Alicia,
I can think of atleast one way of dealing with this that meets your problem
in the current CMS method. That would be to emit the encrypted body into
the data file and then have a EncryptedData object followed by a SignedData
object in the header information file. While this would not be strictly a
CMS object in the second file the code could easily understand that the two
items would follow in sequence.
Jim
-----Original Message-----
From: owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-smime(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of Alicia
da
Conceicao
Sent: Monday, August 29, 2005 7:25 AM
To: ietf-smime(_at_)vpnc(_dot_)org
Subject: replacement for signedAndEnvelopedData for CMS with
external encrypted data
Greetings:
SignedAndEnvelopedData has been deprecated for CMS. Instead
CMS SignedData structures with embedded data are encrypted
and placed inside the optional EncryptedContent of a CMS
EnvelopedData structure.
But one can have a CMS SignedData digital signature that is
detached in a separate file from the original data. And one
can have a CMS EnvelopedData structrure with decryption
details in a separate file from the encrypted data since the
EncryptedContent is optional.
But without CMS support for SignedAndEnvelopedData, how does
one impliment a detached file that is CMS compliant,
containing a digital signature and decryption details, for a
separate file or stream of encrypted data? Detachment is
critical if one is dealing with large (> 1GB) file or data streams.
There are many real world cases where you want to both sign
and encrypt a message, and don't care if others can see who signed it.
Especially when one has a centralized trusted organiation,
like a CA, software company, or service provider. These
trusted organiations can digital signed and distribute
CUSTOMIZED secure data that is encrypted with the customers
public keys. This is useful for provisioning, VoIP, video on
demand, etc.
If anyone has any reasonable work around for
SignedAndEnvelopedData that works with detached encrypted
data and still meets the CMS standards, please let me know.
Otherwise it may be useful to look at ammending the CMS
specification to include SignedAndEnvelopedData.
Thank you in advance.
Alicia.