Hello,
I have noticed something interesting about signing in the CMS
specification and don't really know what to do with it.
The RFC says that if SignerInfo::signedAttrs are present, the signature
covers the signedAttrs (with the message digest being in them). If there
are no signedAttrs, the signature covers the message directly.
Said that, it is possible to just cut and paste the
SignerInfo::signedAttrs to become the new
EncapsulatedContentInfo::eContent without breaking the signature.
1) cut the signedAttrs (possible, because they are optional)
2) remove the eContent value
3) paste the signedAttrs into eContent
Given that the signedAttrs are DER-encoded, they obviously didn't look
good when interpreted as an ASCII message
However, as the signature is still correct, this is basically a forgery
of a message the sender didn't signed.
What do you think? I could also provide an example if needed.
Nice regards,
Damian Poddebniak
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime