Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4083831

SignerInfo.verify() incorrect with authenticated attributes

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      1.2beta2
    • CPU:
      x86, sparc
    • OS:
      solaris_2.5.1, windows_95, windows_nt
    • Verification:
      Not verified

      Description

      pkcs.SignerInfo.verify() verifies signatures by operating directly on the data that is either in the ambient PKCS7 object or given externally. This is correct only when the PKCS object contains no authenticated attributes.

      When there authenticated attributes, one of the attributes contains the message digest of the given data, and the signature in the SignerInfo is obtained by signing the DER encoding of the authenticated attributes. In practice, that encoding consists of the encoded attributes as received, but with the tag byte changed to 0x31 (SET OF).

        Attachments

          Activity

            People

            Assignee:
            duke J. Duke (Inactive)
            Reporter:
            duke J. Duke (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: