PKCS #15 Updates

After the publication of the original PKCS #15 standard it saw minor updates that were only published as drafts and circulated informally among implementers , but never finalised due to the dissolution of the organisation that published the standards. Since the standard, including the updates, remains in active use today, this document gathers the updates in a single location for reference by implementers. The updates cover the extension of the original PKCS #15 identifiers to handle validFrom/validTo dates for certificates and PGP/OpenPGP keys and email addresses, the addition of support for CMS Authenticated-Enveloped-Data, and support for cryptographic binding of public-key components to private-key ones. Since names and definitions have changed across the different drafts (for example v1.0 used PKCS15XXXAttributes while v1.1 and later used XXXXAttributes), this document uses the v1.1 ASN.1 module pkcs-15v1_1.asn as its baseline.

PKCS #15 v1.0 didn't support the validFrom/validTo dates that are required for certificates, these were added in the PKCS #15 v1.2 draft and extend the CommonCertificateAttributes to add: For context, the full CommonCertificateAttributes are then:

PKCS #15 v1.0, designed for use with smart cards, didn't support PGP/OpenPGP or email use, making it difficult to implement PKCS #11 with PKCS #15 as the storage format. The PKCS #15 v1.2 draft extended CredentialIdentifier to include these additional IDs, which extend the existing KeyIdentifiers values to add pgp, openPGP, and uri identifiers:

PKCS #15 v1.0 predates the existence of CMS Authenticated-Enveloped-Data, which was added in the PKCS #15 v1.2 draft by extending the ObjectValue/ PathOrObjects CHOICE to include a new content type AuthEnvelopedData alongside the existing EnvelopedData. For ObjectValue this is: For PathOrObjects this is: Note that the tags jump from the v1.1 'direct-protected [2] EnvelopedData' to 'direct-protected-auth [4] AuthEnvelopedData', the [3] tag was used for another object type whose purpose is now lost. For context, the full ObjectValue / PathOrObjects are then:

An update to the PKCS #15 v1.2 draft provided for cryptographic binding between the private key and public key data. This protects the otherwise typically unprotected public-key objects from undetectable manipulation. This cryptographic binding is added by extending the existing privateXXXKey types with new privateXXXKeyExt types that include the cryptographic binding: The Ext variants wrap the original XXXPrivateKeyObject in an additional SEQUENCE that adds an field, with the ESSCertIDv2 restricted to contain only a SHA-2 hash of the public key data in SubjectPublicKeyInfo form. In other words the ESSCertIDv2: is present as: The resulting XXXPrivateKeyObject is then, in an ASN.1-like notation: For example for an ECC private key the original: would become in extended form with cryptographic binding: For an RSA private key the original: would become in extended form with cryptographic binding:

This document has no IANA actions.

This document serves to document minor updates to the original PKCS #15 standard, there are no security considerations present beyond those in the original standard.