PNG Digital Signatures Commented Example Martin Bosslet, Thomas Kopp / Dialogika GmbH Document History Version Date Remarks 1.0 17.04.2008 Initial Version According to PNG Digital Signatures Spec. 1.0 1.1 18.05.2008 Introductory Chunk Length Comment Corrected This document outlines a detailed example concerning the dSIG chunk (cf. PNG Digital Signatures, Extension Specification 1.0). The optional yet important PNG digital signature feature can be applied to various use cases, e.g. for cleaning web pages that may contain dangerous PNGs hiding malicious scripts attached by intruders. The example has been elaborated and commented by Martin Bosslet who also provided a proof of concept for signing and verifying PNG images. The following PNG image has been used for attaching a digital signature. 89504E470D0A1A0A # PNG 8-byte signature (not included in the message digest) 0000000D # IHDR: length 13 49484452 # IHDR 000001A40000012C0806000000 # IHDR data 8CAFC780 # IHDR CRC 00000021 # dSIG: length 33 (introductory dSIG chunk) 64534947 # dSIG 301F # SEQUENCE OF 31 bytes 020101 # INTEGER 1 310B # SET OF 11 bytes 3009 # SEQUENCE OF 9 bytes 06052B0E03021A # OBJECT IDENTIFIER 1.3.14.3.2.26 (sha-1) 0500 # NULL 300B # SEQUENCE OF 11 bytes 06092A864886F70D010701 # OBJECT IDENTIFIER 1.2.840.113549.1.7.1 (id-data) 3100 # SET OF 0 bytes # dSIG data << The data is the DER encoding of the following ASN.1 structure: SEQUENCE { INTEGER 1 SET { SEQUENCE { OBJECT IDENTIFIER 1.3.14.3.2.26 NULL } } SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.7.1 } SET { } } The structure represents a signed data instance specified in RFC 3852: SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } The following particularities can be observed: The version is 1. The digest algorithms structure contains the SHA-1 identifier. The encapsulated content is empty and specified by the id data object identifier. Certificates and CRLs are omitted. The structure contains an empty set of signer infos. The introductory dSIG chunk serves for the sole purpose to inform a verifier about the digest algorithms used in order to support streamed processing. >> FF5690A9 # dSIG CRC 00000001 # sRGB: length 1 73524742 # sRGB 00 # sRGB data AECE1CE9 # sRGB CRC 00000006 # bKGD: length 6 624B4744 # bKGD 00F600C2000E # bKGD data 4BA471AB # bKGD CRC 00000009 # pHYs: length 9 70485973 # pHYs 00000B1300000B1301 # pHYs data 009A9C18 # pHYs CRC 00000007 # tIME: length 7 74494D45 # tIME 07D8040F0A0110 # tIME data 96612687 # tIME CRC 00000019 # tEXt: length 25 74455874 # tEXt 436F6D6D656E74004372656174656420776974682047494D50 # tEXt data (origin: GIMP) 57810E17 # tEXt CRC 00002000 # IDAT: length 8192 49444154 # IDAT: [Omitted 10 IDAT chunks of 8192 bytes each, followed by a final one of 3172 bytes.] D2B26128 # last IDAT CRC 00000654 # dSIG: length 1620 64534947 # dSIG 30820650 # SEQUENCE OF 1616 bytes 020101 # INTEGER 1 3100 # SET OF 0 bytes 300B # SEQUENCE OF 11 bytes 06092A864886F70D010701 # OBJECT IDENTIFIER 