cm/signed format (KEKS)

Next: cm/pub format, Previous: cm/prv format, Up: Cryptographic messages [Index]

cm/signed format ¶

Signed container, some kind of analogue to ASN.1-based CMS SignedData.

Ability to embed the data in the signed container
Ability to create detached signature
Ability to use non-prehashed signature of the embedded data, potentially gaining more security
Prehashed format is streaming friendly
You can use Merkle-tree based hashing mode to parallelise calculations
Ability to attach arbitrary additional data
Ability to store multiple signatures

Stored in a file, it should begin with "cm/signed" magic, unless it is a public key.

av {
    {field . {map}}
    {field a {str} >0} {# algorithm identifier}
    {field v {bin}}
}

fpr {{field . {bin} len=32}}

schema-include av.tcl
schema-include fpr.tcl

signed {
    {field load {with load}}
    {field sigs {list} {of sig} >0 optional}
    {field pubs {list} {of map} >0 optional}
}

load {
    {field . {map}}
    {field t {str} >0}
}

sig {
    {field tbs {with tbs}}
    {field sign {with av}}
}

tbs {
    {field . {map}}
    {field sid {with fpr}}
    {field nonce {bin} >0 optional} {# random bytes}
    {field when {tai} utc prec=ms optional}

    {# recipient's fingerprints}
    {field encrypted-to {list} {of fpr} >0 optional}
}

schema-include signed-prehash.tcl

Signature is created by signing the:

[detached-data] || /load || sig-tbs

If no /load/v is provided, then the data is detached from the cm/signed structure itself and it is fed into hasher before that structure. You can provide it any way you wish, but for keeping that detached data closely to the cm/signed, you should use the following approach:

cm-signed-prehash || BLOB(detached-data) || cm-signed

prehash {
    {field t {str} =prehash}
    {field sigs {set} >0} {# set of /sigs/*/sign/a}
}

With cm-signed-prehash you initialise your hashers used during signing process and feed BLOB’s contents (not the encoded BLOB itself!) into the them.

/sigs/*/tbs/when is optional signing time.

Additional values that must be protected (covered by signature) are placed in /sigs/*/tbs map. Non-protected (informational) fields are placed outside it.

/pubs are optionally provided public keys to help creating the whole verification chain. They are placed outside /sigs, because some of them may be shared among signers.

If signed data is also intended to be encrypted, then /sigs/*/tbs/encrypted-to should be set to corresponding recipient’s public key fingerprint(s).

• cm-signed-gost3410:		cm/signed with GOST R 34.10-2012
• cm-signed-gost3410-merkle:		cm/signed with GOST R 34.10-2012 with Merkle-tree hashing
• cm-signed-ed25519-blake2b:		cm/signed with Ed25519-BLAKE2b
• cm-signed-ed25519ph-blake2b-merkle:		cm/signed with Ed25519-BLAKE2b with Merkle-tree hashing
• cm-signed-sphincs+-shake-256f:		cm/signed with SPHINCS+-SHAKE256-256f
• cm-signed-sphincs+-shake-256f-merkle:		cm-signed-sphincs+-shake-256f with Merkle-tree hashing