On Wed, Mar 17, 2004, [EMAIL PROTECTED] wrote: > >From RFC2630: > > 5.4 Message Digest Calculation Process > > The message digest calculation process computes a message digest on > either the content being signed or the content together with the > signed attributes. In either case, the initial input to the message > digest calculation process is the "value" of the encapsulated content > being signed. Specifically, the initial input is the > encapContentInfo eContent OCTET STRING to which the signing process > is applied. Only the octets comprising the value of the eContent > OCTET STRING are input to the message digest algorithm, not the tag > or the length octets. > The result of the message digest calculation process depends on > whether the signedAttributes field is present. When the field is > absent, the result is just the message digest of the content as > described above. When the field is present, however, the result is > the message digest of the complete DER encoding of the > SignedAttributes value contained in the signedAttributes field. > > > Is this the standard?
Yes. > Why openssl use only the authenticated attributes for digest calculation? > It doesn't. What makes you think it does? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]