1.2.840.113549.1.7.1 (id-data) A0820547 # [0] IMPLICIT TAGGED STRUCTURE OF 1351 bytes 30820543 # SEQUENCE OF 1347 bytes 3082042B # SEQUENCE OF 1067 bytes A003 # [0] IMPLICIT TAGGED STRUCTURE OF 3 bytes 020102 # INTEGER 2 02020A4F # INTEGER 2639 300D # SEQUENCE OF 13 bytes 06092A864886F70D010105 # OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha-1 & rsa) 0500 # NULL 3045 # SEQUENCE OF 69 bytes 310B # SET OF 11 bytes 3009 # SEQUENCE OF 9 bytes 0603550406 # OBJECT IDENTIFIER 2.5.4.6 (countryName) 13024C55 # PrintableString LU 3115 # SET OF 21 bytes 3013 # SEQUENCE OF 19 bytes 060355040A # OBJECT IDENTIFIER 2.5.4.10 (organizationName) 130C4C7578547275737420732E61 # PrintableString LuxTrust s.a 311F # SET OF 31 bytes 301D # SEQUENCE OF 29 bytes 0603550403 # OBJECT IDENTIFIER 2.5.4.3 (commonName) 13164C75785472757374204E6F726D616C69736564204341 # PrintableString LuxTrust Normalised CA 301E # SEQUENCE OF 30 bytes 170D3037303532313133303031345A # UTCTime Mon May 21 15:00:14 CEST 2007 170D3130303532313133303031345A # UTCTime Fri May 21 15:00:14 CEST 2010 30820100 # SEQUENCE OF 256 bytes 310B # SET OF 11 bytes 3009 # SEQUENCE OF 9 bytes 0603550406 # OBJECT IDENTIFIER 2.5.4.6 (countryName) 13024445 # PrintableString DE 3110 # SET OF 16 bytes 300E # SEQUENCE OF 14 bytes 0603550407 # OBJECT IDENTIFIER 2.5.4.7 (localityName) 13074765726D616E79 # PrintableString Germany 3117 # SET OF 23 bytes 3015 # SEQUENCE OF 21 bytes 060355040A # OBJECT IDENTIFIER 2.5.4.10 (organizationName) 130E4469616C6F67696B6120476D6248 # PrintableString Dialogika GmbH 3115 # SET OF 21 bytes 3013 # SEQUENCE OF 19 bytes 060355040B # OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) 130C485242204E722E2037333437 # PrintableString HRB Nr. 7347 311D # SET OF 29 bytes 301B # SEQUENCE OF 27 bytes 0603550403 # OBJECT IDENTIFIER 2.5.4.3 (commonName) 13144D617274696E20506574657220426F73736C6574 # PrintableString Martin Peter Bosslet 3110 # SET OF 16 bytes 300E # SEQUENCE OF 14 bytes 0603550404 # OBJECT IDENTIFIER 2.5.4.4 (surname) 1307426F73736C6574 # PrintableString Bosslet 3115 # SET OF 21 bytes 3013 # SEQUENCE OF 19 bytes 060355042A # OBJECT IDENTIFIER 2.5.4.42 (givenName) 130C4D617274696E205065746572 # PrintableString Martin Peter 311D # SET OF 29 bytes 301B # SEQUENCE OF 27 bytes 0603550405 # OBJECT IDENTIFIER 2.5.4.5 (serialNumber) 13143130313030333832343830303030323130393830 # PrintableString 10100382480000210980 312A # SET OF 42 bytes 3028 # SEQUENCE OF 40 bytes 06092A864886F70D010901 # OBJECT IDENTIFIER 1.2.840.113549.1.9.1 (emailAddress) 161B6D617274696E2E626F73736C6574406469616C6F67696B612E6465 # IA5String martin.bosslet@dialogika.de 311C # SET OF 28 bytes 301A # SEQUENCE OF 26 bytes 060355040C # OBJECT IDENTIFIER 2.5.4.12 (title) 131350726F66657373696F6E616C20506572736F6E # PrintableString Professional Person 30819F # SEQUENCE OF 159 bytes 300D # SEQUENCE OF 13 bytes 06092A864886F70D010101 # OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsa) 0500 # NULL 03818D # BIT STRING OF 141 bytes 0030818902818100A5318FD0FBF26C6A2377B4488D5FCF52282B2B25AAC6A0003FD3BC8B 0377804F8DEC8394D54469DA6417F0E274852FAB422B0A6B2E94FFF9A3F170FB8947FCF2 5E2C5E1FDB74EC2F8C9C862C4F52BC33CA34F4825512BC6D32798D33D12950A6F678EA40 46F007317104C5661AB838E0939AD9D84647E377DFDDC6B5936A9BF50203010001 A3820202 # [3] IMPLICIT TAGGED STRUCTURE OF 514 bytes 308201FE # SEQUENCE OF 510 bytes 300C # SEQUENCE OF 12 bytes 0603551D13 # OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) 0101FF # BOOLEAN true 04023000 # OCTET STRING OF 2 bytes 3060 # SEQUENCE OF 96 bytes 06082B06010505070101 # OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) 04543052302306082B060105050730018617687474703A2F2F6F6373702E6C7578747275 73742E6C75302B06082B06010505073002861F687474703A2F2F63612E6C757874727573 742E6C752F4C544E43412E637274 # OCTET STRING OF 84 bytes 3082010A # SEQUENCE OF 266 bytes 0603551D20 # OBJECT IDENTIFIER 2.5.29.32 (cerificatePolicies) 048201013081FE3008060604008F7A01023081F106072B812B010201013081E53081B706 082B060105050702023081AA1A81A74C75785472757374204E6F726D616C697365642043 65727469666963617465206F6E20535343442E2055736167653A20456C656374726F6E69 63205369676E617475726520284F494420312E332E3137312E312E322E312E3129204175 7468656E7469636174696F6E2020616E6420456E6372797074696F6E20284F4944312E33 2E3137312E312E322E312E32292E204B65792047656E65726174696F6E20627920435350 2E20302906082B06010505070201161D687474703A2F2F7265706F7369746F72792E6C75 7874727573742E6C75 # OCTET STRING OF 257 bytes 300B # SEQUENCE OF 11 bytes 0603551D0F # OBJECT IDENTIFIER 2.5.29.15 (keyUsage) 0404030204B0 # OCTET STRING OF 4 bytes 301F # SEQUENCE OF 31 bytes 0603551D23 # OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) 041830168014CEFE469D632F89FDF2381625D8F16CDE47F8CEC1 # OCTET STRING OF 24 bytes 3031 # SEQUENCE OF 49 bytes 0603551D1F # OBJECT IDENTIFIER 2.5.29.31 (crlDistributionPoints) 042A30283026A024A0228620687474703A2F2F63726C2E6C757874727573742E6C752F4C 544E43412E63726C # OCTET STRING OF 42 bytes 301D # SEQUENCE OF 29 bytes 0603551D0E # OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) 041604149B93CC4AA2F18692880D41AB02D3C6BBDD362452 # OCTET STRING OF 22 bytes 300D # SEQUENCE OF 13 bytes 06092A864886F70D010105 # OBJECT IDENTIFIER 1.2.840.113549.1.1.5 (sha-1 & rsa) 0500 # NULL 03820101 # BIT STRING OF 257 bytes 00B76BE507F770E0D3018178BFA2AD55B4FF455FDB58258C7B65305E2220D8E8B723A8AA F7F57A9369387938F22A8AEC22EA9946F2E5F1C5DD60F447A98407F6508457A42EE203D3 68DEF26520E52B8BE52475630ED605E187B78494DF8A92AC14527A5390B2E05481E58726 9B3C02DB308179A9947663CC7BBECF1FCC8FCEE95DC76A88C9FB082F1F1627E8DB5C0CC4 5411FD08D79F9EC7D949D5A94096B352F84719533F1442DAEE9BC55386C33BC56455852D 087282FC1443D225C763DB1C800EC777D3907C55797199212165FBBA7ADA01B192D1BF3D 45E5A073F80652760AEBF772D81764A7622956F4D1942BD36CBF98EDF8EC096427C098DA 087D4ED232 3181F0 # SET OF 240 bytes 3081ED # SEQUENCE OF 237 bytes 020101 # INTEGER 1 304B # SEQUENCE OF 75 bytes 3045 # SEQUENCE OF 69 