How do I get the subject public key from a PKCS7 message?

Question

Quoting RFC4562, Cryptographic Message Syntax (CMS), section 5.6. Signature Verification Process:

The recipient MAY obtain the correct public key for the signer by any means, but the preferred method is from a certificate obtained from the SignedData certificates field.

The certificates field is a SET OF CertificateChoices which can be any of the following:

• Certificate
• ExtendedCertificate
• AttributeCertificateV1
• AttributeCertificateV2
• OtherCertificateFormat

The first two have a subjectPublicKey field but the last three do not seem to. They have Attribute fields that could contain a subjectPublicKey I suppose -- but if they don't it makes me wonder what the point of including them as possible choices is?

Answer 1

As you have noted, the public key is included in the Certificate. However, a PKCS7 message does not mandate the inclusion of the Certificate.

The person signing may or may not include their X.509 certificate for the recipient to use to verify the signature. If it is not included, the recipient has to obtain a copy of the signer's certificate by other means.

(http://www.cryptosys.net/pki/manpki/pki_signeddata.html)

However, ISO 14533 (if the security product uses this standard) defines the Certificate field as Mandatory for signed data; AttributeCertificateV2 as Conditional; and, OtherCertificateFormat as Conditional. (http://standardsproposals.bsigroup.com/Home/getPDF/2447)

Also, per https://www.ietf.org/rfc/rfc3852.txt, two of the five certificate formats are now obsolete:

      CertificateChoices ::= CHOICE {
   certificate Certificate,
   extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
   v1AttrCert [1] IMPLICIT AttributeCertificateV1,       -- Obsolete
   v2AttrCert [2] IMPLICIT AttributeCertificateV2,
   other [3] IMPLICIT OtherCertificateFormat }