Greetings:
SignedAndEnvelopedData has been deprecated for CMS. Instead CMS
SignedData structures with embedded data are encrypted and placed
inside the optional EncryptedContent of a CMS EnvelopedData
structure.
But one can have a CMS SignedData digital signature that is detached
in a separate file from the original data. And one can have a CMS
EnvelopedData structrure with decryption details in a separate file
from the encrypted data since the EncryptedContent is optional.
But without CMS support for SignedAndEnvelopedData, how does one
impliment a detached file that is CMS compliant, containing a
digital signature and decryption details, for a separate file or
stream of encrypted data? Detachment is critical if one is dealing
with large (> 1GB) file or data streams.
There are many real world cases where you want to both sign and
encrypt a message, and don't care if others can see who signed it.
Especially when one has a centralized trusted organiation, like a CA,
software company, or service provider. These trusted organiations can
digital signed and distribute CUSTOMIZED secure data that is encrypted
with the customers public keys. This is useful for provisioning, VoIP,
video on demand, etc.
If anyone has any reasonable work around for SignedAndEnvelopedData that
works with detached encrypted data and still meets the CMS standards,
please let me know. Otherwise it may be useful to look at ammending
the CMS specification to include SignedAndEnvelopedData.
Thank you in advance.
Alicia.