Here's the proposal for authenticated (i.e. MAC'ed) data as a new content
type.
AuthenticatedData ::= SEQUENCE {
version Version,
originatorInfo [0] OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos,
contentInfo contentInfo,
macs MACS }
RecipientInfo ::= SEQUENCE {
version Version,
rid RecipientIdentifier,
macAlgorithm AlgorithmIdentifier
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
encryptedKey EncryptedKey }
MACS ::= SET OF MAC
MAC ::= SEQUENCE {
algorithm AlgorithmIdentifier,
authenticator OCTET STRING }
Notes:
1. This construct supports provision of an authenticator (MAC) by a single
originator.
2. The originator may compute multiple MACs in order to accommodate
multiple recipients who use different algorithms. For a given algorithm,
the originator will provide a single MAC, and transport the key to all
recipients which use that algorithm.
3. Key management is based on that in the new EnvelopedData; the
macAlgorithm field is added to the RecipientInfo field to assist the
recipient in locating the appropriate MAC in the MACS field.
4. There is no support for multiple originators, or for authenticated or
unauthenticated attributes.
5. Some discussion on deriving both content-encryption and MAC keys from
the same keying material (DH shared secret, or RSA-encrypted "blob" a
la SSL) might be in order.
Regards,
Rich