Details
-
Bug
-
Resolution: Fixed
-
P2
-
1.1.2, 1.1.4, 1.2.0
-
1.2beta2
-
x86, sparc
-
solaris_2.5.1, windows_95, windows_nt
-
Not verified
Description
pkcs.SignerInfo.verify() verifies signatures by operating directly on the data that is either in the ambient PKCS7 object or given externally. This is correct only when the PKCS object contains no authenticated attributes.
When there authenticated attributes, one of the attributes contains the message digest of the given data, and the signature in the SignerInfo is obtained by signing the DER encoding of the authenticated attributes. In practice, that encoding consists of the encoded attributes as received, but with the tag byte changed to 0x31 (SET OF).
When there authenticated attributes, one of the attributes contains the message digest of the given data, and the signature in the SignerInfo is obtained by signing the DER encoding of the authenticated attributes. In practice, that encoding consists of the encoded attributes as received, but with the tag byte changed to 0x31 (SET OF).