When PEM processing is to be performed on an outgoing message, a DEK is generated [1] for use in message encryption and (if a chosen MIC algorithm requires a key) a variant of the DEK is formed for use in MIC computation. DEK generation can be omitted for the case of a message where confidentiality is not to be applied, unless a chosen MIC computation algorithm requires a DEK. Other parameters (e.g., Initialization Vectors (IVs)) as required by selected encryption algorithms are also generated.
One or more Originator-ID and/or "Originator-Certificate:" fields are included in a PEM message's encapsulated header to provide recipients with an identification component for the IK(s) used for message processing. All of a message's Originator-ID and/or "Originator- Certificate:" fields are assumed to correspond to the same principal; the facility for inclusion of multiple such fields accomodates the prospect that different keys, algorithms, and/or certification paths may be required for processing by different recipients. When a message includes recipients for which asymmetric key management is employed as well as recipients for which symmetric key management is employed, a separate Originator-ID or "Originator-Certificate:" field precedes each set of recipients.
In the symmetric case, per-recipient IK components are applied for each individually named recipient in preparation of ENCRYPTED, MIC- ONLY, and MIC-CLEAR messages. A corresponding "Recipient-ID- Symmetric:" field, interpreted in the context of the most recent preceding "Originator-ID-Symmetric:" field, serves to identify each IK. In the asymmetric case, per-recipient IK components are applied only for ENCRYPTED messages, are independent of originator-oriented header elements, and are identified by "Recipient-ID-Asymmetric:" fields. Each Recipient-ID field is followed by a "Key-Info:" field, which transfers the message's DEK encrypted under the IK appropriate for the specified recipient.
When symmetric key management is used for a given recipient, the "Key-Info:" field following the corresponding "Recipient-ID- Symmetric:" field also transfers the message's computed MIC, encrypted under the recipient's IK. When asymmetric key management is used, a "MIC-Info:" field associated with an "Originator-ID- Asymmetric:" or "Originator-Certificate:" field carries the message's MIC, asymmetrically signed using the private component of the originator. If the PEM message is of type ENCRYPTED (as defined in Section 4.6.1.1.1 of this RFC), the asymmetrically signed MIC is symmetrically encrypted using the same DEK, algorithm, encryption mode and other cryptographic parameters as used to encrypt the message text, prior to inclusion in the "MIC-Info:" field.