Protected Data Format

Protected data is stored as an ASN.1 encoded BLOB. The data is formatted as CMS (certificate message syntax) enveloped content. The digital envelope contains encrypted content, recipient information that contains an encrypted content encryption key (CEK), and a header that contains information about the content, including the unencrypted protection descriptor rule string. This is shown by the following diagram.

Protected enveloped data

Related topics

Protection Descriptors
Protection Providers