[rs-dev] Odd SignerInfo - timestamp server
Dirk-Willem van Gulik
dirkx at webweaving.org
Thu Apr 2 16:53:07 CEST 2020
I am looking at a freshly signed timestamp from the interop timeserver (Link to decoded reply below)
Now at what I think is the
SignerInfo ::= SEQUENCE {
version CMSVersion,
sid SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier }
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue }
AttributeValue ::= ANY
SignatureValue ::= OCTET STRING
blob - I think O am seeing:
SET (1 elem)
SEQUENCE (6 elem)
INTEGER 1
SEQUENCE (2 elem)
SEQUENCE (2 elem)
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
PrintableString Redwax Interop Testing Root Certificate Authority 2040
SET (1 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
PrintableString Redwax Project
INTEGER 5
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST Algorithm)
NULL
[0] (4 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
SET (1 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
SET (1 elem)
UTCTime 2020-04-02 08:02:41 UTC
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.16.2.12 signingCertificate (S/MIME Authenticated Attributes)
SET (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
SEQUENCE (1 elem)
OCTET STRING (20 byte) FF4237EAEDC05DA815C24DB853F0D2BFDA34DA5C
SEQUENCE (2 elem)
OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
SET (1 elem)
OCTET STRING (32 byte) A6AAF4C35258680982863FA0B1C703657FD8AFC8FE6959C92B4481A6E9106A21
SEQUENCE (2 elem)
OCTET STRING (512 byte) 8CC5BCA06CB6006DFF419537C6CB0D20D78DC15607782512D3EE7A8DDEA32D1BBE5E7…
So the sid (SignerIdentifier) sid specifies the signer's certificate (and thereby the signer's public key).
It is version 1; so there must be a choise issuerAndSerialNumber (https://tools.ietf.org/html/rfc5652#section-5.3 and it should contain:
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serialNumber CertificateSerialNumber }
)
So in this case - the DN of the -root- CN=Redwax Interop Testing Root Certificate Authority 2040, O=Redwax Project (and not the working C=NL, ST=Zuid-Holland, L=Leiden, O=TimeServices, CN=Redwax Interop Test).
Now the odd thing - I had expected this to be the latter (CN=Redwax Interop Test) rather than the first.
Am I not understanding this ? Or is there something odd ?
Dw.
