Oliver King <[EMAIL PROTECTED]> writes:
> I understand that RSA's TIPEM (Toolkit for Interoperable Privacy-Enhanced
> Messaging) generates PKCS#7 EnvelopedData structures in which the
> EncryptedContent is an ASN.1 _sequence_ of octet strings, rather than a
> single octet string. Can anyone out there who has dealt with TIPEM confirm
> this?
Yes, it does. It's what's known as a constructed indefinite
length encoding. It's the right way to do things.
The idea is that you want to encode the data but you don't know how
long it is. In order to generate the primitive definite length
encoding, you have to read the entire file, encrypt it, and then
spit it out in one shot (So you can write the length octets
at the beginning.) This approach allows you to encrypt the
file in a single pass without buffering, since you write it
out one bite-sized chunk at a time.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
PureTLS - free SSLv3/TLS software for Java
http://www.rtfm.com/puretls/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
