Creating and Receiving Enveloped Data Messages

An enveloped message is a message that is encrypted for a set of recipients. In the envelopment process, a session encryption key is generated and the message is encrypted with that key. The encryption key itself is then encrypted separately for each recipient using the public keys from each intended recipient's certificate. The enveloped message consists of the encrypted message, the certificates of the intended recipients, and the set of encrypted keys, one for each recipient. The message generated is in PKCS #7/CMS format.

The following sections show procedures and examples for enveloped message tasks: