Encryption Key Derivation in the Cryptographic Message Syntax Using HKDF with SHA-256
RFC 9709, “Encryption Key Derivation in the Cryptographic Message Syntax Using HKDF with SHA-256”, is a Proposed Standard document published in January 2025 by R. Housley. The canonical text is published by the RFC Editor.
Abstract
This document specifies the derivation of the content-encryption key or the content-authenticated-encryption key in the Cryptographic Message Syntax (CMS) using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) with SHA-256. The use of this mechanism provides protection against an attacker that manipulates the content-encryption algorithm identifier or the content-authenticated-encryption algorithm identifier.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9709 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9708 Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax
- RFC 9710 Simple Fixes to the IP Flow Information Export Entities IANA Registry
- RFC 9707 Report from the IAB Workshop on Barriers to Internet Access of Services
- RFC 9711 The Entity Attestation Token
- RFC 9706 TreeDN: Tree-Based Content Delivery Network for Live Streaming to Mass Audiences
- RFC 9712 IETF Meeting Venue Requirements Review
- RFC 9705 Refresh-Interval Independent RSVP Fast Reroute Facility Protection
- RFC 9713 Bundle Protocol Version 7 Administrative Record Types Registry