Class SignedData

Represents the SignedData structure described in RFC5652

Example

The following example demonstrates how to create and sign CMS Signed Data

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
  encapContentInfo: new pkijs.EncapsulatedContentInfo({
    eContentType: pkijs.ContentInfo.DATA,, // "data" content type
    eContent: new asn1js.OctetString({ valueHex: buffer })
  }),
  signerInfos: [
    new pkijs.SignerInfo({
      sid: new pkijs.IssuerAndSerialNumber({
        issuer: cert.issuer,
        serialNumber: cert.serialNumber
      })
    })
  ],
  // Signer certificate for chain validation
  certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
  contentType: pkijs.ContentInfo.SIGNED_DATA,,
  content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();

Example

The following example demonstrates how to verify CMS Signed Data

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
  throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
  signer: 0,
  checkChain: true,
  trustedCerts: [trustedCert],
});

if (!ok) {
  throw new Error("CMS signature is invalid")
}

Hierarchy

Implements

Constructors

constructor

Properties

certificates? crls? digestAlgorithms encapContentInfo ocsps? signerInfos version CLASS_NAME ID_DATA

Accessors

className

Methods

fromSchema sign toJSON toSchema toString verify blockName compareWithDefault defaultValues fromBER schema

Constructors

constructor

Properties

Optional certificates

certificates?: CertificateSetItem[]

Optional crls

crls?: SignedDataCRL[]

digestAlgorithms

digestAlgorithms: AlgorithmIdentifier[]

encapContentInfo

encapContentInfo: EncapsulatedContentInfo

Optional ocsps

ocsps?: BasicOCSPResponse[]

signerInfos

signerInfos: SignerInfo[]

version

version: number

Static CLASS_NAME

CLASS_NAME: string = "SignedData"

Name of the class

Static ID_DATA

ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data

Accessors

className

  • get className(): string

  • Returns string

Methods

fromSchema

sign

  • Signing current SignedData

    Parameters

    • privateKey: CryptoKey

      Private key for "subjectPublicKeyInfo" structure

    • signerIndex: number

      Index number (starting from 0) of signer index to make signature for

    • hashAlgorithm: string = "SHA-1"

      Hashing algorithm. Default SHA-1

    • data: BufferSource = ...

      Detached data

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<void>

toJSON

toSchema

  • Converts current object to ASN.1 object and sets correct values

    Returns

    ASN.1 object

    Parameters

    • encodeFlag: boolean = false

      If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

    Returns any

toString

  • Parameters

    • encoding: "base64" | "base64url" | "hex" = "hex"

    Returns string

verify

Static blockName

Static compareWithDefault

  • Compare values with default values for all class members

    Parameters

    • memberName: string

      String name for a class member

    • memberValue: any

      Value to compare with default value

    Returns boolean

Static defaultValues

Static fromBER

  • Creates PKI object from the raw data

    Returns

    Initialized and filled current class object

    Type Parameters

    Parameters

    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

Static schema

Settings

Member Visibility

Theme

Generated using TypeDoc