[Note: This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.] CMS/PKCS #7 provides the capability to both sign and envelope a message. This is possible because protected messages can be nested. Digitally signing and enveloping a message protects it by applying all the security services separately described in the SignedCms Message and EnvelopedCms Message topics.
E-mail, using the S/MIME security standard, is an example of an application in which both signing and enveloping a message is useful. S/MIME specifies the ability to both sign and encrypt an e-mail message. If your application requires a high probability of both data authentication and data confidentiality, use a combination of digital signing and digital enveloping.
Although these security services can be applied in either order, it might be advantageous to first sign a message and then envelope it. As such, the data that was signed was intelligible because it was not yet encrypted.
Sign and envelope a message by using the SignedCms and EnvelopedCms classes in conjunction with one another. For example, application requirements dictate first signing a message and then enveloping it. Sign the message using the SignedCms class as discussed in the topic SignedCms Message. Encode the SignedCms message by invoking the SignedCms..::Encode method. This yields the encoding as a byte array. Use that byte array as the input to construct a ContentInfo object. Use the ContentInfo object as input to construct an EnvelopedCms object.
The EnvelopedCms object now has a SignedCms object nested inside it as its inner content. Now, envelope the message as described in EnvelopedCms Message.
For a code example that signs and envelopes a message, see the How to: Sign and Envelop a Message topic.
See Also