{"id":419,"date":"2014-04-28T06:00:37","date_gmt":"2014-04-28T14:00:37","guid":{"rendered":"http:\/\/unmitigatedrisk.com\/?p=419"},"modified":"2014-04-28T07:23:25","modified_gmt":"2014-04-28T15:23:25","slug":"generating-signed-messages-using-cms-and-pki-js","status":"publish","type":"post","link":"https:\/\/unmitigatedrisk.com\/?p=419","title":{"rendered":"Generating signed messages using CMS and PKI.js"},"content":{"rendered":"<p>One of the most common signature formats on the web is known as <a href=\"https:\/\/tools.ietf.org\/html\/rfc5652\">CMS SignedData<\/a>, this is the signature format used in PDF files, CAdES, S\/MIME and several other digital signature solutions.<\/p>\n<p>As a signature it has a few notable\u00a0features:<\/p>\n<ol>\n<li>Having multiple signers.<\/li>\n<li>Including meta-data that will be signed along with the data that is being signed.<\/li>\n<li>Including meta-data that is outside the scope of the signature.<\/li>\n<li>Signing data contained within the signature or data referenced by it.<\/li>\n<\/ol>\n<p>These traits mean you can do some interesting things like implementing counter-signing in-turn enabling notarization scenarios.<\/p>\n<p>Utilizing PKI.js you can now create and verify this signature format, bellow is an example of how creating one of these messages looks using this library:<\/p>\n<pre>\/\/ #region Put a static values \r\nvar sample_data = new Uint8Array(sample_data);\r\nsample_data[0] = 0x00;\r\nsample_data[1] = 0x01;\r\nsample_data[2] = 0x02;\r\nsample_data[3] = 0x03;\r\nsample_data[4] = 0x04;\r\n\r\ncms_signed_simpl = new org.pkijs.simpl.CMS_SIGNED_DATA({\r\n    digestAlgorithms: [\r\n        new org.pkijs.simpl.ALGORITHM_IDENTIFIER({ algorithm_id: \"1.3.14.3.2.26\" }) \/\/ SHA-1\r\n    ],\r\n    encapContentInfo: new org.pkijs.simpl.cms.EncapsulatedContentInfo({\r\n        eContentType: \"1.2.840.113549.1.7.1\", \/\/ \"data\" content type\r\n        eContent: new org.pkijs.asn1.OCTETSTRING({ value_hex: sample_data })\r\n    }),\r\n    signerInfos: [\r\n        new org.pkijs.simpl.CMS_SIGNER_INFO({\r\n            sid: new org.pkijs.simpl.cms.IssuerAndSerialNumber({\r\n                issuer: cert_simpl.issuer,\r\n                serialNumber: cert_simpl.serialNumber\r\n            }),\r\n            digestAlgorithm: new org.pkijs.simpl.ALGORITHM_IDENTIFIER({ algorithm_id: \"1.3.14.3.2.26\" }), \/\/ SHA-1\r\n            signatureAlgorithm: new org.pkijs.simpl.ALGORITHM_IDENTIFIER({ algorithm_id: \"1.2.840.113549.1.1.5\" }), \/\/ RSA + SHA-1\r\n        })\r\n    ],\r\n    certificates: [cert_simpl]\r\n});\r\n\/\/ #endregion \r\n\r\nreturn cms_signed_simpl.sign(privateKey, 0);\r\n<\/pre>\n<p>In this sample you can see we are putting our content to be signed within the SignedData message and then signing it with RSA and SHA1, this is in-the exact same thing that is needed to implement what is called opaque signed email in\u00a0S\/MIME.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the most common signature formats on the web is known as CMS SignedData, this is the signature format used in PDF files, CAdES, S\/MIME and several other digital signature solutions. As a signature it has a few notable\u00a0features: Having multiple signers. Including meta-data that will be signed along with the data that is [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[121,118,120],"class_list":["post-419","post","type-post","status-publish","format-standard","hentry","category-programming","tag-cms","tag-javascript","tag-pki-js"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=419"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/419\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}