[Top] [All Lists]

Naming keys in EncryptedData

2005-11-15 18:16:53

X9.73 defines an additional CMS content type.  It is:

   NamedKeyEncryptedData ::= SEQUENCE {
      version Version,
      keyName KeyName OPTIONAL,
      encryptedContentInfo EncryptedContentInfo }

Does anyone see a reason to fold the keyName into EncryptedData?

The alternative is to assign an attribute that can be used to identify the key that is needed to decrypt the content. That alternative would look like this:

   id-aa-contentDecryptKeyID OBJECT IDENTIFIER ::= { <TBD> }

   ContentDecryptKeyID::= OCTET STRING

I anticipate an update to RFC 3852 to address the ambiguity in handling of multiple SignerInfo, so it would not be difficult to add either the keyName to EncryptedData (with the appropriate version updates) or the ContentDecryptKeyID attribute.


<Prev in Thread] Current Thread [Next in Thread>