Mark,
Using S/MIME, if you wish to both sign and encrypt a message, you sign,
then encrypt the message as a single PKCS#7 body part. The application
first signs the message, using either the PKCS#7 SignedData construct, or
RFC1847 multipart/signed (EDIINT currently supports the latter). You then
take either the SignedData or multipart/signed as the data input to
encrypt, to be placed in the PKCS#7 EnvelopedData construct. This is
deemed as advantageous, as the signer of the document is not exposed.
Regards,
Karen
-------------------------------------------
Karen Rosenthal
Premenos, a Harbinger Corporation
1000 Burnett Ave
Concord, CA 94520
Email: karenr(_at_)sfo(_dot_)harbinger(_dot_)com
Tel#: 1-510-688-2928
Fax#: 1-510-602-2133
Visit: http://www.harbinger.com
-----Original Message-----
From: Mark Vandenwauver
[SMTP:Mark(_dot_)Vandenwauver(_at_)esat(_dot_)kuleuven(_dot_)ac(_dot_)be]
Sent: Wednesday, January 28, 1998 2:23 AM
To: ietf-smime(_at_)imc(_dot_)org
Subject: Question about signing attachments separately
Hi all,
We are in the process of implementing S/MIME and me and my colleagues are
having a debate whether we will allow the software to sign and/or encrypt
attachments separately vs. signing/encrypting the whole mail message. Do
the S/MIME experts have any input on this matter ? What do you see as the
biggest advantages to each approach ?
Thanks in advance,
Mark
-----------------------------------------------------------------------
Mark Vandenwauver email :
vdwauver(_at_)esat(_dot_)kuleuven(_dot_)ac(_dot_)be
Assistant www : http://www.esat.kuleuven.ac.be/~vdwauver
K.U.Leuven ESAT-COSIC phone : 32-16-321134
Kard. Mercierlaan 94 32-16-321050 (Secr.)
3001 Heverlee fax : 32-16-321986
BELGIUM