CHAPTER 8
740
Interactive Features
Adobe's
Revocation
Information
attribute
value
has
ASN.1
type
RevocationInfoArchival
:
RevocationInfoArchival ::= SEQUENCE {
crl
[0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
ocsp
[1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
OtherRevInfo ::= SEQUENCE {
Type OBJECT IDENTIFIER
Value OCTET STRING
}
For byte range signatures,
Contents
is a hexadecimal string with “
<
” and “
>
” de-
limiters. It must fit precisely in the space between the ranges specified by
ByteRange
. Since the length of PKCS#7 objects is not entirely predictable, it is of-
ten necessary to pad the value of
Contents
with zeros at the end of the string (be-
fore the “
>
” delimiter) before writing the PKCS#7 to the allocated space in the file.
The most common format for encoding signature values is
adbe.pkcs7.detached
.
This encoding allows the most options in terms of algorithm use. The following
table shows the algorithms supported for the various
SubFilter
values.
SubFilter value
adbe.pkcs7.detached
Message Digest
SHA1 (PDF 1.3)
SHA256 (PDF 1.6)
SHA384 (PDF 1.7)
SHA512 (PDF 1.7)
RIPEMD160 (PDF 1.7)
Up to 1024-bit (PDF 1.3)
Up to 2048-bit (PDF 1.5)
Up to 4096-bit (PDF 1.5)
Up to 4096-bits (PDF 1.6)
adbe.pkcs7.sha1
SHA1 (PDF 1.3)
b
adbe.x509.rsa.sha1
a
SHA1 (PDF 1.3)
SHA256 (PDF 1.6)
SHA384 (PDF 1.7)
SHA512 (PDF 1.7)
RIPEMD160 (PDF 1.7)
See
adbe.pkcs7.detached
RSA Algorithm Support
See
adbe.pkcs7.detached
DSA Algorithm Support
See
adbe.pkcs7.detached
No
a. Despite the appearance of
sha1
in the name of this
SubFilter
value, supported encodings are not limited to the
SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm is used.
b. Other digest algorithms may be used to digest the signed-data field; however, SHA1 is always used to digest the
data that is being signed.