When PEM processing is to be performed on an outgoing message, a DEK
is generated [1] for use in message encryption and (if a chosen MIC
algorithm requires a key) a variant of the DEK is formed for use in
MIC computation. DEK generation can be omitted for the case of a
message where confidentiality is not to be applied, unless a chosen
MIC computation algorithm requires a DEK. Other parameters (e.g.,
Initialization Vectors (IVs)) as required by selected encryption
algorithms are also generated.
One or more Originator-ID and/or "Originator-Certificate:" fields are
included in a PEM message's encapsulated header to provide recipients
with an identification component for the IK(s) used for message
processing. All of a message's Originator-ID and/or "Originator-
Certificate:" fields are assumed to correspond to the same principal;
the facility for inclusion of multiple such fields accomodates the
prospect that different keys, algorithms, and/or certification paths
may be required for processing by different recipients. When a
message includes recipients for which asymmetric key management is
employed as well as recipients for which symmetric key management is
employed, a separate Originator-ID or "Originator-Certificate:" field
precedes each set of recipients.
In the symmetric case, per-recipient IK components are applied for
each individually named recipient in preparation of ENCRYPTED, MIC-
ONLY, and MIC-CLEAR messages. A corresponding "Recipient-ID-
Symmetric:" field, interpreted in the context of the most recent
preceding "Originator-ID-Symmetric:" field, serves to identify each
IK. In the asymmetric case, per-recipient IK components are applied
only for ENCRYPTED messages, are independent of originator-oriented
header elements, and are identified by "Recipient-ID-Asymmetric:"
fields. Each Recipient-ID field is followed by a "Key-Info:" field,
which transfers the message's DEK encrypted under the IK appropriate
for the specified recipient.
When symmetric key management is used for a given recipient, the
"Key-Info:" field following the corresponding "Recipient-ID-
Symmetric:" field also transfers the message's computed MIC,
encrypted under the recipient's IK. When asymmetric key management is
used, a "MIC-Info:" field associated with an "Originator-ID-
Asymmetric:" or "Originator-Certificate:" field carries the message's
MIC, asymmetrically signed using the private component of the
originator. If the PEM message is of type ENCRYPTED (as defined in
Section 4.6.1.1.1 of this RFC), the asymmetrically signed MIC is
symmetrically encrypted using the same DEK, algorithm, encryption
mode and other cryptographic parameters as used to encrypt the
message text, prior to inclusion in the "MIC-Info:" field.
