[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Newbie question about constructing a signed S/Mime with pkcs#7 objects



Hello,

As a senior developer, I haven't had to do with security until recently. I
find it quite hard to find information on the subject (introductions are
fairly easy to find, but real in-depth info is quite scarce on the
internet). Maybe I'm not looking in the right places. Can you point me to
some in-depth information?

Also, I have a question on how to use IAIK's toolkit for the following.
For our project, we need to send PDF's to a second party. The information is
transported using S/Mime emails. The process to create the S/Mime is:

* Clerk send PDF's to server; they are combined in a request
* Notary signs the request by actually signing each PDF in the request. This
is done using a smartcard, which does not allow the private key to leave the
card...
* The signature is stored on the server
* Clerk collects a number of requests that are signed, and sends them to the
receiving party. Here the S/Mime format is used.

I'd really appreciate some suggestions to solve my questions:

1. In order to sign the PDF, the notary needs to sign a pkcs#7 object that
contains the PDF as data. Is that correct?

2. The process involves clear-signing. Is it possible to transport only the
signature part of the pkcs#7 object to the client machine, sign it using the
pkcs#11 interface (from IBM's alphaworks), and send it back to the server?
Is the signature finished after using the smartcard, or does it go back into
the pkcs#7 object for further processing?

Sending only the signature part instead of the entire pkcs#7 object greatly
reduces the transport overhead, as we use ISDN lines. The question related
to this one is: how can I reconstruct a pkcs#7 object given a PDF and a
signature?

3. Can the pkcs#7 object be put in an S/Mime mime object? This way it can be
included in the mail as an attachment.


-- 
With kind regards,
Wilco Boumans
wboumans@be-value.nl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce