forge icon indicating copy to clipboard operation
forge copied to clipboard

Published 20 hours ago verified publisher icon digitalbazaar

PKCS#7: Custom message digest

Open neubaner opened this issue 6 years ago • 2 comments

Problem

If one is doing an detached signing, buffering the whole data to sign it is really inconvenient.

Solution

My approach here is to allow a user-definied message digest, so you can code something like this:

const hash = crypto.createHash('sha512');
  
stream.on('data', chunk => hash.update(chunk));
stream.on('end', () => {
  const messageDigest = forge.util.createBuffer(hash.digest().toString('binary'));
  const p7 = pkcs7.createSignedData();
  
  p7.addSigner({
    key: privateKey,
    certificate: certificate,
    digestAlgorithm: forge.pki.oids.sha512,
    authenticatedAttributes: [{
      type: forge.pki.oids.contentType,
      value: forge.pki.oids.data
    },{
      type: forge.pki.oids.signingTime,
      value: new Date()
    },{
      type: forge.pki.oids.messageDigest,
      value: messageDigest
    }]
  });
  p7.sign({ detached: true });
});

Maybe a better way to solve this is by allowing p7.content to be able to receive a data stream, but for now this seems to solve the problem quite well.

neubaner avatar Mar 06 '19 19:03 neubaner

Is it possible to merge this PR, as this would be really useful for my use case?

Simolation avatar Jan 07 '22 15:01 Simolation

@davidlehn Any drawback to this approach? I am glad to help this PR to get merged.

nanndoj avatar Apr 23 '22 17:04 nanndoj