MIME Security with OpenPGP (RFC3156)
Original Publication Date: 2001-Aug-01
Included in the Prior Art Database: 2019-Feb-13
Internet Society Requests For Comment (RFCs)
M. Elkins: AUTHOR [+3]
This document describes how the OpenPGP Message Format can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847. [STANDARDS-TRACK]
Network Working Group M. Elkins Request for Comments: 3156 Network Associates, Inc. Updates: 2015 D. Del Torto Category: Standards Track CryptoRights Foundation R. Levien University of California at Berkeley T. Roessler August 2001
MIME Security with OpenPGP
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2001). All Rights Reserved.
This document describes how the OpenPGP Message Format can be used to provide privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC 1847.
Work on integrating PGP (Pretty Good Privacy) with MIME  (including the since withdrawn "application/pgp" content type) prior to RFC 2015 suffered from a number of problems, the most significant of which is the inability to recover signed message bodies without parsing data structures specific to PGP. RFC 2015 makes use of the elegant solution proposed in RFC 1847, which defines security multipart formats for MIME. The security multiparts clearly separate the signed message body from the signature, and have a number of other desirable properties. This document revises RFC 2015 to adopt the integration of PGP and MIME to the needs which emerged during the work on the OpenPGP specification.
This document defines three content types for implementing security and privacy with OpenPGP: "application/pgp-encrypted", "application/pgp-signature" and "application/pgp-keys".
Elkins, et al. Standards Track [Page 1]
RFC 3156 MIME Security with OpenPGP August 2001
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
2. OpenPGP data formats
OpenPGP implementations can generate either ASCII armor (described in ) or 8-bit binary output when encrypting data, generating a digital signature, or extracting public key data. The ASCII armor output is the REQUIRED method for data transfer. This allows those users who do not have the means to interpret the formats described in this document to be able to extract and use the OpenPGP information in the message.
When the amount of data to be transmitted requires that it be sent in many parts, the MIME message/partial mechanism SHOULD be used rather than the multi-part ASCII armor OpenPGP format.
3. Content-Transfer-Encoding restrictions
Multipart/signed and multipart/encrypted are to be treated by agents as opaque, meaning that the data is not to be altered in any way , . However, many existing mail gateways will detect if the next hop does not support MIME or...