Enveloping to detached CMSSignedData

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Enveloping to detached CMSSignedData

bouncynewbie
HI,

I'm a newbie to BC and I'm currently trying to use it by a wrapper (DSS) to verify signature of both .p7m and .p7s CAdES messages.

I'm facing the problem to convert an Enveloping message to a detached one without to sign it again. Essentially I think I need to take the CMSSignedData representing the enveloping message (created by an input stream from a .p7m file) and either remove the signed data from it (the econtent?) or create a new CMSSignedData with the info extracted from the previous one, minus the signed data.

Is that possible? Does it make sense? I'm not sure if I'm missing something...

Thank you
Reply | Threaded
Open this post in threaded view
|

Re: Enveloping to detached CMSSignedData

bouncynewbie
anyone?
Reply | Threaded
Open this post in threaded view
|

Re: Enveloping to detached CMSSignedData

David Hook-3
In reply to this post by bouncynewbie

I'm not sure I understand what you are asking. If it is "can I convert
an encapsulated signed data object into a detached signed object" under
S/MIME the answer is probably yes, but the first part would probably
need to be marked as binary for it to work. You'd need to read the CMS
RFC (RFC 5652) to understand how to pull things apart as well. Never
tried it myself though.

Regards,

David

On 04/05/17 00:23, bouncynewbie wrote:

> HI,
>
> I'm a newbie to BC and I'm currently trying to use it by a wrapper (DSS) to
> verify signature of both .p7m and .p7s CAdES messages.
>
> I'm facing the problem to convert an Enveloping message to a detached one
> without to sign it again. Essentially I think I need to take the
> CMSSignedData representing the enveloping message (created by an input
> stream from a .p7m file) and either remove the signed data from it (the
> econtent?) or create a new CMSSignedData with the info extracted from the
> previous one, minus the signed data.
>
> Is that possible? Does it make sense? I'm not sure if I'm missing
> something...
>
> Thank you
>
>
>
> --
> View this message in context: http://bouncy-castle.1462172.n4.nabble.com/Enveloping-to-detached-CMSSignedData-tp4658712.html
> Sent from the Bouncy Castle - Dev mailing list archive at Nabble.com.
>
>


Reply | Threaded
Open this post in threaded view
|

Re: Enveloping to detached CMSSignedData

bouncynewbie
yes, essentially I tried to do that.
I managed to achieve that simply adding a method on CMSSignedData to set the SignedContent to Null. In this way I can use the CMSSignedData structure as a representation of a detached signature, seems like it is working because using another library that uses bouncycastle as dependency I can validate the signature after setting the content to null and adding the original document as detached content.
It is possible to create a pull request to add the capability to set the SignedContent to null?