.net.net-corecryptography.net-5

SignedCms, sign an existing hash?

We have got an existing hash and want to create a CMS-formatted signature with the .NET SignedCms class for it.

What kind of content type do we have to pass to the SignedCms ctor?

var contentType = new Oid(""); // What kind of content type to use?
var content = Convert.FromBase64String(hash); // Can either be a SHA1 or a SHA256 hash
var contentInfo = new ContentInfo(contentType, content);
var signedCms = new SignedCms(contentInfo, detached: true); // Do I have to use detached=true?

var signer = new CmsSigner(certificate);
signedCms.ComputeSignature(signer);

var signature = signedCms.Encode();
Solution

  • The .NET class doesn't offer a way to do this, because it's not always feasible to do with CMS/PKCS#7.

    Section 5.4 of IETF RFC 5652 describes the process:

    The result of the message digest calculation process depends on whether the signedAttrs field is present. When the field is absent, the result is just the message digest of the content as described above. When the field is present, however, the result is the message digest of the complete DER encoding of the SignedAttrs value contained in the signedAttrs field. Since the SignedAttrs value, when present, must contain the content-type and the message-digest attributes, those values are indirectly included in the result. The content-type attribute MUST NOT be included in a countersignature unsigned attribute as defined in Section 11.4. A separate encoding of the signedAttrs field is performed for message digest calculation. The IMPLICIT [0] tag in the signedAttrs is not used for the DER encoding, rather an EXPLICIT SET OF tag is used. That is, the DER encoding of the EXPLICIT SET OF tag, rather than of the IMPLICIT [0] tag, MUST be included in the message digest calculation along with the length and content octets of the SignedAttributes value.

    If you use the default content type ("data") and have no other signed attributes the the .NET SignedCms class will sign in the legacy format, which would make signing pre-hashed data work... but that's a razor edge that's hard to build API around, so it's just not exposed.