2

I am wondering why CMS (PKCS#7) Signed Data contains always a different signature of the original data when the SHA256withRSA signature algorithm is used. (using Bouncy Castle by the way)

The SHA256withRSA is using the SHA-256 as a message digest algorithm and EMSA-PKCS1-v1_5 for encoding the message digest before signature generation operation with the RSA private key.

As these algorithms are deterministic, I would expect that each time I would create a CMS Signed Data the signature of the data will be the same. However, it is not. I can verify it with the opposite process. I will decrypt the signature using the RSA public key, decode EMSA-PKCS1-v1_5 and the resulting hash is different than hash of the original message.

Someone able to explain me how it works, why the signature is always different?

This is what should be equal from my point of view:

Message1 -> generate CMSSignedData(private key)
Generated CMSSignedData -> get signature -> decrypt(signature) -> decode -> MD2

SHA256(Message1) = MD1


MD1 != MD2 <---- I would expect that this will be equal !!!
user1563721
  • 583
  • 4
  • 17

1 Answers1

2

That's likely because the data used for the signature generation actually changes between the signing. That would e.g. be the case if that data contains the signing time. Note that within CMS the data is not directly signed; it is first hashed, put in a structure and then that's what is getting signed.

Also note that inclusion of the local time generated by the system is not the same thing as using a time stamping service.

Community
  • 1
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323