bytes 310B # SET OF 11 bytes 3009 # SEQUENCE OF 9 bytes 0603550406 # OBJECT IDENTIFIER 2.5.4.6 (countryName) 13024C55 # PrintableString LU 3115 # SET OF 21 bytes 3013 # SEQUENCE OF 19 bytes 060355040A # OBJECT IDENTIFIER 2.5.4.10 (organizationName) 130C4C7578547275737420732E61 # PrintableString LuxTrust s.a 311F # SET OF 31 bytes 301D # SEQUENCE OF 29 bytes 0603550403 # OBJECT IDENTIFIER 2.5.4.3 (commonName) 13164C75785472757374204E6F726D616C69736564204341 # PrintableString LuxTrust Normalised CA 02020A4F „ INTEGER 2639 3009 # SEQUENCE OF 9 bytes 06052B0E03021A # OBJECT IDENTIFIER 1.3.14.3.2.26 (sha-1) 0500 # NULL 300D # SEQUENCE OF 13 bytes 06092A864886F70D010101 # OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsa) 0500 # NULL 048180 # OCTET STRING OF 128 bytes 93B2F085AF3806A86EE61094C2168990BD1C7205B4E7469209324A76E3D47B0D8E80A446 D363A2B3850AEA41C5C1D6F2A5E064496E122E5248D060C4FE38B0C7C9AE6DCE54E813C4 09C5324793A7139E162B2ABFEBBB0DC9E0B65E5C802163B1971762C9D60A9CC1CB2AF477 55B91D35A49248ECF1171521CD39043E2062ADEE # dSIG data << The terminating dSIG chunk again is a DER-encoded signed data instance: SEQUENCE { INTEGER 1 SET { } SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.7.1 } [0] { SEQUENCE { SEQUENCE { [0] { INTEGER 2 } INTEGER 2639 SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.1.5 NULL } SEQUENCE { SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.6 PrintableString LU } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.10 PrintableString LuxTrust s.a } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.3 PrintableString LuxTrust Normalised CA } } } SEQUENCE { UTCTime Mon May 21 15:00:14 CEST 2007 UTCTime Fri May 21 15:00:14 CEST 2010 } SEQUENCE { SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.6 PrintableString DE } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.7 PrintableString Germany } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.10 PrintableString Dialogika GmbH } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.11 PrintableString HRB Nr. 7347 } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.3 PrintableString Martin Peter Bosslet } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.4 PrintableString Bosslet } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.42 PrintableString Martin Peter } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.5 PrintableString 10100382480000210980 } } SET { SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.9.1 IA5String martin.bosslet@dialogika.de } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.12 PrintableString Professional Person } } } SEQUENCE { SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.1.1 NULL null } BIT STRING {2, 3, 8, 15, 16, 20, 23, 30, 32, 39, 40, 47, 56, 58, 61, 63, 66, 67, 71, 72, 76, 77, 78, 79, 80, 81, 83, 88, 89, 90, 91, 92, 94, 95, 96, 97, 98, 99, 102, 105, 106, 108, 109, 113, 114, 116, 118, 122, 126, 127, 129, 130, 131, 133, 134, 135, 136, 138, 139, 141, 145, 148, 152, 156, 157, 159, 