diff options
author | Antonio Iacono <antiac@gmail.com> | 2018-12-12 23:08:49 +0100 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2019-01-27 23:59:21 +0100 |
commit | e85d19c68e7fb3302410bd72d434793e5c0c23a0 (patch) | |
tree | 748f849bfd79db2cc7b35e5c215f4ed8794cbe62 /test | |
parent | 9f5a87fd665cb597fa1c1f4eef882d2d2f833e61 (diff) | |
download | openssl-e85d19c68e7fb3302410bd72d434793e5c0c23a0.tar.gz |
crypto/cms: Add support for CAdES Basic Electronic Signatures (CAdES-BES)
A CAdES Basic Electronic Signature (CAdES-BES) contains, among other
specifications, a collection of Signing Certificate reference attributes,
stored in the signedData ether as ESS signing-certificate or as
ESS signing-certificate-v2. These are described in detail in Section 5.7.2
of RFC 5126 - CMS Advanced Electronic Signatures (CAdES).
This patch adds support for adding ESS signing-certificate[-v2] attributes
to CMS signedData. Although it implements only a small part of the RFC, it
is sufficient many cases to enable the `openssl cms` app to create signatures
which comply with legal requirements of some European States (e.g Italy).
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7893)
Diffstat (limited to 'test')
-rw-r--r-- | test/recipes/80-test_cms.t | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index d0ee2da6c0..76f1ec20af 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -219,6 +219,22 @@ my @smime_cms_tests = ( "-CAfile", catfile($smdir, "smroot.pem") ] ], + [ "signed content DER format, RSA key, CAdES-BES compatible", + [ "-sign", "-cades", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + + [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", + [ "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform", + "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], + [ "-verify", "-in", "test.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + ], + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", [ "-encrypt", "-in", $smcont, "-stream", "-out", "test.cms", "-keyid", |