Options
All
  • Public
  • Public/Protected
  • All
Menu

Class SignedData

Represents the SignedData structure described in RFC5652

example

The following example demonstrates how to create and sign CMS Signed Data

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
encapContentInfo: new pkijs.EncapsulatedContentInfo({
eContentType: pkijs.ContentInfo.DATA,, // "data" content type
eContent: new asn1js.OctetString({ valueHex: buffer })
}),
signerInfos: [
new pkijs.SignerInfo({
sid: new pkijs.IssuerAndSerialNumber({
issuer: cert.issuer,
serialNumber: cert.serialNumber
})
})
],
// Signer certificate for chain validation
certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
contentType: pkijs.ContentInfo.SIGNED_DATA,,
content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();
example

The following example demonstrates how to verify CMS Signed Data

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
signer: 0,
checkChain: true,
trustedCerts: [trustedCert],
});

if (!ok) {
throw new Error("CMS signature is invalid")
}

Hierarchy

Implements

Index

Constructors

Properties

certificates?: CertificateSetItem[]
crls?: SignedDataCRL[]
digestAlgorithms: AlgorithmIdentifier[]
encapContentInfo: EncapsulatedContentInfo
signerInfos: SignerInfo[]
version: number
CLASS_NAME: string = "SignedData"

Name of the class

ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data

Accessors

  • get className(): string

Methods

  • fromSchema(schema: any): void
  • sign(privateKey: CryptoKey, signerIndex: number, hashAlgorithm?: string, data?: BufferSource, crypto?: ICryptoEngine): Promise<void>
  • Signing current SignedData

    Parameters

    • privateKey: CryptoKey

      Private key for "subjectPublicKeyInfo" structure

    • signerIndex: number

      Index number (starting from 0) of signer index to make signature for

    • hashAlgorithm: string = "SHA-1"

      Hashing algorithm. Default SHA-1

    • data: BufferSource = ...

      Detached data

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<void>

  • toSchema(encodeFlag?: boolean): any
  • toString(encoding?: "base64" | "base64url" | "hex"): string
  • blockName(): string
  • compareWithDefault(memberName: string, memberValue: any): boolean
  • Compare values with default values for all class members

    Parameters

    • memberName: string

      String name for a class member

    • memberValue: any

      Value to compare with default value

    Returns boolean

  • fromBER<T>(this: PkiObjectConstructor<T>, raw: BufferSource): T
  • Creates PKI object from the raw data

    Type Parameters

    Parameters

    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

    Initialized and filled current class object

  • Returns value of pre-defined ASN.1 schema for current class

    asn

    ASN.1 schema

    SignedData ::= SEQUENCE {
       version CMSVersion,
       digestAlgorithms DigestAlgorithmIdentifiers,
       encapContentInfo EncapsulatedContentInfo,
       certificates [0] IMPLICIT CertificateSet OPTIONAL,
       crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
       signerInfos SignerInfos }
    

    Parameters

    Returns any

    ASN.1 schema object

Generated using TypeDoc