161, 163, 164, 165, 166, 167, 168, 169, 172, 173, 174, 175, 177, 179, 182, 186, 188, 194, 196, 198, 199, 202, 204, 206, 207, 210, 213, 215, 216, 218, 220, 222, 224, 225, 229, 230, 232, 234, 250, 251, 252, 253, 254, 255, 256, 257, 259, 262, 263, 264, 266, 267, 268, 269, 272, 276, 278, 279, 286, 287, 289, 290, 291, 293, 294, 295, 296, 305, 308, 309, 310, 311, 312, 316, 317, 319, 320, 321, 322, 324, 325, 328, 334, 335, 336, 339, 341, 344, 345, 347, 349, 351, 353, 357, 361, 362, 364, 367, 368, 369, 371, 372, 374, 377, 378, 381, 387, 389, 390, 391, 392, 393, 394, 395, 400, 401, 402, 406, 409, 410, 411, 413, 416, 421, 423, 426, 428, 429, 430, 431, 432, 434, 436, 438, 439, 441, 446, 450, 452, 454, 455, 460, 462, 465, 466, 468, 470, 471, 474, 476, 477, 478, 480, 483, 485, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 503, 504, 506, 510, 511, 512, 513, 514, 515, 519, 521, 522, 523, 528, 529, 530, 531, 532, 534, 535, 536, 540, 543, 545, 549, 550, 551, 552, 553, 554, 555, 556, 557, 560, 561, 562, 563, 566, 569, 571, 572, 573, 574, 578, 580, 581, 585, 587, 588, 589, 590, 595, 596, 597, 598, 599, 600, 601, 603, 604, 606, 607, 609, 610, 611, 613, 616, 617, 618, 620, 621, 626, 628, 629, 630, 631, 632, 636, 637, 640, 643, 644, 645, 648, 653, 654, 658, 660, 661, 665, 668, 669, 670, 671, 673, 675, 678, 680, 682, 683, 684, 685, 690, 691, 694, 695, 696, 697, 700, 702, 706, 707, 709, 712, 713, 714, 715, 717, 720, 726, 729, 731, 733, 735, 739, 742, 744, 746, 747, 748, 749, 753, 754, 756, 757, 759, 762, 763, 766, 769, 770, 771, 772, 775, 776, 780, 781, 783, 786, 787, 790, 791, 792, 793, 795, 799, 802, 804, 807, 809, 811, 816, 818, 821, 822, 824, 825, 826, 827, 829, 830, 833, 834, 835, 836, 840, 841, 842, 844, 846, 849, 857, 861, 862, 864, 865, 866, 867, 877, 878, 879, 882, 883, 887, 889, 890, 891, 895, 901, 904, 905, 909, 911, 913, 914, 917, 918, 923, 924, 926, 928, 930, 931, 932, 938, 939, 940, 944, 945, 946, 952, 955, 958, 959, 960, 963, 964, 966, 968, 969, 971, 972, 975, 976, 977, 979, 980, 985, 989, 990, 993, 997, 998, 999, 1000, 1001, 1002, 1006, 1007, 1009, 1010, 1011, 1013, 1014, 1015, 1016, 1017, 1019, 1020, 1021, 1022, 1023, 1024, 1025, 1027, 1028, 1029, 1031, 1032, 1033, 1037, 1038, 1040, 1042, 1043, 1045, 1047, 1048, 1051, 1054, 1055, 1057, 1058, 1060, 1062, 1064, 1067, 1068, 1070, 1071, 1072, 1073, 1074, 1075, 1077, 1079, 1086, 1094, 1095, 1103, 1119} } [3] { SEQUENCE { SEQUENCE { OBJECT IDENTIFIER 2.5.29.19 BOOLEAN true OCTET STRING 30 00 } SEQUENCE { OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 OCTET STRING { 30 52 30 23 06 08 2B 06 01 05 05 07 30 01 86 17 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 6C 75 78 74 72 75 73 74 2E 6C 75 30 2B 06 08 2B 06 01 05 05 07 30 02 86 1F 68 74 74 70 3A 2F 2F 63 61 2E 6C 75 78 74 72 75 73 74 2E 6C 75 2F 4C 54 4E 43 41 2E 63 72 74 } SEQUENCE { OBJECT IDENTIFIER 2.5.29.32 OCTET STRING { 30 81 FE 30 08 06 06 04 00 8F 7A 01 02 30 81 F1 06 07 2B 81 2B 01 02 01 01 30 81 E5 30 81 B7 06 08 2B 06 01 