https://lapo.it/asn1js/#MIIJBzADAgEAMIII_gYJKoZIhvcNAQcCoIII7zCCCOsCAQMxDzANBglghkgBZQMEAgEFADByBgsqhkiG9w0BCRABBKBjBGEwXwIBAQYGBACPZwEBMDEwDQYJYIZIAWUDBAIBBQAEIGodkSMqvkHpjrPo-NNgP4B7EWcojwws2UJM_oWF0_p9AgkA2hbga8SuCSUYDzIwMjAwNDAyMDgwMjQxWjADAgEBoIIFNjCCBTIwggQaoAMCAQICAQUwDQYJKoZIhvcNAQELBQAwWjE_MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAeFw0yMDAyMTUyMDUxNTJaFw00MDAyMTAyMDUxNTJaMGoxCzAJBgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxDzANBgNVBAcMBkxlaWRlbjEVMBMGA1UECgwMVGltZVNlcnZpY2VzMRwwGgYDVQQDDBNSZWR3YXggSW50ZXJvcCBUZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuj-MgMIolQDsp-lpEnOXdBMYJNRY3Jc1BeJLQJ6WSx6qaPO5clvCBLAfWCg8XsqRqKWFmqPYH02LGZeIvMFKeABXqiW5Nk3owDg1pkZhA6aVYK-R7OfO17ghOctlpuhT9DVbVhDZYni4D1twmgKNQDQ6KucLO6znK3hc2cJ7y1ZDfjGGVCSgAQ9wlyH2zWEC30yknZSADa8nygvz6YBUHa_CrUF7bW5MFDPIyKEgVdhKLPSSKovx1AVaoQf3uyGuxsxpFF1hUjQjsKz02TEYfFKF1oYlrDABd5l9yeAnIjpx1cwF-Xv_0kIaTkb1s8-ISLhMCYJwGvPvcyYegPS3CjJVd84gqgGlN9hcETqck_FmuczXW5KK2bWI0kr903xtWp3vKR-msvFonUArK3tHIOqUKe0EE14gFSljfBsJJqLKQLTJNOzbFBN5WgQXgXbWn_ViPf4-q1JgpxTZDwXoDyRaMfwmjtCclKlTsJjiYZj9QZ6h1g10VDJCV9YRJE34h-eq3HpNVovX5Ea8w5XyZG1SX1eQFq0XuqFm34j9sInS0ksXvWRBcS2gDI0toe9K5qvSDOdFWwGAjiENwNFVDKWrgzO-8WFNGe7hgY47q_Ms67RzX3JS-nAeX-ArFwa-RJJJaBr9xbTO0ih1wky2rg-z7-jAHGcOcAbf4R8Lq20CAwEAAaOB8jCB7zAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUOtIv-nlJDGC8cawodrHfqa2ZP_8wgZcGA1UdIwSBjzCBjIAU7XXeNRQ8RyPxsRrkE0OMu8zCK1ahXqRcMFoxPzA9BgNVBAMTNlJlZHdheCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3SCFG8Rt9hV0n2aFPO26RUrYMqMS-KqMA0GCSqGSIb3DQEBCwUAA4IBAQAcOlk_ZTv9egOiju4ItyYYeZQie828KmSCm3zMC2YteqLvVHeDVefVL3yeGUkgyp8C-Mxm1gdAY8NFuhR01TpGLwkXA6FEJrgJCRTuHOrMQvANaPNfQXhWP5G7Pbbp4_y8A130GKiEssPjdueG4kdzREAIat-sz3LtLBzoXxu6094cBI3Z80CHa3uqbj6FaOt3Wyju_eZqXYO0b7iD-hTL37kzWELnyKUKvOSBvvph4EmMezlDmmiC1_pA2e9PatNSybMr-ldV1GKzqINqZoU3LdvIJt2jukcDXWRoXN457MgV7RrzZMZcSQnPLRzPuaAWcCIFRMt6TjkFz1FBZgDCMYIDJTCCAyECAQEwXzBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0AgEFMA0GCWCGSAFlAwQCAQUAoIGYMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDAyMDgwMjQxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBT_Qjfq7cBdqBXCTbhT8NK_2jTaXDAvBgkqhkiG9w0BCQQxIgQgpqr0w1JYaAmChj-gsccDZX_Yr8j-aVnJK0SBpukQaiEwDQYJKoZIhvcNAQEBBQAEggIAjMW8oGy2AG3_QZU3xssNINeNwVYHeCUS0-56jd6jLRu-XnN9SWQ-8UXy45i7TmJ9CSK3bDL9lnt-kAyqKb4ZDqc4EsnAqTmvThYCCIgw-SYJEYYWydsXfByJf3IcaXRMxB5ijupgmiQ0Frn7Z6j3Oyo4AoL6PG0zx1ujhTWx4-VKvCIfYCREjw3REIlXbzb0_Q6CYurxOYxhAHHRzv-ca-V4JMpJU4WOZsRSaQKW0OrfQanpJHoknOKkCHH__YkNHp53VHKqXGdTW9JfaKz1cK34lBRlQ60dB7K5E-Iff0z6uAhEisbIE2_tk6U7tBiLUMR8N-mIJjiq1B26uGKwDQDYabLXMNKTzVq7YKB7BcYoCwHttH1ea3XoaHNjrakL3at2QR8g2Iukk9zcvyt2OvASSepWrkwEuqd9OJnwk4sO2JXaHABtHDF8a9iWBJASqPwZjpwoe9jlt_2d5RwsC3zkGA5cp_SkK2oJnyd9TQO5rT1o1hCQ-ojaOHNJc5nDuUSwN0JnTv9xBg-kC8QuM7fWNTFkpCaMOY0Cw3VswBtmGyyy_0aMlRrnOFvNwwmasMzoIpu9meYu0-Y1DKsp-TE7OhP2ebZR8mN977WydzpEmt0V-YNMxEQdT6uHUWNJXjMendpBMognIu142Rj1-2v5YDJCsOV3clxaUBMdn78
More information about the rs-dev
mailing list