Table of Contents

Class CmsAttribute

Namespace
SimpleSign.Core.Crypto
Assembly
SimpleSign.Core.dll

Represents a pre-encoded CMS signed attribute (OID + DER value). Used to inject custom CAdES attributes into the CMS SignedData.

public sealed class CmsAttribute
Inheritance
CmsAttribute
Inherited Members

Properties

DerValue

The DER-encoded value (the content of SET OF { value }).

public byte[] DerValue { get; }

Property Value

byte[]

Oid

The OID of the attribute.

public string Oid { get; }

Property Value

string

Methods

CertValues(params byte[][])

Creates a cert-values attribute (CAdES-XL, RFC 5126 §5.5.1). Embeds the full DER-encoded signer and CA certificates.

public static CmsAttribute CertValues(params byte[][] certDerBytes)

Parameters

certDerBytes byte[][]

DER-encoded certificates. Must contain at least one certificate.

Returns

CmsAttribute

CertificateRefs(params (byte[] Hash, string HashOid, byte[]? IssuerSerial)[])

Creates a certificate-refs attribute (CAdES-X/L, RFC 5126 §5.4.2).

CompleteCertificateRefs ::= SEQUENCE OF OtherCertID
OtherCertID ::= OtherHash { issuerSerial OPTIONAL }
public static CmsAttribute CertificateRefs(params (byte[] Hash, string HashOid, byte[]? IssuerSerial)[] certHashes)

Parameters

certHashes (byte[] Hash, string HashOid, byte[] IssuerSerial)[]

Array of (certHash, hashAlgorithmOid, issuerSerialBytes) tuples. The issuerSerial must be DER-encoded IssuerSerial bytes when provided.

Returns

CmsAttribute

CommitmentTypeIndication(CommitmentType)

Creates a commitment-type-indication attribute (RFC 5126 §5.11.1).

CommitmentTypeIndication ::= SEQUENCE {
  commitmentTypeId  CommitmentTypeIdentifier }
CommitmentTypeIdentifier ::= OID
public static CmsAttribute CommitmentTypeIndication(CommitmentType type)

Parameters

type CommitmentType

Returns

CmsAttribute

Create(string, byte[])

Creates a custom attribute from an OID and a DER-encoded attribute value. The derValue will be wrapped in SET OF by the CMS rendering code.

public static CmsAttribute Create(string oid, byte[] derValue)

Parameters

oid string

The attribute OID.

derValue byte[]

The DER-encoded attribute value (content of SET OF).

Returns

CmsAttribute

Raw(string, byte[])

Creates a CmsAttribute from raw OID and DER-encoded value.

public static CmsAttribute Raw(string oid, byte[] derValue)

Parameters

oid string
derValue byte[]

Returns

CmsAttribute

RevocationRefs(params byte[][])

Creates a revocation-refs attribute (CAdES-X/L, RFC 5126 §5.4.3). Each CRL is SHA-256 hashed and wrapped in a CrlValidatedID inside a single CRLListID.

CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= CHOICE { crl [0] CRLListID }
CRLListID ::= SEQUENCE OF CrlValidatedID
CrlValidatedID ::= SEQUENCE { crlHash  OtherHash }
OtherHash ::= SEQUENCE { hashAlgorithm  AlgorithmIdentifier,
                         hashValue      OCTET STRING }
public static CmsAttribute RevocationRefs(params byte[][] crlDerBytes)

Parameters

crlDerBytes byte[][]

Array of DER-encoded CRL bytes.

Returns

CmsAttribute

RevocationValues(byte[][]?, byte[][]?)

Creates a revocation-values attribute (CAdES-XL, RFC 5126 §5.5.2). Embeds CRLs and/or OCSP responses.

public static CmsAttribute RevocationValues(byte[][]? ocspDerResponses = null, byte[][]? crlDerBytes = null)

Parameters

ocspDerResponses byte[][]

DER-encoded OCSP responses.

crlDerBytes byte[][]

DER-encoded CRLs.

Returns

CmsAttribute

Exceptions

ArgumentException

Both parameters are null or empty — at least one revocation source is required.

SignatureManifestAttr(byte[])

Creates a signature manifest attribute containing JSON-encoded evidence. The data is embedded as an OCTET STRING (UTF-8 JSON) under OID 2.16.76.1.12.1.1.

public static CmsAttribute SignatureManifestAttr(byte[] manifestJsonUtf8)

Parameters

manifestJsonUtf8 byte[]

UTF-8 encoded JSON bytes of the manifest.

Returns

CmsAttribute

SignaturePolicyIdentifier(string, string?)

Creates a signature-policy-identifier attribute (RFC 5126 §5.8.1).

SignaturePolicyIdentifier ::= SEQUENCE {
  signaturePolicyId    SignaturePolicyId,
  sigPolicyHash        SigPolicyHash OPTIONAL }
SignaturePolicyId ::= OID
SigPolicyHash ::= OtherHashAlgAndValue (SEQUENCE { algorithm, hash })
public static CmsAttribute SignaturePolicyIdentifier(string policyOid, string? policyUri = null)

Parameters

policyOid string

OID of the signature policy.

policyUri string

Optional URI of the policy document (encoded as SigPolicyQualifier).

Returns

CmsAttribute