At 02:53 PM 3/12/98 -0800, Denis Pinkas wrote:
From John :
CMS (sec 5.3 and 5.4) already requires two
separate hash calculations when authenticated attributes are used. First,
the content is hashed and the resulting hash value is included in the
messageDigest authenticated attribute. Then the DER-encoded
authenticatedAttributes are hashed. The signature value is generated
from the resulting hash value.
From Jim :
The message is hashed and then the message hash is included
in the authenticated attributes as a new attribute. The authenticiated
attributes are then hashed and this is the value that is actually signed.
The only requirement is that the same hash function be applied to both sets
of data to be hashed (not an oderous requirement as you should only use
hash functions that you think are good anyway).
The first sentence of 5.3 says: "The message digest calculation process
a message digest on either the content being signed or the content together
with the signer's authenticated attributes." Doesn't this prepare the reader
for two ways to calculate the signature?
Do you have problems with the description in 5.3 or 5.4?