To take on a couple of the questions that Peter didn't address...
Jack Lloyd <lloyd(_at_)randombit(_dot_)net> writes:
3) It is legal to include SignedAttributes and sign everything
that way even when signing plain data content, correct?
Yes, this is basically what SignedData is for. %-}
Maybe I'm not grokking the question.
4) Is the encoding of subjectKeyIdentifier in SignerIdentifier
and
RecipientIdentifier supposed to be with EXPLICIT or IMPLICIT
tags?
This is not particularly clear to me from the texts of RFCs
2630
and 3369.
IMPLICIT.
The module in clause 12.1 of RFC 3369 defaults to IMPLICIT
tagging, and nothing in the definitions of SignerIdentifier or
RecipientIdentifier override this default. In both instances,
this means that the context-specific tag [0] replaces the OCTET
STRING tag.
Maybe somebody with RC2 code in front of them can address
question 5.
Chris