SignedData

Represents the SignedData structure described in RFC5652

Examples

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
  encapContentInfo: new pkijs.EncapsulatedContentInfo({
    eContentType: pkijs.ContentInfo.DATA,, // "data" content type
    eContent: new asn1js.OctetString({ valueHex: buffer })
  }),
  signerInfos: [
    new pkijs.SignerInfo({
      sid: new pkijs.IssuerAndSerialNumber({
        issuer: cert.issuer,
        serialNumber: cert.serialNumber
      })
    })
  ],
  // Signer certificate for chain validation
  certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
  contentType: pkijs.ContentInfo.SIGNED_DATA,,
  content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [trustedCert],
});

if (!ok) {
  throw new Error("CMS signature is invalid")
}

Extends

• PkiObject

Implements

• ISignedData

Constructors

Constructor

new SignedData(parameters): SignedData

Initializes a new instance of the SignedData class

Parameters

parameters

SignedDataParameters = {}

Initialization parameters

Returns

SignedData

Overrides

PkiObject.constructor

Properties

certificates?

optional certificates: CertificateSetItem[]

Implementation of

ISignedData.certificates

---

crls?

optional crls: SignedDataCRL[]

Implementation of

ISignedData.crls

---

digestAlgorithms

digestAlgorithms: AlgorithmIdentifier[]

Implementation of

ISignedData.digestAlgorithms

---

encapContentInfo

encapContentInfo: EncapsulatedContentInfo

Implementation of

ISignedData.encapContentInfo

---

ocsps?

optional ocsps: BasicOCSPResponse[]

Implementation of

ISignedData.ocsps

---

signerInfos

signerInfos: SignerInfo[]

Implementation of

ISignedData.signerInfos

---

version

version: number

Implementation of

ISignedData.version

---

CLASS_NAME

static CLASS_NAME: string = "SignedData"

Name of the class

Overrides

PkiObject.CLASS_NAME

---

ID_DATA

static ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data

Accessors

className

Get Signature

get className(): string

Returns

string

Inherited from

PkiObject.className

Methods

fromSchema()

fromSchema(schema): void

Converts parsed ASN.1 object into current class

Parameters

schema

any

ASN.1 schema

Returns

void

Overrides

PkiObject.fromSchema

---

sign()

sign(privateKey, signerIndex, hashAlgorithm, data, crypto): Promise<void>

Signing current SignedData

Parameters

privateKey

CryptoKey

Private key for "subjectPublicKeyInfo" structure

signerIndex

number

Index number (starting from 0) of signer index to make signature for

hashAlgorithm

string = "SHA-1"

Hashing algorithm. Default SHA-1

data

BufferSource = ...

Detached data

crypto

ICryptoEngine = ...

Crypto engine

Returns

Promise<void>

---

toJSON()

toJSON(): SignedDataJson

Converts the class to JSON object

Returns

SignedDataJson

JSON object

Overrides

PkiObject.toJSON

---

toSchema()

toSchema(encodeFlag): any

Converts current object to ASN.1 object and sets correct values

Parameters

encodeFlag

boolean = false

If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

Returns

any

ASN.1 object

Overrides

PkiObject.toSchema

---

toString()

toString(encoding): string

Parameters

encoding

"hex" | "base64" | "base64url"

Returns

string

Inherited from

PkiObject.toString

---

verify()

Call Signature

verify(params?, crypto?): Promise<boolean>

Parameters

params?

SignedDataVerifyParams & object

crypto?

ICryptoEngine

Returns

Promise<boolean>

Call Signature

verify(params, crypto?): Promise<SignedDataVerifyResult>

Parameters

params

SignedDataVerifyParams & object

crypto?

ICryptoEngine

Returns

Promise<SignedDataVerifyResult>

---

blockName()

static blockName(): string

Returns block name

Returns

string

Returns string block name

Inherited from

PkiObject.blockName

---

compareWithDefault()

static compareWithDefault(memberName, memberValue): boolean

Compare values with default values for all class members

Parameters

memberName

string

String name for a class member

memberValue

any

Value to compare with default value

Returns

boolean

---

defaultValues()

Call Signature

static defaultValues(memberName): number

Returns default values for all class members

Parameters

memberName

"version"

String name for a class member

Returns

number

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): AlgorithmIdentifier[]

Returns default values for all class members

Parameters

memberName

"digestAlgorithms"

String name for a class member

Returns

AlgorithmIdentifier[]

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): EncapsulatedContentInfo

Returns default values for all class members

Parameters

memberName

"encapContentInfo"

String name for a class member

Returns

EncapsulatedContentInfo

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): CertificateSetItem[]

Returns default values for all class members

Parameters

memberName

"certificates"

String name for a class member

Returns

CertificateSetItem[]

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): SignedDataCRL[]

Returns default values for all class members

Parameters

memberName

"crls"

String name for a class member

Returns

SignedDataCRL[]

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): BasicOCSPResponse[]

Returns default values for all class members

Parameters

memberName

"ocsps"

String name for a class member

Returns

BasicOCSPResponse[]

Default value

Overrides

PkiObject.defaultValues

Call Signature

static defaultValues(memberName): SignerInfo[]

Returns default values for all class members

Parameters

memberName

"signerInfos"

String name for a class member

Returns

SignerInfo[]

Default value

Overrides

PkiObject.defaultValues

---

fromBER()

static fromBER<T>(this, raw): T

Creates PKI object from the raw data

Type Parameters

T

T extends PkiObject

Parameters

this

PkiObjectConstructor<T>

raw

BufferSource

ASN.1 encoded raw data

Returns

T

Initialized and filled current class object

Inherited from

PkiObject.fromBER

---

schema()

static schema(parameters): any

Returns value of pre-defined ASN.1 schema for current class

Parameters

parameters

SchemaParameters<{ certificates?: string; crls?: RevocationInfoChoicesSchema; digestAlgorithms?: string; encapContentInfo?: EncapsulatedContentInfoSchema; signerInfos?: string; version?: string; }> = {}

Input parameters for the schema

Returns

any

ASN.1 schema object

Overrides

PkiObject.schema