Previous Next
740
CHAPTER 8 Interactive Features
Adobe's Revocation Information attribute value has ASN.1 type
RevocationInfoArchival:
RevocationInfoArchival ::= SEQUENCE {
crl [0] EXPLICIT SEQUENCE of CRLs, OPTIONAL
ocsp [1] EXPLICIT SEQUENCE of OCSP Responses, OPTIONAL
otherRevInfo [2] EXPLICIT SEQUENCE of OtherRevInfo, OPTIONAL
}
OtherRevInfo ::= SEQUENCE {
Type OBJECT IDENTIFIER
Value OCTET STRING
}
For byte range signatures, Contents is a hexadecimal string with “<” and “>” de-
limiters. It must fit precisely in the space between the ranges specified by
ByteRange. Since the length of PKCS#7 objects is not entirely predictable, it is of-
ten necessary to pad the value of Contents with zeros at the end of the string (be-
fore the “>” delimiter) before writing the PKCS#7 to the allocated space in the file.
The most common format for encoding signature values is adbe.pkcs7.detached.
This encoding allows the most options in terms of algorithm use. The following
table shows the algorithms supported for the various SubFilter values.
SubFilter value
adbe.pkcs7.detached adbe.pkcs7.sha1 adbe.x509.rsa.sha1a
Message Digest SHA1 (PDF 1.3) SHA1 (PDF 1.3)b SHA1 (PDF 1.3)
SHA256 (PDF 1.6) SHA256 (PDF 1.6)
SHA384 (PDF 1.7) SHA384 (PDF 1.7)
SHA512 (PDF 1.7) SHA512 (PDF 1.7)
RIPEMD160 (PDF 1.7) RIPEMD160 (PDF 1.7)
RSA Algorithm Support Up to 1024-bit (PDF 1.3) See adbe.pkcs7.detached See
Up to 2048-bit (PDF 1.5) adbe.pkcs7.detached
Up to 4096-bit (PDF 1.5)
DSA Algorithm Support Up to 4096-bits (PDF 1.6) See adbe.pkcs7.detached No
a. Despite the appearance of sha1 in the name of this SubFilter value, supported encodings are not limited to the
SHA1 algorithm. The PKCS#1 object contains an identifier that indicates which algorithm is used.
b. Other digest algorithms may be used to digest the signed-data field; however, SHA1 is always used to digest the
data that is being signed.
Previous Next