What is the PKCS#7 ASN.1 Structure?

PKCS#7, now formally known as Cryptographic Message Syntax (CMS), is a standard defined by RSA Laboratories. It's used for cryptographic message formatting, particularly for signing and encrypting data. The data structure in PKCS#7 is described using ASN.1 (Abstract Syntax Notation One).

The core of the PKCS#7/CMS structure is a container called ContentInfo, which is an ASN.1 SEQUENCE. This structure provides a way to encapsulate different types of content along with associated cryptographic information. Here’s a breakdown of its structure:

1. ContentInfo (SEQUENCE): The top-level structure consists of two main components:

  a. contentType (OBJECT IDENTIFIER): Identifies the type of content within the message, for example:

    - data (1.2.840.113549.1.7.1): Plain data.

    - signedData (1.2.840.113549.1.7.2): Data with digital signatures.

    - envelopedData (1.2.840.113549.1.7.3): Encrypted data.

    - signedAndEnvelopedData (1.2.840.113549.1.7.4): Signed and encrypted data.

    - digestedData (1.2.840.113549.1.7.5): Data with a message digest (hash).

    - encryptedData (1.2.840.113549.1.7.6): Encrypted data with no enveloping.

  b. content (ANY DEFINED BY contentType): Contains the actual message content. The structure of this field depends on the specified contentType.

Let's look at the structure of `signedData` as an example, since it's one of the most used:

2. SignedData (SEQUENCE): When contentType is set to signedData, the content field has the following structure:

   a. version (INTEGER): The version number, typically set to 1.

   b. digestAlgorithms (SET OF AlgorithmIdentifier): Specifies the hashing algorithm(s) used for creating digital signatures (e.g., SHA256).

   c. encapContentInfo (EncapsulatedContentInfo): Contains the actual data that was signed.

     - eContentType (OBJECT IDENTIFIER): The content type of the actual data.

     - eContent (OCTET STRING OPTIONAL): The actual data being signed (optional if detached signatures are used).

  d. certificates (SET OF Certificate OPTIONAL): Contains the certificates of the signers (optional).

  e. crls (SET OF CertificateRevocationList OPTIONAL): Contains the certificate revocation lists (optional).

  f. signerInfos (SET OF SignerInfo): Contains signature information for each signer.

3. SignerInfo (SEQUENCE): Each element represents a digital signature from one signer:

   a. version (INTEGER): The version of this signer info, usually 1.

   b. sid (SignerIdentifier): Identifies the signer.

      - This can either be the issuer and serial number of the certificate or a subject key identifier.

   c. digestAlgorithm (AlgorithmIdentifier): The hashing algorithm used.

  d. signatureAlgorithm (AlgorithmIdentifier): The algorithm used for the signature (e.g., RSA).

  e. signature (OCTET STRING): The actual signature data.

  f. authenticatedAttributes (SET OF Attribute OPTIONAL): Attributes that are signed along with the message.

  g. unauthenticatedAttributes (SET OF Attribute OPTIONAL): Attributes that are not part of the signature calculation.

This ASN.1 structure provides a standardized and robust framework for encoding cryptographic messages, making it easier for different systems to exchange secure data, especially in areas such as digital signatures and secure email (S/MIME). When processing this data, libraries or utilities that understand ASN.1 are used to decode the structure and verify the signatures or perform the encryption operations.

Learn more about this