[rs-dev] Odd SignerInfo - timestamp server

Dirk-Willem van Gulik dirkx at webweaving.org
Thu Apr 2 16:53:07 CEST 2020


I am looking at a freshly signed timestamp from the interop timeserver (Link to decoded reply below)


Now at what I think is the 

    SignerInfo ::= SEQUENCE {
        version CMSVersion,
        sid SignerIdentifier,
        digestAlgorithm DigestAlgorithmIdentifier,
        signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
        signatureAlgorithm SignatureAlgorithmIdentifier,
        signature SignatureValue,
        unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

      SignerIdentifier ::= CHOICE {
        issuerAndSerialNumber IssuerAndSerialNumber,
        subjectKeyIdentifier [0] SubjectKeyIdentifier }

      SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

      UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

      Attribute ::= SEQUENCE {
        attrType OBJECT IDENTIFIER,
        attrValues SET OF AttributeValue }

      AttributeValue ::= ANY

      SignatureValue ::= OCTET STRING

blob - I think O am seeing:

   SET (1 elem)
          SEQUENCE (6 elem)
            INTEGER 1
            SEQUENCE (2 elem)
              SEQUENCE (2 elem)
                SET (1 elem)
                  SEQUENCE (2 elem)
                    OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
                    PrintableString Redwax Interop Testing Root Certificate Authority 2040
                SET (1 elem)
                  SEQUENCE (2 elem)
                    OBJECT IDENTIFIER 2.5.4.10 organizationName (X.520 DN component)
                    PrintableString Redwax Project
              INTEGER 5
            SEQUENCE (2 elem)
              OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST Algorithm)
              NULL
            [0] (4 elem)
              SEQUENCE (2 elem)
                OBJECT IDENTIFIER 1.2.840.113549.1.9.3 contentType (PKCS #9)
                SET (1 elem)
                  OBJECT IDENTIFIER 1.2.840.113549.1.9.16.1.4 tSTInfo (S/MIME Content Types)
              SEQUENCE (2 elem)
                OBJECT IDENTIFIER 1.2.840.113549.1.9.5 signingTime (PKCS #9)
                SET (1 elem)
                  UTCTime 2020-04-02 08:02:41 UTC
              SEQUENCE (2 elem)
                OBJECT IDENTIFIER 1.2.840.113549.1.9.16.2.12 signingCertificate (S/MIME Authenticated Attributes)
                SET (1 elem)
                  SEQUENCE (1 elem)
                    SEQUENCE (1 elem)
                      SEQUENCE (1 elem)
                        OCTET STRING (20 byte) FF4237EAEDC05DA815C24DB853F0D2BFDA34DA5C
              SEQUENCE (2 elem)
                OBJECT IDENTIFIER 1.2.840.113549.1.9.4 messageDigest (PKCS #9)
                SET (1 elem)
                  OCTET STRING (32 byte) A6AAF4C35258680982863FA0B1C703657FD8AFC8FE6959C92B4481A6E9106A21
            SEQUENCE (2 elem)
            OCTET STRING (512 byte) 8CC5BCA06CB6006DFF419537C6CB0D20D78DC15607782512D3EE7A8DDEA32D1BBE5E7…

So the sid (SignerIdentifier) sid specifies the signer's certificate (and thereby the signer's public key).  

It is  version 1; so there must be a choise issuerAndSerialNumber (https://tools.ietf.org/html/rfc5652#section-5.3 and it should contain:
	IssuerAndSerialNumber ::= SEQUENCE {
        	issuer Name,
	        serialNumber CertificateSerialNumber }
	)

So in this case - the DN of the -root- CN=Redwax Interop Testing Root Certificate Authority 2040, O=Redwax Project (and not the working C=NL, ST=Zuid-Holland, L=Leiden, O=TimeServices, CN=Redwax Interop Test).

Now the odd thing - I had expected this to be the latter (CN=Redwax Interop Test) rather than the first.

Am I not understanding this ? Or is there something odd ?

Dw.


