Cryptographic Message Syntax (RFC 5652) in Pure Rust
This crate attempts to implement parts of RFC 5652 in pure, safe Rust.
- Partial (de)serialization support for ASN.1 data structures. The Rust structs are all defined. But not everything has (de)serialization code implemented.
- High-level Rust API for extracting useful attributes from a parsed
SignedDatastructure and performing common operations, such as verifying signature integrity.
RFC 5652 is quite old. If you are looking to digitally sign content, you may want to look at something newer, such as RPKI (RFC 6488). (RPKI appears to be the spiritual success to this specification.)
The verification functionality in this crate is purposefully limited and isn’t sufficient for trusting signed data. You need to include additional trust verification if you are using this crate for verifying signed data.
This crate exposes functionality to verify signatures and content integrity of signed data. Specifically it can verify that an embedded cryptographic signature over some arbitrary/embedded content was issued by a known signing certificate. This answers the question did certificate X sign content Y. This is an important question to answer, but it fails to answer other important questions such as:
- Is the signature cryptographically strong or weak? Do I trust the signature?
- Do I trust the signer?
Answering do I trust the signer is an extremely difficult and nuanced problem. It entails things like:
- Ensuring the signing certificate is using secure cryptography.
- Validating that the signing certificate is one you think it was or was issued by a trusted party.
- Validating the certificate isn’t expired or hasn’t been revoked.
- Validating that the certificate contains attributes/extensions desired (e.g. a certificate can be earmarked as used for signing code).
If you are using this crate as part of verifying signed content, you need to have answers to these hard questions. This will require writing code beyond what is available in this crate. You ideally want to use existing libraries for this, as getting this correct is difficult. Ideally you would consult a security/cryptography domain expert for help.
RFC 5652 is based off PKCS #7 version 1.5 (RFC 2315). So common tools/libraries for interacting with PKCS #7 may have success parsing this format. For example, you can use OpenSSL to read the data structures:
$ openssl pkcs7 -inform DER -in
RFC 5652 uses BER (not DER) for serialization. There were attempts to use
other, more popular BER/DER/ASN.1 serialization crates. However, we could
bcder working. In a similar vein, there are other crates
implementing support for common ASN.1 functionality, such as serializing
X.509 certificates. Again, many of these depend on serializers that don’t
seem to be compatible with BER. So we’ve recursively defined ASN.1 data
structures referenced by RFC5652 and taught them to serialize using
Holds Rust struct definitions for various ASN.1 primitives.
Represents the contents of a CMS SignedAttributes structure.
Represents a CMS SignedData structure.
Entity for incrementally deriving a SignedData primitive.
Builder type to construct an entity that will sign some data.
Represents a CMS SignerInfo structure.
Send a Time-Stamp request for a given message to an HTTP URL.
Send a TimeStampReq to a server via HTTP.