SignerInfo Change
1998-12-10 08:28:36
Blake:
At the face-to-face S/MIME working group session, the group decided to
make a chane to SignerInfo. Since you were not at the meeting, I am
sending it to you to make a corresponging change in the MSG
document.
Below is the updates section 5.3. The old issuerAndSerialNumber is
replaced with sid. The MSG document must be updated to say:
S/MIME v3 requires the use of SignerInfo version 1, that is the
issuerAndSerialNumber CHOICE must be used for SignerIdentifier.
Please post the updated MSG document ASAP. I would like to progress
to IETF Last Call before Christmas.
Russ
= = = = = = = = = =
5.3 SignerInfo Type
Per-signer information is represented in the type SignerInfo:
- SignerInfo ::= SEQUENCE {
- version CMSVersion,
- sid SignerIdentifier,
- digestAlgorithm DigestAlgorithmIdentifier,
- signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
- signatureAlgorithm SignatureAlgorithmIdentifier,
- signature SignatureValue,
- unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
- SignerIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier }
- SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
- UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
- Attribute ::= SEQUENCE {
- attrType OBJECT IDENTIFIER,
- attrValues SET OF AttributeValue }
- AttributeValue ::= ANY
- SignatureValue ::= OCTET STRING
The fields of type SignerInfo have the following meanings:
- version is the syntax version number. If the SignerIdentifier
is the CHOICE issuerAndSerialNumber, then the version shall be 1.
If the SignerIdentifier is subjectKeyIdentifier, then the version shall
be 3.
- sid specifies the signer's certificate (and thereby the signer's
public key). The signer's public key is needed by the recipient to
validate the signature. SignerIdentifier provides two alternatives
for specifying the signer's public key. The issuerAndSerialNumber
alternative identifies the signer's certificate by the issuer's
distinguished name and the certificate serial number; the
subjectKeyIdentifier identifies the signer's certificate by the X.509
subjectKeyIdentifier extension value.
- digestAlgorithm identifies the message digest algorithm, and any
associated parameters, used by the signer. The message digest is
computed on either the content being signed or the content together with
the signed attributes using the process described in section 5.4.
The message digest algorithm should be among those listed in the
digestAlgorithms field of the associated SignerData.
- signedAttributes is a collection of attributes that are signed.
The field is optional, but it must be present if the content type of the
EncapsulatedContentInfo value being signed is not id-data. Each
SignedAttribute in the SET must be DER encoded. Useful attribute
types, such as signing time, are defined in Section 11. If the
field is present, it must contain, at a minimum, the following two
attributes:
-
- A content-type attribute having as its value the content type of the
EncapsulatedContentInfo value being signed. Section 11.1 defines
the content-type attribute. The content-type attribute is not
required when used as part of a countersignature unsigned attribute as
defined in section 11.4.
- A message-digest attribute, having as its value the message digest of
the content. Section 11.2 defines the message-digest
attribute.
- signatureAlgorithm identifies the signature algorithm, and any
associated parameters, used by the signer to generate the digital
signature.
- signature is the result of digital signature generation, using the
message digest and the signer's private key.
- unsignedAttributes is a collection of attributes that are not
signed. The field is optional. Useful attribute types, such
as countersignatures, are defined in Section 11.
The fields of type SignedAttribute and UnsignedAttribute have the
following meanings:
- attrType indicates the type of attribute. It is an object
identifier.
- attrValues is a set of values that comprise the attribute. The
type of each value in the set can be determined uniquely by
attrType.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- SignerInfo Change,
Russ Housley <=
|
|
|