Hm, I was unaware that the netscape clients produced signed/enveloped data. I know that the libraries can produce them.
All of these data are pkcs7 content types. pkcs7 content is self describing. You have to open a pkcs7 object to see if its enveloped or encrypted. If you signed the message, the certificates are encoded as part of the pkcs 7 content. If you are trying to examine this data from your own program, you can look at mozilla/security/nss/cmd/smimetools to see how NSS cracks the pkcs 7 content. You can also go to the RSA Labs site and download the pkcs7 spec. One other note: most people are moving to CMS, which is a superset of pkcs7. The CMS spec should be available at the ietf site. bob Kerem Onal wrote: > Hi, > > When I sign and envelope something with netscape messenger, it signs the > message, puts it as data content type and then envelopes this data. So the > form is a data content type in an envelopedData content type. I hope I am > clear. > > It neither use a signedAndEnvelopedData content type nor a signedData > content type in an EnvelopedData content type. > > Therefore, I think, netscape cheks every Data content type in an > envelopedData content type if it is signed or a normal data. Am I right? > > If so, > > 1- Is it ok that a Data Content Type contains a certificate in itself? > 2- What is the standard that tells how to put a certificate into a Data > Content Type? > > Kerem > >
