[Botan-devel] Acrobat digital signatures

Jack Lloyd lloyd at randombit.net
Fri Oct 24 09:48:33 EDT 2008


On Fri, Oct 24, 2008 at 02:24:18PM +0200, Halewijn Geerts wrote:

> I'm trying to create and verify Digital Signatures as done by Acrobat, using
> Botan, but I don't know how to do it.
> 
> The most common type of digital signature in acrobat is adbe.pkcs7.detached.
> This is a DER-encoded PKCS #7 object. I use 1024bit RSA and SHA-1.
> 
> How do I create such a PKCS #7 object?
[...]
> For verifying the digital signature, how do I get the X509 certificate and
> the actual signature back out of the PKCS #7 object?

Hi Halewijn,

PKCS #7 is (an early and simpler version of) CMS, described in IETF
RFC 3852 (http://www.ietf.org/rfc/rfc3852.txt) and company
(http://www.ietf.org/html.charters/smime-charter.html)

Botan does have some support for CMS / PKCS #7, but it is very
incomplete and more or less untested. I wrote it several years ago,
and since then it has only been updated to compile against changes in
the rest of the library. I would love to go back and provide a really
good API for it (since a very easy to use C++ API for a standard and
flexible crypto format would seem a killer app kind of feature), but
don't have nearly the time for it now. You can check out what is there
in the directory src/cms (in development releases).

However for this particular case your best bet may be to simply
directly implement the encoding and decoding routines yourself using
Botan's DER/BER codec classes. These classes are not documented at
all, aside from some Doxygen generated stub files:
  http://files.randombit.net/botan/doxygen/html/classBotan_1_1DER__Encoder.html
  http://files.randombit.net/botan/doxygen/html/classBotan_1_1BER__Decoder.html

Two good examples of usage are X509_Certificate::force_decode() for using
the BER decoder:
  http://viewmtn.angrygoats.net/all/revision/file/2a700dc60a8c4168f5ee17aad4e070ca411b87f6/src/cert/x509/x509cert.cpp
and X509_CA::make_cert for the encoder:
  http://viewmtn.angrygoats.net/all/revision/file/2a700dc60a8c4168f5ee17aad4e070ca411b87f6/src/cert/x509/x509_ca.cpp

You should be able to identify the exact format used by Acrobat by
examining data produced by a current one using an ASN.1 parser
(Botan's example asn1.cpp, or OpenSSL's asn1parse). In particular
there will be an OID identifying the PKCS #7 format, which will
(hopefully) be one of the simple ones listed in PKCS #7
 ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-7.asc

Here is the SignedType ASN.1 definition plus some of its dependencies,
with some of the most verbose ASN.1 stuff removed:

SignedData ::= SEQUENCE {
  version Version,
  digestAlgorithms SET OF AlgorithmIdentifiers,
  contentInfo ContentInfo,
  certificates [0] IMPLICIT SET OF Certificates OPTIONAL,
  crls [1] IMPLICIT SET OF CertificateRevocationLists OPTIONAL,
  signerInfos SET OF SignerInfo }

SignerInfo ::= SEQUENCE {
  version Version,
  issuerAndSerialNumber IssuerAndSerialNumber,
  digestAlgorithm AlgorithmIdentifier,
  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
  digestEncryptionAlgorithm AlgorithmIdentifier,
  encryptedDigest OCTET STRING
  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL }

IssuerAndSerialNumber ::= SEQUENCE {
  issuer Name,
  serialNumber CertificateSerialNumber }

Many of the constructs here are more or less natively supported by
Botan already, for example Certificate is exactly
Botan::X509_Certificate, AlgorithmIdentifier is
Botan::AlgorithmIdentifier, and so on.

Since your use is fairly special purpose you may be able to get away
with skipping encoding things like CRLs at all, though you would at
least need to be able to safely skip past ones if they are found while
decoding.

I'm sure you were hoping for a use-class-X answer.

-Jack



More information about the botan-devel mailing list