05 05 07 02 02 30 81 AA 1A 81 A7 4C 75 78 54 72 75 73 74 20 4E 6F 72 6D 61 6C 69 73 65 64 20 43 65 72 74 69 66 69 63 61 74 65 20 6F 6E 20 53 53 43 44 2E 20 55 73 61 67 65 3A 20 45 6C 65 63 74 72 6F 6E 69 63 20 53 69 67 6E 61 74 75 72 65 20 28 4F 49 44 20 31 2E 33 2E 31 37 31 2E 31 2E 32 2E 31 2E 31 29 20 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 20 61 6E 64 20 45 6E 63 72 79 70 74 69 6F 6E 20 28 4F 49 44 31 2E 33 2E 31 37 31 2E 31 2E 32 2E 31 2E 32 29 2E 20 4B 65 79 20 47 65 6E 65 72 61 74 69 6F 6E 20 62 79 20 43 53 50 2E 20 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 72 65 70 6F 73 69 74 6F 72 79 2E 6C 75 78 74 72 75 73 74 2E 6C 75 } SEQUENCE { OBJECT IDENTIFIER 2.5.29.15 OCTET STRING 03 02 04 B0 } SEQUENCE { OBJECT IDENTIFIER 2.5.29.35 OCTET STRING { 30 16 80 14 CE FE 46 9D 63 2F 89 FD F2 38 16 25 D8 F1 6C DE 47 F8 CE C1 } SEQUENCE { OBJECT IDENTIFIER 2.5.29.31 OCTET STRING { 30 28 30 26 A0 24 A0 22 86 20 68 74 74 70 3A 2F 2F 63 72 6C 2E 6C 75 78 74 72 75 73 74 2E 6C 75 2F 4C 54 4E 43 41 2E 63 72 6C } SEQUENCE { OBJECT IDENTIFIER 2.5.29.14 OCTET STRING 04 14 9B 93 CC 4A A2 F1 86 92 88 0D 41 AB 02 D3 C6 BB DD 36 24 52 } } } } SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.1.5 NULL null } BIT STRING {0, 2, 3, 5, 6, 7, 9, 10, 12, 14, 15, 16, 17, 18, 21, 23, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 41, 42, 43, 48, 49, 50, 56, 57, 59, 62, 63, 71, 72, 79, 81, 82, 83, 84, 88, 90, 91, 92, 93, 94, 95, 96, 98, 102, 104, 106, 108, 109, 111, 113, 115, 117, 119, 120, 122, 123, 125, 128, 129, 130, 131, 132, 133, 134, 135, 137, 141, 143, 145, 147, 148, 149, 150, 151, 152, 153, 155, 156, 158, 159, 161, 163, 164, 170, 173, 175, 176, 180, 181, 185, 186, 187, 188, 190, 191, 193, 194, 197, 199, 202, 203, 209, 211, 212, 213, 214, 218, 222, 226, 232, 233, 235, 236, 240, 241, 242, 244, 248, 250, 251, 253, 254, 255, 258, 262, 263, 264, 266, 268, 272, 274, 276, 278, 280, 281, 282, 283, 285, 286, 287, 288, 289, 290, 291, 293, 295, 297, 298, 299, 300, 302, 304, 307, 310, 311, 313, 314, 316, 319, 322, 323, 324, 329, 330, 331, 332, 335, 338, 339, 340, 344, 345, 346, 347, 350, 354, 356, 358, 360, 364, 366, 368, 369, 370, 372, 373, 378, 382, 384, 385, 386, 388, 390, 392, 395, 396, 399, 401, 405, 406, 408, 409, 410, 411, 414, 416, 417, 418, 421, 423, 424, 425, 426, 427, 431, 432, 433, 437, 439, 440, 441, 443, 444, 445, 447, 449, 450, 456, 457, 458, 459, 461, 465, 469, 470, 471, 472, 474, 476, 479, 480, 485, 493, 494, 495, 496, 497, 498, 499, 501, 502, 505, 507, 512, 517, 521, 523, 525, 526, 527, 528, 530, 533, 538, 540, 541, 542, 544, 545, 546, 550, 558, 559, 560, 561, 563, 566, 567, 569, 570, 572, 576, 577, 579, 580, 581, 582, 584, 585, 586, 587, 590, 593, 594, 597, 599, 602, 608, 609, 610, 613, 615, 618, 620, 622, 623, 624, 628, 630, 631, 632, 633, 634, 637, 639, 642, 645, 649, 650, 651, 653, 655, 657, 658, 662, 663, 668, 669, 670, 672, 673, 675, 677, 678, 685, 687, 688, 689, 690, 695, 696, 701, 702, 703, 704, 706, 707, 709, 710, 