PKCS #8: Private-Key Information Content Types

PKCS #8: Private-Key Information Content Types AKAYLA, Inc.

joe@akayla.com

Vigil Security, LLC

housley@vigilsec.com

sn3rd

sean@sn3rd.com

SEC lamps CMS This document defines PKCS #8 content types for use with PrivateKeyInfo and EncryptedPrivateKeyInfo as specified in RFC 5958.

Introduction The syntax for private-key information was originally described in , and the syntax was later revised by to include the AsymmetricKeyPackage content type that supports multiple PrivateKeyInfos. This document defines PKCS #8 content types for use with one PrivateKeyInfo and one EncryptedPrivateKeyInfo. These content type assignments are needed for the PrivateKeyInfo and EncryptedPrivateKeyInfo to be carried in the Cryptographic Message Syntax (CMS) . Note: A very long time ago, media types for PrivateKeyInfo and EncryptedPrivateKeyInfo were assigned as "application/pkcs8" and "application/pkcs8-encrypted", respectively.

Private-Key Information Content Types This section defines a content type for private-key information and encrypted private-key information. The PrivateKeyInfo content type is identified by the following object identifier: The EncryptedPrivateKeyInfo content type is identified by the following object identifier:

ASN.1 Module The ASN.1 module in this section builds upon the modules in .

Security Considerations The security considerations in apply here.

IANA Considerations For each of the private-key information content types defined in , IANA has assigned an Object Identifier (OID). The OIDs for the content types have been allocated in the "SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1)" registry as follows:

Decimal	Description	Reference
52	id-ct-privateKeyInfo	RFC 9939
53	id-ct-encrPrivateKeyInfo	RFC 9939

For the ASN.1 module in , IANA has assigned an OID for the module identifier. The OID for the module has been allocated in the "SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0)" registry as follows:

Decimal	Description	Reference
85	id-mod-pkcs8ContentType	RFC 9939

IANA has updated the application/cms registration entry in the "Media Types" registry by adding RFC 9939 to the "Interoperability considerations" section and to the list of RFCs where Inner Content Types (ICTs) are defined (see the "Optional parameters" section) and by adding the following values to the list of ICTs:

privateKeyInfo
encrPrivateKeyInfo

IANA has also updated the "Security considerations" section in the application/cms entry as follows:

RFC	CMS Protecting Content Type and Algorithms
RFC 9939	privateKeyInfo and encrPrivateKeyInfo

References Normative References Information technology - Abstract Syntax Notation One (ASN.1): Specification of basic notation ITU-T Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) ITU-T Informative References SMI Security for S/MIME Module Identifier (1.2.840.113549.1.9.16.0) IANA SMI Security for S/MIME CMS Content Type (1.2.840.113549.1.9.16.1) IANA

Acknowledgments Thanks to , , , , and for reviewing the document and providing comments.