2) Your module mandates that a SignatureValue must be an ENCRYPTED SEQUENCE
of digestAlgorithm and digest. CMS, Section 5.4 does not mandate the
inclusion of the digestAlgorithm in the message signature generation
process. In fact, only the digest itself is input to the DSS algorithm. I
recommend replacing your current SignatureValue, DigestInfo and Digest
definitions with the definition of SignatureValue as an OCTET STRING. The
SignerInfo signatureAlgorithm will indicate exactly what data is to be
encrypted to form the SignatureValue. There should be appendices to CMS
for
DSS, RSA, Elliptical curve (future), etc.
This depends on the extent to which CMS is to be compatable with PKCS#7,
which
does mandate that the digestAlgorithm is included within the signature value.
While it would be possible to have the signatureAlgorithm define the
structure
of the data that is signed, what is the benefit? Is there any reason not to
retain compatability with PKCS#7 here?
Yes. When the RSA signature algorithm is used, there will be
compatability. The signature algorithm identifier tells the implementor
what xact process to use in the caluclation and verification of the signature.
Russ