This section provides a grammar describing the construction of a PEM message.
; PEM BNF representation, using RFC 822 notation. ; imports field meta-syntax (field, field-name, field-body, ; field-body-contents) from RFC-822, sec. 3.2 ; imports DIGIT, ALPHA, CRLF, text from RFC-822 ; Note: algorithm and mode specifiers are officially defined ; in RFC 1423 <pemmsg> ::= <preeb> <pemhdr> [CRLF <pemtext>] ; absent for CRL message <posteb> <preeb> ::= "-----BEGIN PRIVACY-ENHANCED MESSAGE-----" CRLF <posteb> ::= "-----END PRIVACY-ENHANCED MESSAGE-----" CRLF / <preeb> <pemtext> ::= <encbinbody> ; for ENCRYPTED or MIC-ONLY messages / *(<text> CRLF) ; for MIC-CLEAR <pemhdr> ::= <normalhdr> / <crlhdr> <normalhdr> ::= <proctype> <contentdomain> [<dekinfo>] ; needed if ENCRYPTED (1*(<origflds> *<recipflds>)) ; symmetric case -- ; recipflds included for all proc types / ((1*<origflds>) *(<recipflds>)) ; asymmetric case -- ; recipflds included for ENCRYPTED proc type <crlhdr> ::= <proctype> 1*(<crl> [<cert>] *(<issuercert>)) <asymmorig> ::= <origid-asymm> / <cert> <origflds> ::= <asymmorig> [<keyinfo>] *(<issuercert>) <micinfo> ; asymmetric / <origid-symm> [<keyinfo>] ; symmetric <recipflds> ::= <recipid> <keyinfo> ; definitions for PEM header fields <proctype> ::= "Proc-Type" ":" "4" "," <pemtypes> CRLF <contentdomain> ::= "Content-Domain" ":" <contentdescrip> CRLF <dekinfo> ::= "DEK-Info" ":" <dekalgid> [ "," <dekparameters> ] CRLF <symmid> ::= <IKsubfld> "," [<IKsubfld>] "," [<IKsubfld>] <asymmid> ::= <IKsubfld> "," <IKsubfld> <origid-asymm> ::= "Originator-ID-Asymmetric" ":" <asymmid> CRLF <origid-symm> ::= "Originator-ID-Symmetric" ":" <symmid> CRLF <recipid> ::= <recipid-asymm> / <recipid-symm> <recipid-asymm> ::= "Recipient-ID-Asymmetric" ":" <asymmid> CRLF <recipid-symm> ::= "Recipient-ID-Symmetric" ":" <symmid> CRLF <cert> ::= "Originator-Certificate" ":" <encbin> CRLF <issuercert> ::= "Issuer-Certificate" ":" <encbin> CRLF <micinfo> ::= "MIC-Info" ":" <micalgid> "," <ikalgid> "," <asymsignmic> CRLF <keyinfo> ::= "Key-Info" ":" <ikalgid> "," <micalgid> "," <symencdek> "," <symencmic> CRLF ; symmetric case / "Key-Info" ":" <ikalgid> "," <asymencdek> CRLF ; asymmetric case <crl> ::= "CRL" ":" <encbin> CRLF <pemtypes> ::= "ENCRYPTED" / "MIC-ONLY" / "MIC-CLEAR" / "CRL" <encbinchar> ::= ALPHA / DIGIT / "+" / "/" / "=" <encbingrp> ::= 4*4<encbinchar> <encbin> ::= 1*<encbingrp> <encbinbody> ::= *(16*16<encbingrp> CRLF) [1*16<encbingrp> CRLF] <IKsubfld> ::= 1*<ia-char> ; Note: "," removed from <ia-char> set so that Orig-ID and Recip-ID ; fields can be delimited with commas (not colons) like all other ; fields <ia-char> ::= DIGIT / ALPHA / "'" / "+" / "(" / ")" / "." / "/" / "=" / "?" / "-" / "@" / "%" / "!" / '"' / "_" / "<" / ">" <hexchar> ::= DIGIT / "A" / "B" / "C" / "D" / "E" / "F" ; no lower case ; This specification defines one value ("RFC822") for ; <contentdescrip>: other values may be defined in future in ; separate or successor documents ; <contentdescrip> ::= "RFC822" ; The following items are defined in RFC 1423 ; <dekalgid> ; <dekparameters> ; <micalgid> ; <ikalgid> ; <asymsignmic> ; <symencdek> ; <symencmic> ; <asymencdek>