711, 712, 717, 720, 723, 725, 728, 729, 731, 732, 733, 734, 735, 736, 740, 742, 744, 747, 750, 752, 754, 756, 757, 763, 765, 769, 771, 774, 777, 778, 779, 780, 782, 785, 787, 790, 791, 792, 795, 800, 802, 803, 806, 808, 809, 810, 817, 819, 821, 824, 831, 832, 833, 834, 837, 839, 840, 845, 846, 847, 850, 853, 854, 856, 859, 860, 862, 863, 866, 867, 868, 869, 878, 880, 881, 883, 884, 886, 887, 890, 891, 896, 903, 905, 906, 907, 908, 911, 912, 914, 916, 919, 920, 923, 925, 929, 930, 931, 933, 934, 937, 938, 942, 943, 944, 945, 948, 949, 953, 954, 955, 956, 958, 959, 960, 962, 963, 964, 965, 966, 968, 969, 972, 973, 974, 975, 979, 980, 981, 982, 983, 984, 985, 988, 989, 992, 996, 997, 998, 999, 1000, 1001, 1004, 1005, 1006, 1008, 1009, 1010, 1012, 1015, 1017, 1019, 1020, 1021, 1023, 1024, 1025, 1029, 1030, 1031, 1033, 1034, 1036, 1038, 1040, 1044, 1048, 1049, 1052, 1055, 1056, 1057, 1058, 1059, 1060, 1062, 1063, 1068, 1074, 1076, 1077, 1078, 1079, 1083, 1084, 1085, 1086, 1087, 1091, 1093, 1094, 1098, 1101, 1102, 1103, 1104, 1105, 1106, 1108, 1112, 1113, 1115, 1116, 1118, 1119, 1121, 1123, 1124, 1125, 1132, 1133, 1136, 1137, 1141, 1145, 1147, 1149, 1155, 1159, 1160, 1161, 1162, 1163, 1164, 1165, 1167, 1172, 1176, 1177, 1179, 1181, 1182, 1183, 1184, 1187, 1188, 1189, 1190, 1191, 1192, 1195, 1196, 1197, 1198, 1200, 1201, 1205, 1206, 1207, 1208, 1209, 1211, 1212, 1215, 1217, 1220, 1223, 1224, 1225, 1227, 1229, 1231, 1232, 1234, 1236, 1239, 1241, 1248, 1251, 1253, 1254, 1256, 1258, 1259, 1262, 1263, 1265, 1267, 1270, 1272, 1273, 1274, 1275, 1276, 1281, 1285, 1286, 1287, 1291, 1292, 1295, 1297, 1299, 1302, 1303, 1306, 1307, 1308, 1309, 1310, 1311, 1315, 1317, 1321, 1326, 1328, 1329, 1331, 1332, 1334, 1336, 1337, 1338, 1340, 1341, 1342, 1344, 1347, 1348, 1350, 1351, 1352, 1353, 1357, 1359, 1361, 1363, 1366, 1367, 1368, 1373, 1374, 1376, 1377, 1382, 1383, 1386, 1387, 1388, 1390, 1391, 1392, 1393, 1397, 1399, 1401, 1402, 1405, 1409, 1411, 1413, 1415, 1416, 1421, 1423, 1426, 1428, 1429, 1431, 1436, 1441, 1442, 1443, 1446, 1448, 1454, 1456, 1457, 1458, 1459, 1460, 1461, 1467, 1469, 1473, 1478, 1479, 1480, 1481, 1483, 1486, 1490, 1493, 1495, 1496, 1497, 1501, 1502, 1503, 1505, 1506, 1510, 1511, 1512, 1513, 1515, 1516, 1518, 1519, 1523, 1524, 1525, 1528, 1540, 1541, 1542, 1544, 1545, 1549, 1550, 1551, 1553, 1554, 1555, 1557, 1558, 1559, 1560, 1561, 1563, 1566, 1567, 1568, 1571, 1577, 1578, 1579, 1580, 1581, 1585, 1587, 1589, 1591, 1593, 1594, 1595, 1596, 1599, 1601, 1602, 1603, 1607, 1608, 1611, 1612, 1615, 1618, 1623, 1626, 1631, 1633, 1634, 1637, 1639, 1640, 1641, 1642, 1643, 1644, 1646, 1647, 1648, 1650, 1651, 1652, 1654, 1657, 1658, 1659, 1660, 1662, 1664, 1665, 1667, 1668, 1670, 1679, 1680, 1682, 1683, 1687, 1688, 1691, 1694, 1696, 1697, 1699, 1703, 1704, 1706, 1707, 1708, 1709, 1710, 1711, 1714, 1715, 1716, 1717, 1719, 1721, 1725, 1727, 1728, 1729, 1730, 1733, 1735, 1736, 1738, 1745, 1746, 1747, 1750, 1751, 1752, 1753, 1754, 1755, 1756, 1765, 1766, 1769, 