Protects a data stream by signing and/or encrypting the stream.
The service client should create an output stream to which the
encrypted and/or signed data should be persisted.
This service will return an OutputStream that the client should
use to write the unprotected data. The encrypted key that must
be used to decrypt the stream will be placed in the key
envelope. The client is responsible for retaining the encrypted
key and providing it when the stream is subsequently decrypted.
The encrypted key is usually a symmetric key encrypted with the
public key of the agent.
This service must be able to re-encrypt symmetric keys at any time.
For instance, keys may be re-encrypted if the certificate containing
the public key is about to expire, or if the certificate is revoked.
In order to get access to keys at any time, the client must
implement the DataProtectionServiceClient interface,
which provides an iterator over all the key envelopes into which
keys have been placed. The client is responsible for storing the
envelope, so that it is available in the Iterator.
Parameters: pke - provides a place to store the key used to encrypt the stream Parameters: os - the output stream containing the encrypted and/or signed data An output stream that the client uses to protect data. |