https://lapo.it/asn1js/#MIIJBzADAgEAMIII_gYJKoZIhvcNAQcCoIII7zCCCOsCAQMxDzANBglghkgBZQMEAgEFADByBgsqhkiG9w0BCRABBKBjBGEwXwIBAQYGBACPZwEBMDEwDQYJYIZIAWUDBAIBBQAEIGodkSMqvkHpjrPo-NNgP4B7EWcojwws2UJM_oWF0_p9AgkA2hbga8SuCSUYDzIwMjAwNDAyMDgwMjQxWjADAgEBoIIFNjCCBTIwggQaoAMCAQICAQUwDQYJKoZIhvcNAQELBQAwWjE_MD0GA1UEAxM2UmVkd2F4IEludGVyb3AgVGVzdGluZyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDQwMRcwFQYDVQQKEw5SZWR3YXggUHJvamVjdDAeFw0yMDAyMTUyMDUxNTJaFw00MDAyMTAyMDUxNTJaMGoxCzAJBgNVBAYTAk5MMRUwEwYDVQQIDAxadWlkLUhvbGxhbmQxDzANBgNVBAcMBkxlaWRlbjEVMBMGA1UECgwMVGltZVNlcnZpY2VzMRwwGgYDVQQDDBNSZWR3YXggSW50ZXJvcCBUZXN0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuj-MgMIolQDsp-lpEnOXdBMYJNRY3Jc1BeJLQJ6WSx6qaPO5clvCBLAfWCg8XsqRqKWFmqPYH02LGZeIvMFKeABXqiW5Nk3owDg1pkZhA6aVYK-R7OfO17ghOctlpuhT9DVbVhDZYni4D1twmgKNQDQ6KucLO6znK3hc2cJ7y1ZDfjGGVCSgAQ9wlyH2zWEC30yknZSADa8nygvz6YBUHa_CrUF7bW5MFDPIyKEgVdhKLPSSKovx1AVaoQf3uyGuxsxpFF1hUjQjsKz02TEYfFKF1oYlrDABd5l9yeAnIjpx1cwF-Xv_0kIaTkb1s8-ISLhMCYJwGvPvcyYegPS3CjJVd84gqgGlN9hcETqck_FmuczXW5KK2bWI0kr903xtWp3vKR-msvFonUArK3tHIOqUKe0EE14gFSljfBsJJqLKQLTJNOzbFBN5WgQXgXbWn_ViPf4-q1JgpxTZDwXoDyRaMfwmjtCclKlTsJjiYZj9QZ6h1g10VDJCV9YRJE34h-eq3HpNVovX5Ea8w5XyZG1SX1eQFq0XuqFm34j9sInS0ksXvWRBcS2gDI0toe9K5qvSDOdFWwGAjiENwNFVDKWrgzO-8WFNGe7hgY47q_Ms67RzX3JS-nAeX-ArFwa-RJJJaBr9xbTO0ih1wky2rg-z7-jAHGcOcAbf4R8Lq20CAwEAAaOB8jCB7zAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUOtIv-nlJDGC8cawodrHfqa2ZP_8wgZcGA1UdIwSBjzCBjIAU7XXeNRQ8RyPxsRrkE0OMu8zCK1ahXqRcMFoxPzA9BgNVBAMTNlJlZHdheCBJbnRlcm9wIFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjA0MDEXMBUGA1UEChMOUmVkd2F4IFByb2plY3SCFG8Rt9hV0n2aFPO26RUrYMqMS-KqMA0GCSqGSIb3DQEBCwUAA4IBAQAcOlk_ZTv9egOiju4ItyYYeZQie828KmSCm3zMC2YteqLvVHeDVefVL3yeGUkgyp8C-Mxm1gdAY8NFuhR01TpGLwkXA6FEJrgJCRTuHOrMQvANaPNfQXhWP5G7Pbbp4_y8A130GKiEssPjdueG4kdzREAIat-sz3LtLBzoXxu6094cBI3Z80CHa3uqbj6FaOt3Wyju_eZqXYO0b7iD-hTL37kzWELnyKUKvOSBvvph4EmMezlDmmiC1_pA2e9PatNSybMr-ldV1GKzqINqZoU3LdvIJt2jukcDXWRoXN457MgV7RrzZMZcSQnPLRzPuaAWcCIFRMt6TjkFz1FBZgDCMYIDJTCCAyECAQEwXzBaMT8wPQYDVQQDEzZSZWR3YXggSW50ZXJvcCBUZXN0aW5nIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwNDAxFzAVBgNVBAoTDlJlZHdheCBQcm9qZWN0AgEFMA0GCWCGSAFlAwQCAQUAoIGYMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjAwNDAyMDgwMjQxWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBT_Qjfq7cBdqBXCTbhT8NK_2jTaXDAvBgkqhkiG9w0BCQQxIgQgpqr0w1JYaAmChj-gsccDZX_Yr8j-aVnJK0SBpukQaiEwDQYJKoZIhvcNAQEBBQAEggIAjMW8oGy2AG3_QZU3xssNINeNwVYHeCUS0-56jd6jLRu-XnN9SWQ-8UXy45i7TmJ9CSK3bDL9lnt-kAyqKb4ZDqc4EsnAqTmvThYCCIgw-SYJEYYWydsXfByJf3IcaXRMxB5ijupgmiQ0Frn7Z6j3Oyo4AoL6PG0zx1ujhTWx4-VKvCIfYCREjw3REIlXbzb0_Q6CYurxOYxhAHHRzv-ca-V4JMpJU4WOZsRSaQKW0OrfQanpJHoknOKkCHH__YkNHp53VHKqXGdTW9JfaKz1cK34lBRlQ60dB7K5E-Iff0z6uAhEisbIE2_tk6U7tBiLUMR8N-mIJjiq1B26uGKwDQDYabLXMNKTzVq7YKB7BcYoCwHttH1ea3XoaHNjrakL3at2QR8g2Iukk9zcvyt2OvASSepWrkwEuqd9OJnwk4sO2JXaHABtHDF8a9iWBJASqPwZjpwoe9jlt_2d5RwsC3zkGA5cp_SkK2oJnyd9TQO5rT1o1hCQ-ojaOHNJc5nDuUSwN0JnTv9xBg-kC8QuM7fWNTFkpCaMOY0Cw3VswBtmGyyy_0aMlRrnOFvNwwmasMzoIpu9meYu0-Y1DKsp-TE7OhP2ebZR8mN977WydzpEmt0V-YNMxEQdT6uHUWNJXjMendpBMognIu142Rj1-2v5YDJCsOV3clxaUBMdn78




More information about the rs-dev mailing list