Skip to main content

A.4. PBES2

A.4. PBES2

The object identifier id-PBES2 identifies the PBES2 encryption scheme (Section 6.2).

id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}

The parameters field associated with this OID in an AlgorithmIdentifier shall have type PBES2-params:

PBES2-params ::= SEQUENCE {
   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} }

The fields of type PBES2-params have the following meanings:

  • keyDerivationFunc identifies the underlying key derivation function. It shall be an algorithm ID with an OID in the set PBES2-KDFs, which for this version of PKCS #5 shall consist of id-PBKDF2 (Appendix A.2).
PBES2-KDFs ALGORITHM-IDENTIFIER ::=
   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
  • encryptionScheme identifies the underlying encryption scheme. It shall be an algorithm ID with an OID in the set PBES2-Encs, whose definition is left to the application. Examples of underlying encryption schemes are given in Appendix B.2.
PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
Last updated on