Class SignedData

Represents the SignedData structure described in RFC5652

Example

The following example demonstrates how to create and sign CMS Signed Data

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
encapContentInfo: new pkijs.EncapsulatedContentInfo({
eContentType: pkijs.ContentInfo.DATA,, // "data" content type
eContent: new asn1js.OctetString({ valueHex: buffer })
}),
signerInfos: [
new pkijs.SignerInfo({
sid: new pkijs.IssuerAndSerialNumber({
issuer: cert.issuer,
serialNumber: cert.serialNumber
})
})
],
// Signer certificate for chain validation
certificates: [cert]
});

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
contentType: pkijs.ContentInfo.SIGNED_DATA,,
content: cmsSigned.toSchema(true),
});

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();

Example

The following example demonstrates how to verify CMS Signed Data

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
throw new Error("CMS is not Signed Data");
}

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
signer: 0,
checkChain: true,
trustedCerts: [trustedCert],
});

if (!ok) {
throw new Error("CMS signature is invalid")
}

Hierarchy

Implements

Constructors

Properties

certificates?: CertificateSetItem[]
crls?: SignedDataCRL[]
digestAlgorithms: AlgorithmIdentifier[]
encapContentInfo: EncapsulatedContentInfo
signerInfos: SignerInfo[]
version: number
CLASS_NAME: string = "SignedData"

Name of the class

ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data

Accessors

  • get className(): string
  • Returns string

Methods

  • Signing current SignedData

    Parameters

    • privateKey: CryptoKey

      Private key for "subjectPublicKeyInfo" structure

    • signerIndex: number

      Index number (starting from 0) of signer index to make signature for

    • hashAlgorithm: string = "SHA-1"

      Hashing algorithm. Default SHA-1

    • data: BufferSource = ...

      Detached data

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<void>

  • Converts current object to ASN.1 object and sets correct values

    Returns

    ASN.1 object

    Parameters

    • encodeFlag: boolean = false

      If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

    Returns any

  • Parameters

    • encoding: "base64" | "base64url" | "hex" = "hex"

    Returns string

  • Compare values with default values for all class members

    Parameters

    • memberName: string

      String name for a class member

    • memberValue: any

      Value to compare with default value

    Returns boolean

  • Creates PKI object from the raw data

    Returns

    Initialized and filled current class object

    Type Parameters

    Parameters

    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

Generated using TypeDoc