[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Sperately Signed and Enveloped PKCS #7



Yes, Piped*Streams are the way to go. In cases where the pipe buffer size is
a performance issue (it may be unless thread scheduling is fast) you can
increase the buffer size by using extending the PipedInputStream class and
using something like:

===
  public MyPipedInputStream() {
    super();
    buffer = new byte[16384];
  }
===

Works fine.

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at


----- Original Message -----
From: "Bill Vanyo" <vanyo@echoes.net>
To: <iaik-jce@iaik.tu-graz.ac.at>
Sent: Saturday, January 27, 2001 3:39 PM
Subject: [iaik-jce] Sperately Signed and Enveloped PKCS #7


> The PKCS #7 standard and the IAIK javadocs recommend that when signing
> and encrypting with PKCS7, it is preferable to sequentially first sign
> (Signed Data) and then encrypt (Enveloped Data with the resulting Signed
> Data as encypted content), rather than to use the Signed and Enveloped
> Data structure.
>
> In a situation where the amount of data to be signed and enveloped is
> large, and  it is undesireable to have a large intermediate buffer,
> should it be feasible to have two threads connected via a
> PipedOutputStream and PipedInputStream, one doing the signing, the other
> encrypting the result?
>
> My concern is that there seems to be no way to control the size of the
> buffer used by the piped streams.
>
> - Bill Vanyo



smime.p7s