[Top] [All Lists]

Re: [smime] CMS signed object algorithm selection question

2015-05-20 13:08:18

See below.

Is this the right place to ask a question about the Cryptographic
Message Syntax signed object spec (RFC5652 Section 5)?  (I'm interested
in understanding the RFC author's intentions, not what implementations
currently do.)

I am reviewing draft-ietf-sidr-rfc6485bis for the sidr working group and
am confused about SignerInfo algorithm selection, specifically the
relationship between the digestAlgorithm and signatureAlgorithm fields.

RFC3370 defines the digest algorithm OIDs sha-1 and md5.  It also
defines the signature algorithm OIDs rsaEncryption,
sha1WithRSAEncryption, and md5WithRSAEncryption.  This leads me to wonder:

 * Suppose digestAlgorithm contains sha-1. Is there any functional
   difference between choosing rsaEncryption vs. sha1WithRSAEncryption
   for the signatureAlgorithm field?

These are equivalent.  However, the practice is to use the hash function 
identifier in digestAlgorithm and the the identifier that includes the hash 
function and the signature algorithm in signatureAlgorithm.

 * What happens if I put sha-1 in digestAlgorithm but choose
   md5WithRSAEncryption for signatureAlgorithm?

At  minimum, this is rude.  The I would expect an error.

The complete answer requires looking at SignedData:

      SignedData ::= SEQUENCE {
        version CMSVersion,
        digestAlgorithms DigestAlgorithmIdentifiers,
        encapContentInfo EncapsulatedContentInfo,
        certificates [0] IMPLICIT CertificateSet OPTIONAL,
        crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
        signerInfos SignerInfos }

The digestAlgorithms list comes before the content.  This allows an 
implementation to calculate the hash values as it buffers or processes the 
content, depending on the circumstance.  To encounter a signature that uses a 
hash function that is not in this list should cause an error.

 * In general, what is the relationship between the digest algorithm
   associated with the chosen signatureAlgorithm and the chosen

I think this is answered above,


smime mailing list