIPEM Public Key Database (aka Directory)

User: Raymond Lau.Persona Certificate.RSA Data Security Inc.
SubjectInfo: CN=Raymond Lau, OU=Persona Certificate, O=RSA Data
Security, Inc., C=US
IssuerInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US
SerialNumberInfo: 0x12
CertificateInfo:
MIIBxTCCAWECARIwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV
BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl
cnRpZmljYXRlMB4XDTkzMDQxMjIyNTI1N1oXDTk1MDQxMjA1MDAwMFowYzELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD
VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRQwEgYDVQQDEwtSYXltb25kIExhdTB5
MAoGBFUIAQECAgMAA2sAMGgCYQC4Lq5eHwr4u4bY7VggmpOwmyqhq9nMVR7VuaUy
4MOTPLPHi/dZM5E2gdODG1uV2YoGDNNTuVFRO4osQwxTOWMt9oEththrXOYI6oZ8
lzyYfmgLVL15S7HCV/GYJdlPuO0CAwEAATANBgkqhkiG9w0BAQIFAANPAAUVNpom
zLBp6r72gqG6bBU1eFbv9bNKk4WSQCXYRbulGmhyLCXItASYloprlBxKHm8EP178
P8z1rlbRNAoWw2G5q2550I6UUiJ5OOkVwB==

User: Persona Certificate.RSA Data Security Inc.
SubjectInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US
IssuerInfo: OU=Low Assurance Certification Authority, O=RSA Data
Security, Inc., C=US
SerialNumberInfo: 0x5E000003
CertificateInfo:
MIIBxjCCAVACBF4AAAMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAe
BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVMb3cgQXNz
dXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkyMTIyMzA4MDAwMFoX
DTk0MDEwMTA3NTk1OVowTTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRh
IFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENlcnRpZmljYXRlMGkw
DQYJKoZIhvcNAQEBBQADWAAwVQJOBqoIUA2vV4v9swHWBKiVSHGIZSzdRaSPbV0N
Zus2d/T2FyvFIaI9BLO5Fkb/IQtOL6pDisJ3Vm81bb6B0Dpj/JzpJLgYvgEL4BaE
XIDlAgMBAAEwDQYJKoZIhvcNAQECBQADYQCPF1HZAPzWWKSyspFjbUGkmQAWGLtz
3Zvl1nn3EztPPVtR6GirTpFRa07ov7isHWEdZxGKIwbmFPJuh8pn8tTrSyYfWfD6
/CHEa04fhZ4jVoAmKmjdgbRTqfraABsBAC9=
Status: Valid by Declaration

User: Mark Riordan.Persona Certificate.RSA Data Security Inc.
SubjectInfo: CN=Mark Riordan, OU=Persona Certificate, O=RSA Data
Security, Inc., C=US
IssuerInfo: OU=Persona Certificate, O=RSA Data Security, Inc., C=US
SerialNumberInfo: 0x16
CertificateInfo:
MIIBpjCCAUICARYwDQYJKoZIhvcNAQECBQAwTTELMAkGA1UEBhMCVVMxIDAeBgNV
BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYDVQQLExNQZXJzb25hIENl
cnRpZmljYXRlMB4XDTkzMDQxOTIwMDI1MFoXDTk1MDQxOTAwMDAwMFowZDELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMRwwGgYD
VQQLExNQZXJzb25hIENlcnRpZmljYXRlMRUwEwYDVQQDEwxNYXJrIFJpb3JkYW4w
WTAKBgRVCAEBAgICBgNLADBIAkEylZc/H+pNFRQqHC4abJQV4gTzRuGoXmOFgdeP
kDshmAB4dAa6qY8ypsLqDFmXfbEInjzwxz8weBHGRnTZwFcrMwIDAQABMA0GCSqG
SIb3DQEBAgUAA08ABMavdfXztriNQZwk8Ma/YbMOd81sg/bASPXKi2FhmDn2WhdZ
967PW+ZPYkCDn0JdUikP/41xvKuHhOPDNROvN+Sltgf0aFenF2m8/voX
Status: Valid by Declaration

User: test22
PublicKeyInfo:
MFkwCgYEVQgBAQICAgQDSwAwSAJBCcVXx4EuHCsiJgidWtNPyWyTuA5CiTqcKWT8
IujdiMqcSh/iRVO8+nugWDTNwG3LaERzfNe5wLznNpyNSKBwoQcCAwEAAQ==
MD5OfPublicKey: E50F516A4626002DF9B877A8D265BBF8