Comments (3)
I'm pretty sure that the current code is correct for this. It may be that the PKCS#7 spec's name choice for an attribute (issuerAndSerialNumber) is questionable. However, the spec RFC 2315 says the following in section 10.2:
The fields of type RecipientInfo have the following meanings:
issuerAndSerialNumber specifies the recipient's
certificate (and thereby the recipient's
distinguished name and public key) by issuer
distinguished name and issuer-specific serial
number
If that's the case, and the method is supposed to use the recipient's certificate to fetch the recipient from the message, then I believe it is currently doing the right thing, ie: using the certificate's subject (which should be that of the recipient) and comparing it against the RecipientInfo's issuerAndSerialNumber property.
I'm going to close this for now, but if my reading of the spec is inaccurate, feel free to reopen it.
from forge.
Dave,
thanks for looking into this. I was initially confused as well, but if you look at the precise wording of the RFC 2315, it says "issuer distinguished name", i.e. the DN of the issuer - not the subject. It kind of makes sense, as the combination of (issuer name, serial number generated by that issuer) should uniquely identify a certificate.
Also, if you look at other implementations, they seem to use issuer and serial number (and not subject and serial number) as well. E.g. in Bouncy Castle, src/org/bouncycastle/cms/RecipientInformationStore.java, method getRecipients()
So, I will (try to) reopen this.
from forge.
Ok, I'll take another look when I get a chance.
from forge.
Related Issues (20)
- Only 8, 16, 24, or 32 bits supported: 248 HOT 4
- Support for AES-CMAC
- Support different MAC Algorithms to generate PKCS12 wrapper HOT 1
- Add support for SubjectKeyIdentifier in CMS message (PKCS#7) HOT 1
- Add support for RSASSA-PSS as scheme to sign CMS message (PKCS#7)
- Add support for pkcs encryption with secret key for recipient
- node-forge AES-GCM fails to decrypt from .NET core 5.0 HOT 1
- forge/prime.worker.js 404 (Not Found)
- Bug in signcms code
- how can add AIA data to cert?
- Cannot read X.509 certificate. ASN.1 object is not an X509v3 Certificate
- PKCS12 File Password with ISO-8859-9 Encoding
- Can't create a CSR with extKeyUsage extension HOT 1
- Invalid RSAES-OAEP padding WHY
- Inconsistent Key Generation using seed value HOT 6
- License Clarification
- TypeError: i.randomBytes is not a function
- When creating self-signed certificate how can I add subjectAltName HOT 1
- [jsbn] Node 21 introduced `navigator` global object which has changed jsbn behaviour
- node:crypto to node-forge HMAC convertion HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forge.