How to use Microsoft PKCS#9 SignerInfo attributes in a Java application?

Question

In http://msdn.microsoft.com/en-us/library/system.security.cryptography.pkcs(VS.85).aspx we can see that the following digital signature attributes are defined:

• Pkcs9ContentType
• Pkcs9DocumentDescription
• Pkcs9DocumentName
• Pkcs9MessageDigest
• Pkcs9SigningTime

Of those, Pkcs9DocumentDescription and Pkcs9DocumentName are not present in the PKCS#9 specification. I have a Java application that uses Bouncy Castle and I want my app to be able to create digital signatures that have these two attributes.

So, I have two questions: how to do so? Should I do that?

Answer 1

You'll have to manually build the attributes using the OIDs, like so:

ObjectIdentifier dnOid = new ObjectIdentifier("1.3.6.1.4.1.311.88.2.1");
ObjectIdentifier ddOid = new ObjectIdentifier("1.3.6.1.4.1.311.88.2.2");
ASN1Set nameSet = new DERSet(new ASN1Encodable[] {new DERPrintableString("name")});
ASN1Set descriptionSet = new DERSet(new ASN1Encodable[] {new DERPrintableString("description"}));
Attribute documentName = new Attribute(dnOid, nameSet);
Attribute documentDescription = new Attribute(ddOid, descriptionSet);

I should point out that using DERPrintableString for the attribute value is my best guess. I can't find the documentation for indicating the correct type.

As for should you, well, there's nothing wrong with using Attributes which aren't from PKCS #9. You just shouldn't rely on an external system being able to use them.