PKCS-7 签名

SignedData ::= SEQUENCE {
  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
  digestAlgorithms                  DigestAlgorithmIdentifiers,
  contentInfo                           ContentInfo,
  certificates CHOICE {
        certSet                [0] IMPLICIT ExtendedCertificatesAndCertificates,
        certSequence     [2] IMPLICIT Certificates
       } OPTIONAL,
   crls CHOICE {
        crlSet               [1] IMPLICIT CertificateRevocationLists,
        crlSequence    [3] IMPLICIT CRLSequence
      } OPTIONAL,
   signerInfos     SignerInfos
} 

Version ::= INTEGER

DigestAlgorithmIdentifiers ::= CHOICE {
  daSet                 SET OF DigestAlgorithmIdentifier,
  daSequence      SEQUENCE OF DigestAlgorithmIdentifier
}

DigestAlgorithmIdentifier ::=  AlgorithmIdentifier

ContentInfo ::= SEQUENCE {
  contentType  ContentType,
  content          [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType}) 
OPTIONAL
}

CONTENTS ::= TYPE-IDENTIFIER

Contents CONTENTS ::= {
  {Data                    IDENTIFIED BY data}                   |
  {SignedData              IDENTIFIED BY signedData}             |
  {EnvelopedData           IDENTIFIED BY envelopedData}          |
  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} |
  {DigestedData            IDENTIFIED BY digestedData}           |
  {EncryptedData           IDENTIFIED BY encryptedData},
  ...  -- add any application-specific types/contents here
}

ContentType ::= CONTENTS.&id({Contents})

Data ::= OCTET STRING

ExtendedCertificatesAndCertificates ::=  SET OF ExtendedCertificateOrCertificateExtendedCertificateOrCertificate ::= CHOICE {
  certificate          Certificate,                      -- X.509
  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6
}

ExtendedCertificate ::= Certificate -- cheating

CertificateRevocationLists ::=  SET OF CertificateList

CRLSequence ::=  SEQUENCE OF CertificateList

Certificates ::=  SEQUENCE OF Certificate

AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE {
   algorithm   ALGORITHM.&id({IOSet}),
   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}

Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
  type    ATTRIBUTE.&id({IOSet}),
  values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}

SignerInfos ::= CHOICE {
    siSet         SET OF SignerInfo,
    siSequence    SEQUENCE OF SignerInfo
}

SignerInfo ::= SEQUENCE {
  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
  issuerAndSerialNumber                  IssuerAndSerialNumber,
  digestAlgorithm DigestAlgorithmIdentifier,
  authenticatedAttributes CHOICE {
        aaSet         [0] IMPLICIT SET OF Attribute {{Authenticated}},
        aaSequence    [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}}
        -- Explicit because easier to compute digest on sequence of attributes and then reuse
        -- encoded sequence in aaSequence.
      } OPTIONAL,
  digestEncryptionAlgorithm                  DigestEncryptionAlgorithmIdentifier,
  encryptedDigest     EncryptedDigest,
  unauthenticatedAttributes CHOICE {
    uaSet         [1] IMPLICIT SET OF Attribute {{Unauthenticated}},
    uaSequence    [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}}
  } OPTIONAL
}

IssuerAndSerialNumber ::= SEQUENCE {
  issuer        Name,
  serialNumber  CertificateSerialNumber
}

DigestEncryptionAlgorithmIdentifier ::=  AlgorithmIdentifier

EncryptedDigest ::= OCTET STRING