Optional Encryption Caution: Encryption must be unambigious! Method: CMS-Encryption before archiving (Algorithms: RSA, DES-CBC) Archive Service time-stamps data as always add CMS-cover to CMS-encryption-params, store content seperately verification: reconstruction of archive time-stamped data object by decryption of content-encryption key, reencrypt content, insert content CMS_encryption_params::= SEQUENCE { encryptionCover ContentInfo, publicKey BIT STRING OPTIONAL, params CHOICE { [0] privateKey BIT STRING, [1] encryptionKeyRan EncryptionKeyRandom}} EncryptionKeyRandom::= SEQUENCE { encryptionKey OCTET STRING, randomValue BIT STRING}} |