The SignedAndEnvelopedData was dropped because of a security concern. An
attacker can remove the signature, essentially making an EnvelopedData, and
the recipient has no way to tell that the originator intended to sign and
encrypt the protected content.
At 08:13 AM 8/27/2005, Alicia da Conceicao wrote:
Does CMS (Cryptographic Message Syntax) support signedAndEnvelopedData
as specified in PKCS7 v 1.5? I cannot find any references to
signedAndEnvelopedData in RFC-2630.
Has signedAndEnvelopedData been deprecated in favour of placing signedData
within encrypted envelopedData, in order to protect the identity of the
Thank you in advance.