CMS Cryptography

The synta.cms submodule provides Python bindings for the Cryptographic Message Syntax (RFC 5652) and CMS-KEM (RFC 9629). It exposes parsers and builders for all major CMS content types.

Content types

Class	RFC	Description
`ContentInfo`	RFC 5652 §3	Outer CMS envelope; entry point for all content types
`SignedData`	RFC 5652 §5	Encapsulates signed content plus signer information
`SignerInfo`	RFC 5652 §5.3	Per-signer structure within `SignedData`
`EnvelopedData`	RFC 5652 §6	Encrypted content with key transport per recipient
`EnvelopedDataBuilder`	RFC 5652 §6	Fluent builder for `EnvelopedData`
`EncryptedData`	RFC 5652 §8	Symmetric encryption (shared key, no recipient info)
`DigestedData`	RFC 5652 §7	Hash-protected content
`AuthenticatedData`	RFC 5652 §9	MAC-authenticated content
`IssuerAndSerialNumber`	RFC 5652 §10.2.4	Certificate identifier
`KEMRecipientInfo`	RFC 9629 §5	Quantum-safe KEM recipient structure
`CMSORIforKEMOtherInfo`	RFC 9629 §5.3	KDF input structure for KEM-based key derivation

Import

from synta.cms import (
    ContentInfo,
    SignedData, SignerInfo,
    EnvelopedData, EnvelopedDataBuilder,
    EncryptedData,
    DigestedData,
    AuthenticatedData,
    IssuerAndSerialNumber,
    KEMRecipientInfo, CMSORIforKEMOtherInfo,
    # OID constants:
    ID_DATA, ID_SIGNED_DATA, ID_ENVELOPED_DATA,
    ID_DIGESTED_DATA, ID_ENCRYPTED_DATA, ID_CT_AUTH_DATA,
    ID_AES128_CBC, ID_AES192_CBC, ID_AES256_CBC,
    ID_RSAES_OAEP, ID_RSA_ENCRYPTION,
    ID_ORI, ID_ORI_KEM,
)

OID constants

Content-type OIDs (RFC 5652 §14)

Constant	OID	Name
`ID_DATA`	`1.2.840.113549.1.7.1`	id-data
`ID_SIGNED_DATA`	`1.2.840.113549.1.7.2`	id-signedData
`ID_ENVELOPED_DATA`	`1.2.840.113549.1.7.3`	id-envelopedData
`ID_DIGESTED_DATA`	`1.2.840.113549.1.7.5`	id-digestedData
`ID_ENCRYPTED_DATA`	`1.2.840.113549.1.7.6`	id-encryptedData
`ID_CT_AUTH_DATA`	`1.2.840.113549.1.9.16.1.2`	id-ct-authData

Content-encryption algorithm OIDs (RFC 3565)

Constant	OID	Key length
`ID_AES128_CBC`	`2.16.840.1.101.3.4.1.2`	16 bytes
`ID_AES192_CBC`	`2.16.840.1.101.3.4.1.22`	24 bytes
`ID_AES256_CBC`	`2.16.840.1.101.3.4.1.42`	32 bytes

Key-transport algorithm OIDs (RFC 8017)

Constant	OID	Notes
`ID_RSAES_OAEP`	`1.2.840.113549.1.1.7`	RSA-OAEP with SHA-256 (recommended)
`ID_RSA_ENCRYPTION`	`1.2.840.113549.1.1.1`	RSA PKCS#1 v1.5 (legacy)

CMS-KEM OtherRecipientInfo OIDs (RFC 9629 §6.2)

Constant	OID	Description
`ID_ORI`	`1.2.840.113549.1.9.16.13`	Root arc for OtherRecipientInfo alternatives
`ID_ORI_KEM`	`1.2.840.113549.1.9.16.13.3`	Identifies a `KEMRecipientInfo`

Sections

ContentInfo — outer CMS envelope
SignedData — signed content types
EnvelopedData — encrypted-to-recipient content
EncryptedData — symmetric encrypted content
DigestedData and AuthenticatedData — hash and MAC content types
CMS-KEM — RFC 9629 quantum-safe KEM recipient types
OID Constants — all CMS OID constants

Keyboard shortcuts

Synta Python Bindings