| (I) A digital envelope for a recipient is a combination of (a)
encrypted content data (of any kind) and (b) the content
encryption key in an encrypted form that has been prepared for the
use of the recipient.
(C) In ISDs, this term should be defined at the point of first use
because, although the term is defined in PKCS #7 and used in
S/MIME, it is not yet widely established.
(C) Digital enveloping is not simply a synonym for implementing
data confidentiality with encryption; digital enveloping is a
hybrid encryption scheme to "seal" a message or other data, by
encrypting the data and sending both it and a protected form of
the key to the intended recipient, so that no one other than the
intended recipient can "open" the message. In PCKS #7, it means
first encrypting the data using a symmetric encryption algorithm
and a secret key, and then encrypting the secret key using an
asymmetric encryption algorithm and the public key of the intended
recipient. In S/MIME, additional methods are defined for
conveying the content encryption key.
|
