views:

100

answers:

1

In http://msdn.microsoft.com/en-us/library/system.security.cryptography.pkcs(VS.85).aspx we can see that the following digital signature attributes are defined:

  • Pkcs9ContentType
  • Pkcs9DocumentDescription
  • Pkcs9DocumentName
  • Pkcs9MessageDigest
  • Pkcs9SigningTime

Of those, Pkcs9DocumentDescription and Pkcs9DocumentName are not present in the PKCS#9 specification. I have a Java application that uses Bouncy Castle and I want my app to be able to create digital signatures that have these two attributes.

So, I have two questions: how to do so? Should I do that?

A: 

You'll have to manually build the attributes using the OIDs, like so:

ObjectIdentifier dnOid = new ObjectIdentifier("1.3.6.1.4.1.311.88.2.1");
ObjectIdentifier ddOid = new ObjectIdentifier("1.3.6.1.4.1.311.88.2.2");
ASN1Set nameSet = new DERSet(new ASN1Encodable[] {new DERPrintableString("name")});
ASN1Set descriptionSet = new DERSet(new ASN1Encodable[] {new DERPrintableString("description"}));
Attribute documentName = new Attribute(dnOid, nameSet);
Attribute documentDescription = new Attribute(ddOid, descriptionSet);

I should point out that using DERPrintableString for the attribute value is my best guess. I can't find the documentation for indicating the correct type.

As for should you, well, there's nothing wrong with using Attributes which aren't from PKCS #9. You just shouldn't rely on an external system being able to use them.

David Grant
According to http://lists.iaik.tugraz.at/pipermail/jce-general/2003-November/003484.html, these attributes have type OCTET_STRING.
Morgaelyn