Class SignedData

Represents the SignedData structure described in RFC5652


The following example demonstrates how to create and sign CMS Signed Data

// Create a new CMS Signed Data
const cmsSigned = new pkijs.SignedData({
encapContentInfo: new pkijs.EncapsulatedContentInfo({
eContentType: pkijs.ContentInfo.DATA,, // "data" content type
eContent: new asn1js.OctetString({ valueHex: buffer })
signerInfos: [
new pkijs.SignerInfo({
sid: new pkijs.IssuerAndSerialNumber({
issuer: cert.issuer,
serialNumber: cert.serialNumber
// Signer certificate for chain validation
certificates: [cert]

await cmsSigned.sign(keys.privateKey, 0, "SHA-256");

// Add Signed Data to Content Info
const cms = new pkijs.ContentInfo({
contentType: pkijs.ContentInfo.SIGNED_DATA,,
content: cmsSigned.toSchema(true),

// Encode CMS to ASN.1
const cmsRaw = cms.toSchema().toBER();


The following example demonstrates how to verify CMS Signed Data

// Parse CMS and detect it's Signed Data
const cms = pkijs.ContentInfo.fromBER(cmsRaw);
if (cms.contentType !== pkijs.ContentInfo.SIGNED_DATA) {
throw new Error("CMS is not Signed Data");

// Read Signed Data
const signedData = new pkijs.SignedData({ schema: cms.content });

// Verify Signed Data signature
const ok = await signedData.verify({
signer: 0,
checkChain: true,
trustedCerts: [trustedCert],

if (!ok) {
throw new Error("CMS signature is invalid")





certificates?: CertificateSetItem[]
crls?: SignedDataCRL[]
digestAlgorithms: AlgorithmIdentifier[]
encapContentInfo: EncapsulatedContentInfo
signerInfos: SignerInfo[]
version: number
CLASS_NAME: string = "SignedData"

Name of the class

ID_DATA: "1.2.840.113549.1.7.1" = id_ContentType_Data


  • get className(): string
  • Returns string


  • Signing current SignedData


    • privateKey: CryptoKey

      Private key for "subjectPublicKeyInfo" structure

    • signerIndex: number

      Index number (starting from 0) of signer index to make signature for

    • hashAlgorithm: string = "SHA-1"

      Hashing algorithm. Default SHA-1

    • data: BufferSource = ...

      Detached data

    • crypto: ICryptoEngine = ...

      Crypto engine

    Returns Promise<void>

  • Converts current object to ASN.1 object and sets correct values


    ASN.1 object


    • encodeFlag: boolean = false

      If param equal to false then creates schema via decoding stored value. In other case creates schema via assembling from cached parts

    Returns any

  • Parameters

    • encoding: "base64" | "base64url" | "hex" = "hex"

    Returns string

  • Compare values with default values for all class members


    • memberName: string

      String name for a class member

    • memberValue: any

      Value to compare with default value

    Returns boolean

  • Creates PKI object from the raw data


    Initialized and filled current class object

    Type Parameters


    • this: PkiObjectConstructor<T>
    • raw: BufferSource

      ASN.1 encoded raw data

    Returns T

Generated using TypeDoc