[Cryptography] cms with multiple signatures
Werner Koch
wk at gnupg.org
Fri Jan 29 09:06:54 EST 2016
On Thu, 28 Jan 2016 16:21, ddurham at davyandbeth.com said:
> So that raises the question: Is that correct? I checked RFC 5752
> (around section 4.6 and following) but it wasn't clear to me exactly
> how it should work. And it sounded like there might be a variety of
It is pretty clear from the ASN.1 description. Here is an excerpt from
RFC-5652 (but all profiles I used are identical in this regard)
| SignedData ::= SEQUENCE {
| version CMSVersion,
| digestAlgorithms DigestAlgorithmIdentifiers,
| encapContentInfo EncapsulatedContentInfo,
| certificates [0] IMPLICIT CertificateSet OPTIONAL,
| crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
| signerInfos SignerInfos }
|
| DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
| SignerInfos ::= SET OF SignerInfo
The SignerInfo object has the actual signature.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list