The data can then be sent to your partner using any mechanism you like. Since the data is encrypted and signed it is a very secure package and since you will only use the symmetric passphrase once its physical security is not an issue either. The recommended method would be to use a web service running over https (SOAP). The SOAP message should include the encrypted payload and optionally could include the signed and encrypted symmetric passphrase and your public certificate as attachments similar to my example below.
MIME-Version: 1.0 Content-Type: Multipart/Related; boundary=MIME_boundary; type=text/xml; start="<securemsg>" Content-Description: This is the optional message description. --MIME_boundary Content-Type: text/xml; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-ID: <securemsg> <?xml version='1.0' ?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> .. <theSignedData href="myPriv.xml.ase128"/> <thePublicCert href="cln-pubcert.pem"/> <theSymmetricKey href="passphrase.sig.enc"/> .. </SOAP-ENV:Body> </SOAP-ENV:Envelope> --MIME_boundary Content-Type: application/encoded-data Content-Transfer-Encoding: base64 Content-ID: <myPriv.xml.ase128> ...base64 AES encoded xml data --MIME_boundary Content-Type: application/public-certificate Content-Transfer-Encoding: base64 Content-ID: <cln-pubcert.pem> ...PEM version of public certificate --MIME_boundary Content-Type: application/symmetric-key Content-Transfer-Encoding: base64 Content-ID: <passphrase.sig.enc> ...PEM version of Signed and Encrypted symmetric passphrase --MIME_boundary
If you are not planning to reuse the passphrase for subsequent transmissions then it is safer to remove it then to leave it on your system.
$ rm passphrase-$$ passphrase-$$.sig passphrase-$$.sig.enc passphrase.sig.enc