[Cryptography] cms with multiple signatures

Davy Durham ddurham at davyandbeth.com
Thu Jan 28 10:21:28 EST 2016 

Update: So I had an assumption which was wrong when I was testing 
OpenSSL.  I can get openssl to add multiple signatures (however it 
strangely includes the whole chain (with 3 elements in chain) for one 
sig but leaves out the root in the second one ???), I was assuming that 
when I did the verify that it should verify if any of the signatures 
were valid, but it apparently checks that they are /all/ valid.  That 
is, when I verified I was only giving it the root of one of the 
signatures and not both.  When I gave it both root certs in the -CAfile 
argument it passed.

So that raises the question: Is that correct?   I checked RFC 5752 
(around section 4.6 and following) but it wasn't clear to me exactly how 
it should work.  And it sounded like there might be a variety of 
possibilities many of which openssl cms doesn't do.    And in another 
place it sound like it might ought to be application specific.

I was hoping that it was possible to sign in such a way that any of the 
signatures being valid was considered successful (not nesting signatures 
here, but signing independently, in parallel).  If that's what I need 
then I'm guessing I need to do multiple detached signatures and just 
verify them as I need.

Thanks for the info.

As for -resign: Running "openssl cms -sign" once given two -signer and 
-inkey args, and running "openssl cms -sign" followed by "openssl cms 
-resign" both produce files which verify (only when given both roots), 
they produce slightly different output.  The only difference I can spot 
in the asn1 (other than some reordering) is that the former has a single 
signing time field.  I guess that makes sense.



On 01/27/2016 11:54 AM, Dmitry Belyavsky wrote:
> Dear Davy,
>
> On Wed, Jan 27, 2016 at 9:24 AM, Davy Durham <ddurham at davyandbeth.com 
> <mailto:ddurham at davyandbeth.com>> wrote:
>
>     Question..
>       Hopefully, this won't be terribly off topic, and maybe those
>     playing with the standards have run into the same problem in the
>     past...  I have searched high and low for some open source tool
>     (running on linux here) that can generate cms/smime/pkcs7 messages
>     with multiple signatures, but without much success.
>
>     1) *OpenSSL*'s smime/cms documentation says it supports it, but
>     the same page says it's not allowed (just search for "multiple" in
>     the docs for either of the cms or smime commands).  I have managed
>     to get it to sign a file and the signature contains multiple certs
>     (either by using -resign or -sign with two -signer args), but when
>     I dump the signature data it seems to be missing some parts of
>     either chain.    Maybe that's fine, but openssl fails to validate
>     the signed content with either cert used to sign it (It gives a
>     'self signed certificate' error (and the two certs I'm
>     experimenting with are) even though I can sign and verify with
>     either of the two certs when not trying to sign with both at the
>     same time.. but I've seen other errors too when using a chain
>     instead of a self-signed).
>
>
> man cms:
>        -resign
>            resign a message: take an existing message and one or more new
>            signers.
>
> smime has the same option.
>
> -- 
> SY, Dmitry Belyavsky
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160128/d4f6ee36/attachment.html>

More information about the cryptography mailing list