bcgit
Add #addDigestAlgorithm(s) method to CMSSignedDataParser
Hello,
Similarly to #955 for CMSSignedData class, a method #addDigestAlgorithm(s) should be added within CMSSignedDataParser, allowing to generate a new CMS, with a custom set of digest algorithms. The current code has limitations on storing digest algorithms used within counter-signatures, as well as for archive-time-stamp-v3 (see ETSI EN 319 122-1, "5.5.3 The archive-time-stamp-v3 attribute").
This currently limits our implementation from upgrading from CMSSignedData to CMSSignedDataParser, thus allowing signing and augmentation of large CMSs (CMS signing huge documents, i.e. 2GB+).
Thank you in advance.
Best regards, Aleksandr
Are you referring to the static "replace*" methods of CMSSignedDataParser? Othewrwise it's not clear why a parser implementation would want to add digest algorithms not present in the actual data.
@peterdettman , currently BC populates digest algorithms set only in case a digest algorithm has been used within a SignerInfo on signing. However, it is a very limited implementation, as digest algorithms may need to be provided in some other cases as well, for instance in case of counter-signatures (see #955) or signature augmentation with an archival-time-stamp-v3 (see #996) as per ETSI EN 319 122-1, which often involves a digest algorithm with a "higher" security level. The necessary improvements have been already implemented in SignedData class in the past, but now similar changes are required within CMSSignedDataParser, in order to allow signature augmentation using streaming.