handle PKCS#7 authEnveloped-data #65
Comments
|
I'm discovering that this kinda-sorta at least depends on which encryption algorithm gets used. Algorithms like AES CBC are meant for One question that would need to be determined is how to tell which smime-type to use based on what GnuPG/SM used as the encryption algorithm. I wonder if it provides such a hint? Better yet would be if GnuPG/SM told us directly which smime-type to use. The next question I have right now (I haven't read the specs yet, I've only dabbled into this a tiny bit) is: do we need to do anything different when decrypting the content of an authenveloped-data part? I.e. what does it mean for the enveloped data to be "authenticated"? Does it mean there's a way to get digital signatures out of it? Or is this more like a CRC? |
Uh oh!
There was an error while loading. Please reload this page.
AuthEnvelopedData is basically AEAD applied to CMS in place of traditional encryption. It provides robust message integrity in addition to encryption.
See §3.4 of RFC 8551
It should probably behave in GMime in exactly the same way as EnvelopedData, but it's a different
smime-typetag.The text was updated successfully, but these errors were encountered: