Skip to main content

SignedData

Represents the SignedData structure described in RFC5652

Examples

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
  encapContentInfo: new pkijs.EncapsulatedContentInfo({
    eContentType: pkijs.ContentInfo.DATA,, // "data" content type
    eContent: new asn1js.OctetString({ valueHex: buffer })
  }),
  signerInfos: [
    new pkijs.SignerInfo({
      sid: new pkijs.IssuerAndSerialNumber({
        issuer: cert.issuer,
        serialNumber: cert.serialNumber
      })
    })
  ],
  // Signer certificate for chain validation
  certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
  contentType: pkijs.ContentInfo.SIGNED_DATA,,
  content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();
// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [trustedCert],
});

if (!ok) {
  throw new Error("CMS signature is invalid")
}

Extends

Implements

Constructors

new SignedData()

new SignedData(parameters): SignedData

Initializes a new instance of the SignedData class

Parameters

parameters: SignedDataParameters = {}

Initialization parameters

Returns

SignedData

Overrides

PkiObject.constructor

Properties

certificates?

optional certificates: CertificateSetItem[]

Implementation of

ISignedData.certificates

crls?

optional crls: SignedDataCRL[]

Implementation of

ISignedData.crls

digestAlgorithms

digestAlgorithms: AlgorithmIdentifier[]

Implementation of

ISignedData.digestAlgorithms

encapContentInfo

encapContentInfo: EncapsulatedContentInfo

Implementation of

ISignedData.encapContentInfo

ocsps?

optional ocsps: BasicOCSPResponse[]

Implementation of

ISignedData.ocsps

signerInfos

signerInfos: SignerInfo[]

Implementation of

ISignedData.signerInfos

version

version: number

Implementation of

ISignedData.version

CLASS_NAME

static CLASS_NAME: string = "SignedData"

Name of the class

Overrides

PkiObject.CLASS_NAME

ID_DATA

static ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data

Accessors

className

get className(): string

Returns

string

Inherited from

PkiObject.className

Methods

fromSchema()

fromSchema(schema): void

Converts parsed ASN.1 object into current class

Parameters

schema: any

ASN.1 schema

Returns

void

Overrides

PkiObject.fromSchema

sign()

sign(privateKey, signerIndex, hashAlgorithm, data, crypto): Promise<void>

Signing current SignedData

Parameters

privateKey: CryptoKey

Private key for "subjectPublicKeyInfo" structure

signerIndex: number

Index number (starting from 0) of signer index to make signature for

hashAlgorithm: string = "SHA-1"

Hashing algorithm. Default SHA-1

data: BufferSource = ...

Detached data

crypto: ICryptoEngine = ...

Crypto engine

Returns

Promise<void>

toJSON()

toJSON(): SignedDataJson

Converts the class to JSON object

Returns

SignedDataJson

JSON object

Overrides

PkiObject.toJSON

toSchema()

toSchema(encodeFlag): any

Converts current object to ASN.1 object and sets correct values

Parameters

encodeFlag: boolean = false

If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

Returns

any

ASN.1 object

Overrides

PkiObject.toSchema

toString()

toString(encoding): string

Parameters

encoding: "base64" | "base64url" | "hex" = "hex"

Returns

string

Inherited from

PkiObject.toString

verify()

verify(params, crypto)

verify(params?, crypto?): Promise<boolean>

Parameters

params?: SignedDataVerifyParams & object

crypto?: ICryptoEngine

Returns

Promise<boolean>

verify(params, crypto)

verify(params, crypto?): Promise<SignedDataVerifyResult>

Parameters

params: SignedDataVerifyParams & object

crypto?: ICryptoEngine

Returns

Promise<SignedDataVerifyResult>

blockName()

static blockName(): string

Returns block name

Returns

string

Returns string block name

Inherited from

PkiObject.blockName

compareWithDefault()

static compareWithDefault(memberName, memberValue): boolean

Compare values with default values for all class members

Parameters

memberName: string

String name for a class member

memberValue: any

Value to compare with default value

Returns

boolean

defaultValues()

defaultValues(memberName)

static defaultValues(memberName): number

Returns default values for all class members

Parameters

memberName: "version"

String name for a class member

Returns

number

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): AlgorithmIdentifier[]

Returns default values for all class members

Parameters

memberName: "digestAlgorithms"

String name for a class member

Returns

AlgorithmIdentifier[]

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): EncapsulatedContentInfo

Returns default values for all class members

Parameters

memberName: "encapContentInfo"

String name for a class member

Returns

EncapsulatedContentInfo

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): CertificateSetItem[]

Returns default values for all class members

Parameters

memberName: "certificates"

String name for a class member

Returns

CertificateSetItem[]

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): SignedDataCRL[]

Returns default values for all class members

Parameters

memberName: "crls"

String name for a class member

Returns

SignedDataCRL[]

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): BasicOCSPResponse[]

Returns default values for all class members

Parameters

memberName: "ocsps"

String name for a class member

Returns

BasicOCSPResponse[]

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName)

static defaultValues(memberName): SignerInfo[]

Returns default values for all class members

Parameters

memberName: "signerInfos"

String name for a class member

Returns

SignerInfo[]

Default value

Overrides

PkiObject.defaultValues

fromBER()

static fromBER<T>(this, raw): T

Creates PKI object from the raw data

Type Parameters

T extends PkiObject

Parameters

this: PkiObjectConstructor<T>

raw: BufferSource

ASN.1 encoded raw data

Returns

T

Initialized and filled current class object

Inherited from

PkiObject.fromBER

schema()

static schema(parameters): any

Returns value of pre-defined ASN.1 schema for current class

Parameters

parameters: SchemaParameters<object> = {}

Input parameters for the schema

Returns

any

ASN.1 schema object

Overrides

PkiObject.schema