[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bouncycastle-crypto-dev
Subject:    Re: [dev-crypto] Cades Sign
From:       Satoru Otsubo <trnsnt () otip ! jp>
Date:       2010-02-15 4:09:29
Message-ID: 20100215130929.6e78358e.trnsnt () otip ! jp
[Download RAW message or body]

Hi,

When adding an unsigned attribute to the group of unsigned attributes to create a new \
CAdES, you can not change the structure of the CAdES existing before such adding. \
That is, if the previous structure is in a style of "definite length", then you need \
to maintain such a structure. But when creating a new CAdES by using \
org.bouncycastle.cms.SignerInformation.replaceUnsignedAttributes and \
org.bouncycastle.cms.CMSSignedData.replaceSigner, I think it becomes in a style of \
"indefinite length." Therefore it is needed to find a way an existing CAdES structure \
is maintained.

Satoru Otsubo

> 
> Yes, this would be correct. I'll look into this - it's a little bit
> tricky as we'll need to distinguish between signed and unsigned
> attributes.
> 
> Regards,
> 
> David
> 
> On Fri, 2010-02-12 at 15:26 +0900, Satoru Otsubo wrote:
> > Hi,
> > 
> > In CAdES, unsigned attributes have to be set in chronological order.
> > But org.bouncycastle.asn1.cms.AttributeTable has been created with DER Set.
> > Therefore the cronological order of unsigned attributes is not maintained.
> > I think AttributeTable programmed with BER set is needed.
> > 
> > Satoru Otsubo
> > 
> 
> 
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]