Skip to main content

Class: SignedData

Represents the SignedData structure described in RFC5652

Example

The following example demonstrates how to create and sign CMS Signed Data

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
  encapContentInfo: new pkijs.EncapsulatedContentInfo({
    eContentType: pkijs.ContentInfo.DATA,, // "data" content type
    eContent: new asn1js.OctetString({ valueHex: buffer })
  }),
  signerInfos: [
    new pkijs.SignerInfo({
      sid: new pkijs.IssuerAndSerialNumber({
        issuer: cert.issuer,
        serialNumber: cert.serialNumber
      })
    })
  ],
  // Signer certificate for chain validation
  certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
  contentType: pkijs.ContentInfo.SIGNED_DATA,,
  content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();

Example

The following example demonstrates how to verify CMS Signed Data

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [trustedCert],
});

if (!ok) {
  throw new Error("CMS signature is invalid")
}

Hierarchy

Implements

Constructors

constructor

new SignedData(parameters?): SignedData

Initializes a new instance of the SignedData class

Parameters

NameTypeDescription
parametersSignedDataParametersInitialization parameters

Returns

SignedData

Overrides

PkiObject.constructor

Properties

certificates

Optional certificates: CertificateSetItem[]

Implementation of

ISignedData.certificates

crls

Optional crls: SignedDataCRL[]

Implementation of

ISignedData.crls

digestAlgorithms

digestAlgorithms: AlgorithmIdentifier[]

Implementation of

ISignedData.digestAlgorithms

encapContentInfo

encapContentInfo: EncapsulatedContentInfo

Implementation of

ISignedData.encapContentInfo

ocsps

Optional ocsps: BasicOCSPResponse[]

Implementation of

ISignedData.ocsps

signerInfos

signerInfos: SignerInfo[]

Implementation of

ISignedData.signerInfos

version

version: number

Implementation of

ISignedData.version

CLASS_NAME

Static CLASS_NAME: string = "SignedData"

Name of the class

Overrides

PkiObject.CLASS_NAME

ID_DATA

Static ID_DATA: "1.2.840.113549.1.7.1"

Accessors

className

get className(): string

Returns

string

Inherited from

PkiObject.className

Methods

fromSchema

fromSchema(schema): void

Converts parsed ASN.1 object into current class

Parameters

NameTypeDescription
schemaanyASN.1 schema

Returns

void

Overrides

PkiObject.fromSchema

sign

sign(privateKey, signerIndex, hashAlgorithm?, data?, crypto?): Promise<void>

Signing current SignedData

Parameters

NameTypeDefault valueDescription
privateKeyCryptoKeyundefinedPrivate key for "subjectPublicKeyInfo" structure
signerIndexnumberundefinedIndex number (starting from 0) of signer index to make signature for
hashAlgorithmstring"SHA-1"Hashing algorithm. Default SHA-1
dataBufferSourceundefinedDetached data
cryptoICryptoEngineundefinedCrypto engine

Returns

Promise<void>

toJSON

toJSON(): SignedDataJson

Converts the class to JSON object

Returns

SignedDataJson

JSON object

Overrides

PkiObject.toJSON

toSchema

toSchema(encodeFlag?): any

Converts current object to ASN.1 object and sets correct values

Parameters

NameTypeDefault valueDescription
encodeFlagbooleanfalseIf param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

Returns

any

ASN.1 object

Overrides

PkiObject.toSchema

toString

toString(encoding?): string

Parameters

NameTypeDefault value
encoding"base64" | "base64url" | "hex""hex"

Returns

string

Inherited from

PkiObject.toString

verify

verify(params?, crypto?): Promise<boolean>

Parameters

NameType
params?SignedDataVerifyParams & { extendedMode?: false }
crypto?ICryptoEngine

Returns

Promise<boolean>

verify(params, crypto?): Promise<SignedDataVerifyResult>

Parameters

NameType
paramsSignedDataVerifyParams & { extendedMode: true }
crypto?ICryptoEngine

Returns

Promise<SignedDataVerifyResult>

blockName

blockName(): string

Returns block name

Returns

string

Returns string block name

Inherited from

PkiObject.blockName

compareWithDefault

compareWithDefault(memberName, memberValue): boolean

Compare values with default values for all class members

Parameters

NameTypeDescription
memberNamestringString name for a class member
memberValueanyValue to compare with default value

Returns

boolean

defaultValues

defaultValues(memberName): number

Returns default values for all class members

Parameters

NameTypeDescription
memberName"version"String name for a class member

Returns

number

Default value

Overrides

PkiObject.defaultValues

defaultValues(memberName): AlgorithmIdentifier[]

Parameters

NameType
memberName"digestAlgorithms"

Returns

AlgorithmIdentifier[]

Overrides

PkiObject.defaultValues

defaultValues(memberName): EncapsulatedContentInfo

Parameters

NameType
memberName"encapContentInfo"

Returns

EncapsulatedContentInfo

Overrides

PkiObject.defaultValues

defaultValues(memberName): CertificateSetItem[]

Parameters

NameType
memberName"certificates"

Returns

CertificateSetItem[]

Overrides

PkiObject.defaultValues

defaultValues(memberName): SignedDataCRL[]

Parameters

NameType
memberName"crls"

Returns

SignedDataCRL[]

Overrides

PkiObject.defaultValues

defaultValues(memberName): BasicOCSPResponse[]

Parameters

NameType
memberName"ocsps"

Returns

BasicOCSPResponse[]

Overrides

PkiObject.defaultValues

defaultValues(memberName): SignerInfo[]

Parameters

NameType
memberName"signerInfos"

Returns

SignerInfo[]

Overrides

PkiObject.defaultValues

fromBER

fromBER<T>(this, raw): T

Creates PKI object from the raw data

Type parameters

NameType
Textends PkiObject

Parameters

NameTypeDescription
thisPkiObjectConstructor<T>-
rawBufferSourceASN.1 encoded raw data

Returns

T

Initialized and filled current class object

Inherited from

PkiObject.fromBER

schema

schema(parameters?): any

Returns value of pre-defined ASN.1 schema for current class

Parameters

NameTypeDescription
parametersSchemaParameters<{ certificates?: string ; crls?: RevocationInfoChoicesSchema ; digestAlgorithms?: string ; encapContentInfo?: EncapsulatedContentInfoSchema ; signerInfos?: string ; version?: string }>Input parameters for the schema

Returns

any

ASN.1 schema object

Overrides

PkiObject.schema