Add support for SubjectKeyIdentifier in CMS message (PKCS#7) #1064
Comments
|
Some info on subjectKeyIdentifier in the RFC: https://datatracker.ietf.org/doc/html/rfc5652 SignerIdentifier ::= CHOICE { If the SignerIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 1. If the SignerIdentifier is subjectKeyIdentifier, then the version MUST be 3. subjectKeyIdentifier MUST be used to refer to a public key contained in a non-X.509 certificate. RecipientIdentifier ::= CHOICE { If the RecipientIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 0. If the RecipientIdentifier is subjectKeyIdentifier, then the version MUST be 2. |
A SignerIdentifier or RecipientIdentifier references the public key of the signer or recipient.
Currently this requires an x509 certificate of which the issuer and serialnumber are taken.
The spec supports an alternative choice for this as the key of the signer or recipient are not necessarely an x509 certificate.
This alternative is the field 'SubjectKeyIdentifier'.
It should be possible to define this as identifier instead of issuer and serialnumber to support cases where there isn't an x509 certificate available.
The text was updated successfully, but these errors were encountered: