[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Sperately Signed and Enveloped PKCS #7



The PKCS #7 standard and the IAIK javadocs recommend that when signing
and encrypting with PKCS7, it is preferable to sequentially first sign
(Signed Data) and then encrypt (Enveloped Data with the resulting Signed
Data as encypted content), rather than to use the Signed and Enveloped
Data structure.

In a situation where the amount of data to be signed and enveloped is
large, and  it is undesireable to have a large intermediate buffer,
should it be feasible to have two threads connected via a
PipedOutputStream and PipedInputStream, one doing the signing, the other
encrypting the result?

My concern is that there seems to be no way to control the size of the
buffer used by the piped streams.

	- Bill Vanyo
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce