Jack Lloyd <lloyd(_at_)randombit(_dot_)net> writes:
1) I'm pretty sure I understand how to nest CMS structures correctly, but the
existing S/MIME examples draft doesn't have any examples of, say, compress
then encrypt then sign. Are there any examples floating around, or, are
there any free implementations of CMS that do this, which I could use to
generate a few tests? (Preferably PEM or raw binary, rather than MIME, but
I'll take what I can get).
You can do it with cryptlib, http://www.cs.auckland.ac.nz/~pgut001/cryptlib/,
just run the self-tests and it'll dump one of every kind of CMS message you
can think of into /tmp (you need to create this directory first if you're
running under Windows). If I hadn't deleted them all in a cleanup about 15
minutes ago I'd send you pre-built examples.
2) In section 6.2.3 of RFC 3369, "keyIdentifier identifies the key-encryption
key that was previously distributed to the sender and one or more
recipients." Is there some typical mechanism for choosing this value?
Obviously, as far as the RFC is concerned, one can do pretty much anything
they please, but if there is a simple and commonly used method, I figure I
might as well go with the crowd.
Uhh, go to the PKIX archives and read the recent thread. Basically, this
doesn't work properly if used with certain PKIX interpretations of
keyIdentifiers.
Peter.