On May 5, 2019, at 7:13 PM, Dr. Pala <direc...@openca.org> wrote:
> small question - I was playing around with the CMS interface and I was 
> wondering what is the right way to generate a signed and encrypted CMS. In 
> particular, for PKCS#7, you could use the signed_and_encrypted choice... but 
> in CMS, there is the envelopedData ... but that does not allow for signing... 
> ??? And for the signed data, there is the signedData type... but that does 
> not allow for encryption... The EncryptedData is for use with PSK - not a 
> case I am interested into...

There are two common approaches that I know of:

- You can combine a SignedData and an EnvelopedData. Depending on your use case 
you may want to sign first and then envelop(e), or envelope first and then 
sign. (IIRC, one of the RFCs suggests sign-envelop-sign, though I can't find 
that text right now.)

- You can use the AuthenticatedEnvelopedData type from RFC5083, with an AEAD 
cipher mode. (This does not provide a signature, but it does provide an 
integrity check which may be sufficient for your needs. You can also combine it 
with SignedData, of course.)

Note that SignedAndEnvelopedData is part of PKCS#7 but wasn't included in CMS; 
even PKCS#7 (RFC2315) suggests that "the sequential combination of signed-data 
and enveloped-data content types is generally preferable to the 
SignedAndEnvelopedData content type" unless you need it for compatibility 
reasons.

Also, last time I tried, OpenSSL's API made it kind of tricky to produce a 
correctly formed sign-envelop or envelop-sign message; that may have improved 
since then, though.


Reply via email to