Standard digital signature data representation

Question

I am creating digital signatures using various scheme, e.g. RSASSA-PSS.

The result is bytes that represents signed data with private key.

I would like to store signature as a standard data representation that would be understand by third parties software, including what type of signature data represents, etc.

What should be used?

Is CMS Signed Data structure good for this purpose?

I am not using OpenPGP keys and formats. How to use it in comparison with CMS Signed Data? — user1563721, Dec 10 '15 at 11:21
What kind of document are you signing? What information do you want to store : only the digital signature or the signed data with the signature? — zr_ifrit, Dec 10 '15 at 12:34
Signed data with its signature will be stored. Signed is general files. — user1563721, Dec 10 '15 at 12:42

score 0 · Accepted Answer · answered Dec 10 '15 at 12:56

CMS can be good if you want to store the signed data with the signature.

If you are signing always the same type of file, some formats can be preferable :

PADeS for pdf files
XADeS for xml files
CADeS for any file

Each format can have different levels, which match with different trust levels. They can be found on the ETSI site.

If you are using Java, the open-source library SD-DSS is available an do it very well.

sources :

CADeS : https://www.eldos.com/security/articles/7031.php?page=all

ETSI documentation : http://www.etsi.org/standards-search

SD-DSS : https://joinup.ec.europa.eu/software/sd-dss/release/all

Standard digital signature data representation

1 Answers1