EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CMS security question

Posted: 11/12/2007 14:38:18
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155


I've got a question from one of my clients and i have some doubts. He asked me that if someone can change the OCSP part of a CMS message and if the signature will be invalid (for example, he told me if a message signed on 2006 without OCSP response could be altered with an Hex editor and add an OCSP response with a message signed on 2007 and if the signature will still be valid). Of course i told him that he cannot alter a CMS anyway without recalculating again the signature, but that's what i suppose...

Can you confirm me what i suppose? (I know it's not related to SBB, it's to RFC's but you know more this world than I).

Many thanks
Posted: 11/13/2007 04:48:29
by Ken Ivanov (Team)

Each CMS signature contains two sets of attributes, signed attributes and unsigned ones (actually, you had a deal with such attributes before -- remember SB_OID_MESSAGE_DIGEST/SB_OID_SIGNING_TIME attributes?). Signed attributes are included in signature calculation, so changing them invalidates the existing signature and requires its recalculation. Unsigned attributes can be freely added/removed/modified without invalidating the signature.

According to RFC3126, revocation information must be included to the signature withing the unsigned set of attributes. Although it seems like a security leak at first glance, there was a serious reason to implement it this way. This approach allows one to update the revocation information of a signature (by adding new OCSP responses/CRLs) without recalculating it. The correctness of particular OCSP/CRL can be checked by validating its signature and checking the correctness of corresponding timestamps. All these tasks can be performed by TElCMSSignature.Validate() method.
Posted: 11/13/2007 17:00:49
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Thanks for clarifying me that. One last question... can you tell me if PDF OCSP validation data is also unsigned attributes? (I can't find information about it on the web).

Thanks once again
Posted: 11/14/2007 06:50:47
by Ken Ivanov (Team)

No. PDF specification declares its own method for storing revocation information, incompatible with RFC3126. This method specifies that all the revocation information should be put to the *signed* attributes section.

Please see PDF Reference, version 1.7, p. 8.7.2 ("Signature Interoperability") for the details.



Topic viewed 1740 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!