[remote-signing]: allow p7 DigestInfo extraction and signature insertion into p7 structure #1038
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ifying key, used to generate the asn1 and der formats to enable helped cms creation on PKCS7-disabled platforms (e.g. iOS). The actual digest that needs to be signed will be generated and extractable, and allows simple privateEncrypted messages (signatures) to be added to the structure and the final PEM be generated.
Add sample usage for added methods
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think it makes for a nice addition to allow digestInfo to be extracted and signed off-platform when the private key isn't available and the private-key owner's platform doesn't support CMS (iOS as an example).
Basically the code duplicates some of the available functions and methods and omits the signing parts of it.
There are also two new methods which allow for addition of signature and extraction of digestInfo object
However, I'm not sure if the namings are accurate or correct according to common cryptographic terms or if the code follows and matches the previously available patterns and conventions of the code.