[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Suggested addition to DSS Core - Estimate CMS Signature Size
Hello all, Applications that use detached CMS signatures and embed the signature bytes into the signed document (such as in PDF signing) need to know what is the expected size of the CMS signature *before* they can calculate the document hash value. The reason is that the file format sometimes specify that the length of the embedded signature object affects the content of the rest of the document is relation to data headers, offset tables, etc, and the hash calculation must cover that data as well. Client applications can not assume a fixed value for the size of the CMS signature since they may need to sign with different certificates each time and only the server knows its own policies regarding including certificate chains, CRLs and other variable size objects as authenticated or un-authenticated attributes of the CMS signature. One solution would be to sign such documents twice - use a dummy hash value in the first signature and use the returned length of the signature object to format the document and calculate the real hash value and then sign again. This kind of solution has many obvious drawbacks, so I suggest we add an optional input that allows the client to ask the server *not* to perform the signature calculation, but only to return in an optional output an estimation of the size of the resulting signature object that would have been returned if the signature calculation was actually made using all the input parameters. The requirement from the server should be to make sure that the returned size is at least equal or greater than the actual size of the signature that would be calculated. Thanks, - Uri Uri Resnitzky Chief Scientists, ARX http://www.arx.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]