-1

Assume that there is a specific ASN 1 representation for a specific message in a standard. But the question is that we have to first sign this message and then do encoding according ASN 1 or we have to first convert to ASN 1 and then sign it?

Thank you in advance for your help.

Questioner
  • 662
  • 1
  • 10
  • 26
  • downvote b/c this question is not going to be helpful to others since it depends on some specification that isn't being shared. – Kevin Jul 08 '15 at 13:20
  • @Kevin, but I think the sequence of encoding and signature is a general rule in all of standards. – Questioner Jul 08 '15 at 14:36

1 Answers1

1

It depends on your application, but the common practice is to format message in ASN and then sign resulting ASN structure. It would look as follows:

SignedMessage           ::= SEQUENCE {
   tbsData              ToBeSignedData,
   signatureAlgorithm   AlgorithmIdentifier {SIGNATURE-ALGORITHM,
                            {sa-dsaWithSHA1 | sa-rsaWithSHA1 |
                                 sa-rsaWithMD5 | sa-rsaWithMD2, ...}},
   signature            BIT STRING,
   certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
}

this means that the signature is calculated over tbsData structure.

Crypt32
  • 12,850
  • 2
  • 41
  • 70
  • Thank you so much for your useful answer. But in fact there is some confusion yet that I can't understand, I can send you related standard's document, but the problem is that the documents are confidential and I can't publish it in public. So, I am so grateful to you if you could grant me an email address to send related documents that is only 5-7 pages. Really I appreciate your help. – Questioner Jul 07 '15 at 18:58
  • Find my web site in the profile page and use email link under avatar (on my website) to contact me. – Crypt32 Jul 07 '15 at 21:09
  • Thank you so much again. I sent you a message including related documents and code. – Questioner Jul 08 '15 at 11:01