AES-128-CBC
The reference symmetric content cipher for encrypted EDI envelopes.
Definition
AES (FIPS 197) in Cipher Block Chaining mode encrypts the content of a CMS EnvelopedData with the content-encryption key (CEK). Its CMS use requires an initialization vector (IV) carried as an algorithm parameter. CBC provides no integrity of its own: it relies on the message signature for tamper detection, unlike AES-GCM.
Origin
The AES algorithm is standardized by NIST in FIPS 197; its integration into CMS is defined by RFC 3565 (Use of the AES Encryption Algorithm in CMS), IETF S/MIME WG.
Example in context
contentEncryptionAlgorithm = id-aes128-CBC (2.16.840.1.101.3.4.1.2) with a 16-byte IV as parameter.
Related terms
- EnvelopedData — the structure where AES-128-CBC encrypts the content.
- Triple DES — the legacy content algorithm AES replaced.