[Q] How to detach signed data from pkcs7 ?
[try]
從要傳送的資料的角度來看 簽章(signature)一般是附隨(attached)的 也就是跟著要傳送的資料一起送出去
但是也可以將簽章與資料分開送 通常是因為原始資料已經擺在檔案的某個地方 經過簽章之後無須將資料與簽章一起打包 只要將簽章放進包包(PKCS7, S/MIME, ... )中即可
"...
Digital signatures are normally attached to the message. However, ...
A detached signature may be stored and transmitted separately from the message it signs.
...
In an S/MIME message with a detached signature, the signature is calculated over on the entire payload data, in addition to its MIME headers.
... detached signature
PKCS#7: Includes the signature and certificate without the signed data.
RNIF1.1: Uses PKCS#7 and a detached format.
S/MIME2: May include a MIME multipart message consisting of the original data in one segment
and a binary format signature or a base64-encoded signature in a second segment.
...
..."
pseudo code in C# :
public byte[] createPkcs7WithDetachedSig()
{
ContentInfo content = new ContentInfo(data);
SignedCms signedCms = new SignedCms(content, bDetached=true);
CmsSigner signer = new CmsSigner(...)
signedCms.ComputeSignature(signer);
//xxx signedCms.ContentInfo = null;
//xxx signedCms.Detached = true;
return signedCms.Encode();
}
[ref]
http://docs.sun.com/app/docs/doc/820-1228/6nctp1mqb?l=zh_TW&a=view
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment