On 11/05/16 22:03, Russ Housley wrote: > Today, the IETF uses OpenSSL to digitally sign Internet-Drafts. If > you care about the details, please see RFC 5485. > > We are looking to expand Internet-Draft signing, and start signing > RFCs as well. Someone has suggested that we support RFC 5126, "CMS > Advanced Electronic Signatures (CAdES)”. This would mean including > some signed attributes that we do not currently use. > > A CAdES Basic Electronic Signature (CAdES-BES) must include these > signed attributes: > > - Content-type — I know OpenSSL supports this one. - Message-digest — > I know OpenSSL supports this one. - ESS signing-certificate-v2 — I > cannot tell if this is supported. > > The ESS signing-certificate-v2 attribute is defined in RFC 5035. I > am interested in using it with SHA-256. Is it supported? If not, > what would need to happen to get it supported?
With the caveat that I know nothing about CAdES and haven't reviewed the PR in question, you might want to look at this: https://github.com/openssl/openssl/pull/206 If this PR were to be merged it would be a new feature and therefore would not get incorporated until after the up-coming 1.1.0 release. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
