[Cryptography] What is the format to add multiple signatures (Would PKCS#7 work?)
Alfonso De Gregorio
alfonso.degregorio at gmail.com
Thu Aug 6 09:16:05 EDT 2015
On Thu, Aug 6, 2015 at 12:19 PM, Puneet Bakshi <bakshi.puneet at gmail.com> wrote:
...
> Where (means where in ASN1 grammer) can I put name of the signed document in
> PKCS7 (or CMS) ?
The standard describes how to work with arbitrary octet strings; it
doesn't have any notion of file. Which is to say that there is no such
thing as 'file name' field in the PKCS#7 / CMS syntax.
> When p7s-file is opened using p7s-viewer
> (http://www.signfiles.com/p7s-viewer/), it shows "Signed document name" as
> "Test Document.docx". This is also shown in screenshot pasted at this link.
I guess what that utility does is to remove the PKCS#7 file name
extension from the file where the CMS happens to be stored. The viewer
then uses the resulting string as the suggested file name for the data
content, when in its turn it is stored in a file.
On a related note: It may be trivial to trick the viewer application
into associating arbitrary file names and/or extensions to the CMS
data content. As the interpretation of those octet string is left to
the viewer application, extra care should be placed on handling those
contents, *including* when the Content Type is signed-data.
> Regards,
> ~Puneet
Alfonso
More information about the cryptography
mailing list