Supports defining following elements in pkcs signing and encryption:
SubjectKeyIdentifier as SignerIdentifier (alternative choice for IssuerAndSerialNumber)
SubjectKeyIdentifier as RecipientIdentifier (alternative choice for IssuerAndSerialNumber)
Support for RSASSA-PSS as scheme (defaults to RSASSA-PKCS1-V1_5, which was fixed value)
Support for encryption for a recipient with a secret key
Support to specify unsupported algorithms along with a function that implements it when adding a recipient with a secret key for symmetric encryption. The function will be called from inside the encrypt operation. This makes it possible to let the caller decide what content key encryption to use. The result will be embedded in the encryptedContent block of the recipient.
Context:
By supporting subjectKeyIdentifier as signer- and recipient identifiers, it is possible to work with an online registry of public keys (no need for certificates) for both signer and verifier.
RSASSA-PSS is more secure then RSASSA-PKCS1 and requires a little addition to the code since it is allready supported for signing other messages then pkcs7.
Using a secret key for a recipient makes it possible to support encrypting for unknown recipients or a group of recipients that share a secret key or are authorized to retrieve that key by its identifier (kekidentifier)
Supports defining following elements in pkcs signing and encryption:
Context:
closes #1064, closes #1065, closes #1067