ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

CMS

Cryptographic Message Syntax. RFC 5652 defines the universal binary format of signed and encrypted messages.

Definition

CMS (Cryptographic Message Syntax) is the IETF standard that describes the ASN.1/DER binary format of a cryptographic message — signed, encrypted, digested or authenticated. It directly derives from PKCS#7 published by RSA in 1993. CMS is the technical foundation of S/MIME (itself used by AS1, AS2, AS3) and of qualified XAdES / CAdES signatures.

Origin

CMS was standardised by IETF through a sequence of RFCs: 2630 (1999), 3369 (2002), 3852 (2004), and 5652 (2009, current version). It generalises and clarifies RSA Labs' PKCS#7, adding variants EnvelopedData, SignedData, DigestedData, AuthEnvelopedData, AuthenticatedData. CAdES (RFC 5126 then ETSI EN 319 122) profiles CMS for qualified eIDAS signatures.

Example in context

When an AS2 partner encrypts an EDIFACT order, the resulting payload is actually a DER-encoded CMS EnvelopedData structure: it contains an EncryptedContentInfo, RecipientInfos (one per recipient with the symmetric key encrypted by their RSA public key), and algorithm elements. On reception, the partner decrypts the symmetric key then the content, verifies the expected SignedData envelope, and computes the MIC of the original content.

  • S/MIME — the MIME use of CMS in email and AS2.
  • XAdES — the XML expression of related ideas.
  • Non-repudiation — legal property CMS helps to provide.

Last updated: May 14, 2026