1771, 1774, 1777, 1778, 1779, 1781, 1782, 1788, 1790, 1792, 1793, 1794, 1796, 1798, 1799, 1800, 1801, 1802, 1803, 1805, 1806, 1807, 1809, 1810, 1811, 1814, 1816, 1817, 1819, 1820, 1827, 1829, 1830, 1831, 1833, 1834, 1837, 1840, 1842, 1845, 1846, 1847, 1849, 1850, 1854, 1858, 1860, 1863, 1865, 1867, 1869, 1870, 1872, 1873, 1874, 1875, 1877, 1880, 1881, 1883, 1887, 1888, 1891, 1893, 1898, 1900, 1902, 1903, 1904, 1905, 1907, 1910, 1911, 1913, 1914, 1916, 1917, 1920, 1922, 1923, 1924, 1925, 1926, 1927, 1928, 1931, 1932, 1936, 1937, 1938, 1940, 1941, 1943, 1944, 1945, 1946, 1947, 1948, 1952, 1953, 1954, 1956, 1957, 1964, 1967, 1969, 1970, 1973, 1978, 1981, 1982, 1983, 1984, 1985, 1992, 1995, 1996, 2000, 2001, 2003, 2004, 2006, 2012, 2017, 2018, 2019, 2020, 2021, 2023, 2025, 2028, 2029, 2030, 2032, 2033, 2035, 2038, 2042, 2043, 2046} } } SET { SEQUENCE { INTEGER 1 SEQUENCE { SEQUENCE { SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.6 PrintableString LU } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.10 PrintableString LuxTrust s.a } } SET { SEQUENCE { OBJECT IDENTIFIER 2.5.4.3 PrintableString LuxTrust Normalised CA } } } INTEGER 2639 } SEQUENCE { OBJECT IDENTIFIER 1.3.14.3.2.26 NULL null } SEQUENCE { OBJECT IDENTIFIER 1.2.840.113549.1.1.1 NULL null } OCTET STRING { 93 B2 F0 85 AF 38 06 A8 6E E6 10 94 C2 16 89 90 BD 1C 72 05 B4 E7 46 92 09 32 4A 76 E3 D4 7B 0D 8E 80 A4 46 D3 63 A2 B3 85 0A EA 41 C5 C1 D6 F2 A5 E0 64 49 6E 12 2E 52 48 D0 60 C4 FE 38 B0 C7 C9 AE 6D CE 54 E8 13 C4 09 C5 32 47 93 A7 13 9E 16 2B 2A BF EB BB 0D C9 E0 B6 5E 5C 80 21 63 B1 97 17 62 C9 D6 0A 9C C1 CB 2A F4 77 55 B9 1D 35 A4 92 48 EC F1 17 15 21 CD 39 04 3E 20 62 AD EE } } } } The following particularities can be observed: The version is 1. The digest algorithms structure is empty because this information is supplied ex ante by the introductory chunk. The encapsulated content is empty and specified by the id data object identifier. The certificates section typically contains all certificates required for constructing a path to a trusted root. However, the signer certificate only is listed here. CRLs are omitted. The structure contains the set of signer infos which is the essential part of the dSIG chunk containing the actual digital signature wrapped as a trailing OCTET STRING. The signer info structure conforms to the following general syntax: SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } SignedAttributes ::= SET SIZE (1..MAX) OF Attribute UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute Attribute ::= SEQUENCE { attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue } AttributeValue ::= ANY SignatureValue ::= OCTET STRING The SignedAttrs and UnsignedAttrs are empty. The digest algorithm used is SHA-1 corresponding to the algorithm listed in the introductory chunk, The signature algorithm used is RSA. >> 99765417 # dSIG CRC 00000000 # IEND: length 0 49454E44 # IEND AE426082 # IEND CRC PNG Signature Example Dialogika GmbH & LuxTrust S.A.