Class CmsSignedData
- Namespace
- SimpleSign.Core.Crypto
- Assembly
- SimpleSign.Core.dll
Parsed CMS/PKCS#7 SignedData structure used for signature validation. Contains the signer certificate, signed attributes, message digest, and optional timestamp token.
public sealed class CmsSignedData- Inheritance
-
CmsSignedData
- Inherited Members
Properties
Certificates
All certificates embedded in the CMS structure.
public IReadOnlyList<X509Certificate2> Certificates { get; init; }Property Value
CommitmentTypeOid
OID of the commitment type from the id-aa-ets-commitmentType attribute (RFC 5126 §5.11.1). Common values: proofOfOrigin (1.2.840.113549.1.9.16.6.1), proofOfApproval (1.2.840.113549.1.9.16.6.5).
public string? CommitmentTypeOid { get; init; }Property Value
ContentTypeOid
OID from the id-contentType signed attribute (OID 1.2.840.113549.1.9.3). Per RFC 5652 §5.3, this MUST be present in signedAttrs and MUST equal id-data (1.2.840.113549.1.7.1). For document timestamps (ETSI.RFC3161) this is id-ct-TSTInfo (1.2.840.113549.1.9.16.1.4).
public string? ContentTypeOid { get; init; }Property Value
DigestAlgorithmOid
OID of the digest algorithm used (e.g., SHA-256 = 2.16.840.1.101.3.4.2.1).
public string DigestAlgorithmOid { get; init; }Property Value
EContentTypeOid
OID of the eContentType from the encapContentInfo in the CMS SignedData. For regular signatures this is id-data (1.2.840.113549.1.7.1). For document timestamps (ETSI.RFC3161) this is id-ct-TSTInfo (1.2.840.113549.1.9.16.1.4).
public string? EContentTypeOid { get; init; }Property Value
ManifestJson
Raw UTF-8 JSON bytes of the signature manifest from the SimpleSign manifest attribute (OID 2.16.76.1.12.1.1). Contains signer evidence: name, masked CPF, email, IP, auth method, institution.
public byte[]? ManifestJson { get; init; }Property Value
- byte[]
MessageDigest
The messageDigest signed attribute value (hash of the document bytes).
public byte[]? MessageDigest { get; init; }Property Value
- byte[]
Signature
The cryptographic signature bytes from SignerInfo.
public byte[]? Signature { get; init; }Property Value
- byte[]
SignatureAlgorithmOid
OID of the signature algorithm (e.g., RSA-SHA256, RSA-PSS, ECDSA-SHA256).
public string SignatureAlgorithmOid { get; init; }Property Value
SignaturePolicyOid
OID of the signature policy from the id-aa-ets-sigPolicyId attribute (RFC 5126 §5.8.1). Identifies the signature policy under which the signature was created.
public string? SignaturePolicyOid { get; init; }Property Value
SignatureTimestampToken
RFC 3161 timestamp token embedded as an unsigned attribute (id-aa-signatureTimeStampToken, OID 1.2.840.113549.1.9.16.2.14). Present in PAdES-B-T and higher conformance levels.
public byte[]? SignatureTimestampToken { get; init; }Property Value
- byte[]
SignedAttrs
DER-encoded signedAttrs (with SET OF tag 0x31 for verification).
public byte[]? SignedAttrs { get; init; }Property Value
- byte[]
SignerCertificate
The signer's certificate (matched by issuer/serial from SignerInfo).
public X509Certificate2? SignerCertificate { get; init; }Property Value
SigningCertificateV2Hash
SHA-256 hash of the signer certificate extracted from the id-aa-signingCertificateV2 attribute. Used to verify cryptographic binding between certificate and signature (anti-substitution).
public byte[]? SigningCertificateV2Hash { get; init; }Property Value
- byte[]
SigningTime
Signing time from the signingTime signed attribute, if present.
public DateTimeOffset? SigningTime { get; init; }Property Value
TstMessageImprintHash
Hashed bytes from TSTInfo.messageImprint.hashedMessage, populated when EContentTypeOid == id-ct-TSTInfo. This is the actual hash of the document byte range, NOT the CMS messageDigest.
public byte[]? TstMessageImprintHash { get; init; }Property Value
- byte[]
TstMessageImprintHashAlgOid
Hash algorithm OID from TSTInfo.messageImprint, populated when EContentTypeOid == id-ct-TSTInfo. This is the algorithm used to hash the document byte range (the real document hash).
public string? TstMessageImprintHashAlgOid { get; init; }