[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Signature processing question
I have a question regarding interoperability between S/MIME v2 and v3
agents. After carefully reading through RFC2315 and RFC2630 I found a
strange difference in the signature generation process for S/MIME v2 & v3.
It seems to me that the signature in v2 is generated over the digest
algorithm identifier + message digest while in v3 only over the message
digest. Below is a reference to the RFCs:
In PKCS#7 (RFC 2315), page 16, sec9.4 states:
"The input to the digest-encryption process--the value supplied to the
signer's digest-encryption algorithm--includes the result of the
message-digesting process (informally, the "message digest") and the digest
algorithm identifier (or object identifier). The result of the
digest-encryption process is the encryption with the signer's private key of
the BER encoding of a value of type DigestInfo:"
In CMS (RFC2630), page 12, sec5.5 states:
"The input to the signature generation process includes the result of the
message digest calculation process and the signer's private key.
The details of the signature generation depend on the signature algorithm
employed. The object identifier, along with any
parameters, that specifies the signature algorithm employed by the signer is
carried in the signatureAlgorithm field."
Am I missing something or is it true that the signature processing differs?
Lets hope I am wrong, otherwise that would mean:
- There is no way a v2 MUA can verify the signature generated by a v3 MUA.
- In order to be v2 compatible, a v3 MUA must try both signature processing
If the above statements are correct, should not the CMS specification
clarify that this is a backwards incompatible change from PKCS#7?
Any help to clarify things in this matter is greatly appreciated.