PKCS7: SignedData and SignerInfo

To support Authenticode, this library includes some code to parse and validate SignedData structures. These are defined in several RFC’s, most notably RFC2315 (which is the version Authenticode uses). The structure of all relevant RFC’s follow ASN.1 notation to define the relevant structures. These definitions are not always easily digested, but it does show which fields are available.

This chapter of the documentation shows how these basic structures work, so we can dive deep into their operations in the next chapter.

The following diagram shows the relation between SignedData and SignerInfo:

https://yuml.me/8e9c7bb6.svg

Note that although this diagram is not very complicated, when discussing Authenticode, we will be creating multiple SignedData and SignerInfo structures, nested in each other, so it’s important to fully understand this structure.

SignedData

The SignedData object is the root structure for sending encrypted data in PKCS#7.

class signify.pkcs7.SignedData(data: SignedData | SignedData)

A generic SignedData object. The SignedData object is defined in RFC2315 and RFC5652 (amongst others) and defines data that is signed by one or more signers.

It is based on the following ASN.1 object (as per RFC2315):

SignedData ::= SEQUENCE {
  version Version,
  digestAlgorithms DigestAlgorithmIdentifiers,
  contentInfo ContentInfo,
  certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL,
  crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
  signerInfos SignerInfos
}

This class supports RFC2315 and RFC5652.

data

The underlying ASN.1 data object

digest_algorithm

The digest algorithm, i.e. the hash algorithm, that is used by the signers of the data.

content_type

The class of the type of the content in the object.

content

The actual content, as parsed by the content_type spec.

certificates: CertificateStore

A list of all included certificates in the SignedData. These can be used to determine a valid validation path from the signer to a root certificate.

signer_infos: List[SignerInfo]

A list of all included SignerInfo objects

Parameters:

data – The ASN.1 structure of the SignedData object

classmethod from_envelope(data: bytes, *args: Any, **kwargs: Any) Self

Loads a SignedData object from raw data that contains ContentInfo.

Parameters:

data – The bytes to parse

SignerInfo

class signify.pkcs7.SignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)

The SignerInfo class is defined in RFC2315 and RFC5652 (amongst others) and defines the per-signer information in a SignedData structure.

It is based on the following ASN.1 object (as per RFC2315):

SignerInfo ::= SEQUENCE {
  version Version,
  issuerAndSerialNumber IssuerAndSerialNumber,
  digestAlgorithm DigestAlgorithmIdentifier,
  authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
  digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
  encryptedDigest EncryptedDigest,
  unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
}

This class supports RFC2315 and RFC5652.

data

The underlying ASN.1 data object

parent

The parent SignedData object (or if other SignerInfos are present, it may be another object)

issuer: CertificateName

The issuer of the SignerInfo, i.e. the certificate of the signer of the SignedData object.

serial_number

The serial number as specified by the issuer.

digest_algorithm

The digest algorithm, i.e. the hash algorithm, under which the content and the authenticated attributes are signed.

authenticated_attributes
unauthenticated_attributes

A SignerInfo object can contain both signed and unsigned attributes. These contain additional information about the signature, but also the content type and message digest. The difference between signed and unsigned is that unsigned attributes are not validated.

The type of this attribute is a dictionary. You should not need to access this value directly, rather using one of the attributes listed below.

digest_encryption_algorithm

This is the algorithm used for signing the digest with the signer’s key.

encrypted_digest

The result of encrypting the message digest and associated information with the signer’s private key.

The following attributes are automatically parsed and added to the list of attributes if present.

message_digest

This is an authenticated attribute, containing the signed digest of the data.

content_type

This is an authenticated attribute, containing the content type of the content being signed.

signing_time

This is an authenticated attribute, containing the timestamp of signing. Note that this should only be present in countersigner objects.

countersigner

This is an unauthenticated attribute, containing the countersigner of the SignerInfo.

Parameters:

  • data – The ASN.1 structure of the SignerInfo.

  • parent – The parent SignedData object.

check_message_digest(data: bytes) bool

Given the data, returns whether the hash_algorithm and message_digest match the data provided.

potential_chains(context: VerificationContext) Iterable[Iterable[Certificate]]

Retrieves all potential chains from this SignerInfo instance.

Parameters:

context (VerificationContext) – The context

Returns:

A list of potential certificate chains for this SignerInfo.

Return type:

Iterable[Iterable[Certificate]]

verify(context: VerificationContext) Iterable[Iterable[Certificate]]

Verifies that this SignerInfo verifies up to a chain with the root of a trusted certificate.

Parameters:

context (VerificationContext) – The context for verifying the SignerInfo.

Returns:

A list of valid certificate chains for this SignerInfo.

Return type:

Iterable[Iterable[Certificate]]

Raises:

AuthenticodeVerificationError – When the SignerInfo could not be verified.

CounterSignerInfo

class signify.pkcs7.CounterSignerInfo(data: SignerInfo | SignerInfo, parent: SignedData | None = None)

The class CounterSignerInfo is a subclass of SignerInfo. It is used as the SignerInfo of a SignerInfo, containing the timestamp the SignerInfo was created on. This normally works by sending the digest of the SignerInfo to an external trusted service, that will include a signed time in its response.

Parameters:

  • data – The ASN.1 structure of the SignerInfo.

  • parent – The parent SignedData object.