New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for SubjectKeyIdentifier in CMS message (PKCS#7) #1064
Comments
Some info on subjectKeyIdentifier in the RFC: https://datatracker.ietf.org/doc/html/rfc5652 SignerIdentifier ::= CHOICE { If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version MUST be 3. subjectKeyIdentifier MUST be used to refer to a public key contained in a non-X.509 certificate. RecipientIdentifier ::= CHOICE { If the RecipientIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 0. If the RecipientIdentifier is subjectKeyIdentifier, then the version MUST be 2. |
A SignerIdentifier or RecipientIdentifier references the public key of the signer or recipient.
Currently this requires an x509 certificate of which the issuer and serialnumber are taken.
The spec supports an alternative choice for this as the key of the signer or recipient are not necessarely an x509 certificate.
This alternative is the field 'SubjectKeyIdentifier'.
It should be possible to define this as identifier instead of issuer and serialnumber to support cases where there isn't an x509 certificate available.
The text was updated successfully, but these errors were encountered: