[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] SignedData contentInfo field and Der encoding


the PKCS#7 implementation of IAIK-JCE highly is based on S/MIME and
therefore only allows PKCS#7-data for the inner content type. If you want to
use a user-defined content type you may build your own structure and "wrap"
it into a Data object: Encode your own structure and use this encoding as
input of a SignedData object. (S/MIME, for instance, also follows this
practice when building signed and encrypted messages). Notice that PKCS#7
successor CMS wraps the content of any encapsualted content info (i.e. the
"inner" content) into an OCTET_STRING. So following the way described above
additionally may bring the advantage of being compatible to CMS

PKCS#7v1.5 caculates the hash to be encrypted only on the pure content (and
not whole the encoding) allowing to use the indefinite constructed (BER)
encoding method for encoding the content which is advantageously for
handling big amounts of data. If authenticated attributes are present, the
final hash has to be calcualted over the DER encoding of the authenticated
attributes (however, even in this case, the data itself may be BER encdoded
since the hash for the messageDigest attribute again is calculated on the

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Miguel Reis
Gesendet: Sonntag, 8. Oktober 2000 22:20
An: iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] SignedData contentInfo field and Der encoding


I'm a student from Portugal which is using iaik-jce in a project. I just
want to do two questions:

1) In this project i need to build a ContentInfo structure with a particular
user-defined and specific ObjectId (which is not pkcs7). Then, this
contentInfo is to be used in the correponding field in a SignedData
structure. But iaik-jce doesn't let me do this. Is there any way to avoid
this problem?

2) In the ASN specification says that the Der-encoding of any ASN structure
(and in particular all the structured types) MUST be done with
definite-length encoding. Then, why is that iaik-jce DerCoder uses
indefinite-length encoding in various structures, like SignedData and
ContentInfo structures? This encoding doesn't make the Der-encoding
impossible to parse to any other Der coder?

Thanking you all for your time,


O e-mail preferido dos portugueses http://www.portugalmail.pt
Mailinglist-archive at

To unsubscribe send an email to listserv@iaik.at with the folowing content:

*                                                                         *
* IAIK S/MIME Mapper Security Info                                        *
* ===================================                                     *
*                                                                         *
* for message:                                                            *
*   From: "Dieter Bratko" <Dieter.Bratko@iaik.at>                         *
*   Date: Tue, 10 Oct 2000 09:15:07 +0200                                 *
*   Subject: AW: [iaik-jce] SignedData contentInfo field and Der encoding *
*                                                                         *
* Message S/MIME properties:                                              *
*                                                                         *
*   Encrypted using:    not encrypted                                     *
*                                                                         *
*   Digitally signed:   yes                                               *
*   Signature valid:    yes                                               *
*   Signature trusted:  yes                                               *
*                                                                         *
*                                                                         *
* Compliance with policy for email addresses *@iaik.at:                   *
*                                                                         *
*   Encryption:         OK (None or better required)                      *
*                                                                         *
*   Digital Signature:  OK (digital signature required)                   *
*                                                                         *