The Cryptographic Message Syntax (CMS) is the

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...

's standard for cryptographically protected messages. It can be used by cryptographic schemes and protocols to digitally sign, digest,

authenticate Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating ...

encrypt In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plai ...

any form of digital data. CMS is based on the syntax of PKCS #7, which in turn is based on the Privacy-Enhanced Mail standard. The newest version of CMS () is specified in (but also see for updated ASN.1 modules conforming to ASN.1 2002 and and for updates to the standard). The architecture of CMS is built around certificate-based key management, such as the profile defined by the PKIX

working group A working group is a group of experts working together to achieve specified goals. Such groups are domain-specific and focus on discussion or activity around a specific subject area. The term can sometimes refer to an interdisciplinary collab ...

. CMS is used as the key cryptographic component of many other cryptographic standards, such as

S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed by ...

, PKCS #12 and the digital timestamping protocol.

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

software that can encrypt, decrypt, sign and verify, compress and uncompress CMS documents, using the openssl-cms command.

Norms and Standards

Cryptographic Message Syntax (CMS) is regularly updated to address evolving security needs and emerging cryptographic algorithms. * (Update to the Cryptographic Message Syntax (CMS) for Algorithm Identifier Protection) * (Cryptographic Message Syntax (CMS), in use) * (Cryptographic Message Syntax (CMS), obsolete) * (Cryptographic Message Syntax (CMS), obsolete) * (Cryptographic Message Syntax, obsolete) * (New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME, in use) * (New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME, updated) * (Using Elliptic Curve Cryptography with CMS, in use) * (Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS), obsolete) * (Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS), in use) * (Using Key Encapsulation Mechanism (KEM) Algorithms in the Cryptographic Message Syntax (CMS), in use)

Norms and Standards

See also