Reputation: 107
Compute digital signature using SignedCms class
I am signing some data using the ContentInfo, SignedCms and CmsSigner classes included in .NET Framework. The signature follows the CAdES standard.
As per documentation, the CmsSigner class generates automatically the contentType and messageDigest signed attributes when at least one signed attribute is added in the CmsSigner.SignedAttributes collection. In my code I add 2 signed attributes, in this order: signing-certificate-v2 and signature-policy-identifier.
When I inspect the generated PKCS#7 object, the signed attributes appear in this order: signature-policy-identifier, contentType, messageDigest and signing-certificate-v2.
Is there a possibility to control the order of the attributes? The order I need is contentType, messageDigest, signing-certificate-v2, signature-policy-identifier.
Upvotes: 0
Views: 523
Answers (1)
Reputation: 12108
This is most likely not the answer you are expecting but when you'll take a look at RFC5652 you'll find out that SignedAttributes are defined as SET OF not as SEQUENCE OF:
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
When you'll take a look at A Layman's Guide to a Subset of ASN.1, BER, and DER you'll see the difference between these two:
SET OF - an unordered collection of zero or more occurrences of a given type
SEQUENCE OF - an ordered collection of zero or more occurrences of a given type
So to sum it up => RFC5652 states that signed attributes in CMS structure are unordered => their order does not matter.
Upvotes: 2
Related Questions
- How to verify digital signature in C#
- C# implementation to get SignedCms from signed file
- How do I read the digital signature information from a signed .Net assembly?
- verifying digital signature in c#
- How does .NET digital signing work?
- How to validate a digital signature?
- Digital signature with CryptVerifySignature
- Problems checking .net signature in java
- Digital Signature/Code Signing Question
- Generating Digital Signature