Originator-ID encapsulated header fields identify a message's originator and provide the originator's IK identification component. Two varieties of Originator-ID fields are defined, the "Originator- ID-Asymmetric:" and "Originator-ID-Symmetric:" field. An "Originator-ID-Symmetric:" header field is required for all PEM messages employing symmetric key management. The analogous "Originator-ID-Asymmetric:" field, for the asymmetric key management case, is used only when no corresponding "Originator-Certificate:" field is included.
Most commonly, only one Originator-ID or "Originator-Certificate:" field will occur within a message. For the symmetric case, the IK identification component carried in an "Originator-ID-Symmetric:" field applies to processing of all subsequent "Recipient-ID- Symmetric:" fields until another "Originator-ID-Symmetric:" field occurs. It is illegal for a "Recipient-ID-Symmetric:" field to occur before a corresponding "Originator-ID-Symmetric:" field has been provided. For the asymmetric case, processing of "Recipient-ID- Asymmetric:" fields is logically independent of preceding "Originator-ID-Asymmetric:" and "Originator-Certificate:" fields.
Multiple Originator-ID and/or "Originator-Certificate:" fields may occur in a message when different originator-oriented IK components must be used by a message's originator in order to prepare a message so as to be suitable for processing by different recipients. In particular, multiple such fields will occur when both symmetric and asymmetric cryptography are applied to a single message in order to process the message for different recipients.
Originator-ID subfields are delimited by the comma character (","), optionally followed by whitespace. Section 5.2, Interchange Keys, discusses the semantics of these subfields and specifies the alphabet from which they are chosen.