ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

AES-128-CBC

The reference symmetric content cipher for encrypted EDI envelopes.

Definition

AES (FIPS 197) in Cipher Block Chaining mode encrypts the content of a CMS EnvelopedData with the content-encryption key (CEK). Its CMS use requires an initialization vector (IV) carried as an algorithm parameter. CBC provides no integrity of its own: it relies on the message signature for tamper detection, unlike AES-GCM.

Origin

The AES algorithm is standardized by NIST in FIPS 197; its integration into CMS is defined by RFC 3565 (Use of the AES Encryption Algorithm in CMS), IETF S/MIME WG.

Example in context

contentEncryptionAlgorithm = id-aes128-CBC (2.16.840.1.101.3.4.1.2) with a 16-byte IV as parameter.

  • EnvelopedData — the structure where AES-128-CBC encrypts the content.
  • Triple DES — the legacy content algorithm AES replaced.

Last updated: June 20, 2026