Trevor Sosebee writes:
Suppose an entity wants to use an AuthenticatedData structure as a
generic way to carry authenticated data, and does not care who the
recipient is or has no knowledge of the recipient's credentials at the
time of creation. It seems there should be a way to do this with no
such knowledge, but since RecipientInfos is required to exist and contain
at least one RecipientInfo, there seems to be no way around the problem.
At the very least could the requirement that RecipientInfos be present
be relaxed to possibly contain no RecipientInfo?
Trevor
Trevor,
Rather than identify the recipient, why not just identify the key?
(use RecipientIdentifier.subjectKeyIdentifier)
RecipientInfos must be present because that's where the key that
is used for the MAC is (encrypted).
brian
briank(_at_)terisa(_dot_)com