If there are images in this attachment, they will not be displayed.  Download the original attachment
Page 1
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
1
Chunk Registration Request
for Enabling the PNG Standard
to Support Digital Signatures
Commented Example
Thomas Kopp / Dialogika GmbH
This document outlines a detailed example for the dSIG chunk request (version 1.3).
The optional yet important PNG digital signature feature can be applied to various use
cases, e.g. for cleaning web pages that may contain dangerous PNGs hiding malicious
scripts attached by intruders.
The example has been elaborated and commented by Martin Boßlet who also provided a
proof of concept for signing and verifying PNG images.
The following PNG image has been used for attaching a digital signature.
Page 2
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
2
89504E470D0A1A0A # PNG 8-byte signature (not included in the message digest)
0000000D # IHDR: length 13
49484452 # IHDR
000001A40000012C0806000000 # IHDR data
8CAFC780 # IHDR CRC
00000021 # dSIG: length 33 (introductory dSIG chunk)
64534947 # dSIG
301F
020101
310B
3009
06052B0E03021A
0500
300B
06092A864886F70D010701
3100 # dSIG data
<<
The data is the DER encoding of the following ASN.1 structure:
SEQUENCE {
INTEGER 1
Page 3
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
3
SET {
SEQUENCE {
OBJECT IDENTIFIER 1.3.14.3.2.26
NULL
}
}
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.7.1
}
SET {
}
}
The structure represents a signed data instance specified in RFC 3852:
SignedData ::= SEQUENCE {
version CMSVersion,
digestAlgorithms DigestAlgorithmIdentifiers,
encapContentInfo EncapsulatedContentInfo,
certificates [0] IMPLICIT CertificateSet OPTIONAL,
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos
}
The following particularities can be observed:
The version is 1.
The digest algorithms structure contains the SHA-1 identifier.
The encapsulated content is empty and specified by the id data object identifier.
Certificates and CRLs are omitted.
The structure contains an empty set of signer infos.
The introductory dSIG chunk serves for the sole purpose to inform a verifier about
the digest algorithms used in order to support streamed processing.
>>
FF5690A9 # dSIG CRC
Page 4
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
4
00000001 # sRGB: length 1
73524742 # sRGB
00 # sRGB data
AECE1CE9 # sRGB CRC
00000006 # bKGD: length 6
624B4744 # bKGD
00F600C2000E # bKGD data
4BA471AB # bKGD CRC
00000009 # pHYs: length 9
70485973 # pHYs
00000B1300000B1301 # pHYs data
009A9C18 # pHYs CRC
00000007 # tIME: length 7
74494D45 # tIME
07D8040F0A0110 # tIME data
96612687 # tIME CRC
00000019 # tEXt: length 25
74455874 # tEXt
436F6D6D656E74004372656174656420776974682047494D50 # tEXt data (origin: GIMP)
57810E17 # tEXt CRC
00002000 # IDAT: length 8192
49444154 # IDAT:
[Omitted 10 IDAT chunks of 8192 bytes each, followed by a final one of 3172
bytes.]
D2B26128 # last IDAT CRC
00000654 # dSIG: length 1620
64534947 # dSIG
30820650
020101
3100
300B
06092A864886F70D010701
A0820547
30820543
3082042B
Page 5
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
5
A003
020102
02020A4F
300D
06092A864886F70D010105
0500
3045
310B
3009
0603550406
13024C55
3115
3013
060355040A
130C4C7578547275737420732E61
311F
301D
0603550403
13164C75785472757374204E6F726D616C69736564204341
301E
170D3037303532313133303031345A
170D3130303532313133303031345A
30820100
310B
3009
0603550406
13024445
3110
300E
0603550407
13074765726D616E79
3117
3015
060355040A
130E4469616C6F67696B6120476D6248
3115
3013
060355040B
130C485242204E722E2037333437
311D
301B
0603550403
13144D617274696E20506574657220426F73736C6574
3110
300E
0603550404
1307426F73736C6574
3115
3013
060355042A
130C4D617274696E205065746572
311D
301B
0603550405
Page 6
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
6
13143130313030333832343830303030323130393830
312A
3028
06092A864886F70D010901
161B6D617274696E2E626F73736C6574406469616C6F67696B612E6465
311C
301A
060355040C
131350726F66657373696F6E616C20506572736F6E
30819F
300D
06092A864886F70D010101
0500
03818D
0030818902818100A5318FD0FBF26C6A2377B4488D5FCF52282B2B25AAC6A0003FD3BC8B
0377804F8DEC8394D54469DA6417F0E274852FAB422B0A6B2E94FFF9A3F170FB8947FCF2
5E2C5E1FDB74EC2F8C9C862C4F52BC33CA34F4825512BC6D32798D33D12950A6F678EA40
46F007317104C5661AB838E0939AD9D84647E377DFDDC6B5936A9BF50203010001
A3820202
308201FE
300C
0603551D13
0101FF
04023000
3060
06082B06010505070101
04543052302306082B060105050730018617687474703A2F2F6F6373702E6C7578747275
73742E6C75302B06082B06010505073002861F687474703A2F2F63612E6C757874727573
742E6C752F4C544E43412E637274
3082010A
0603551D20
048201013081FE3008060604008F7A01023081F106072B812B010201013081E53081B706
082B060105050702023081AA1A81A74C75785472757374204E6F726D616C697365642043
65727469666963617465206F6E20535343442E2055736167653A20456C656374726F6E69
63205369676E617475726520284F494420312E332E3137312E312E322E312E3129204175
7468656E7469636174696F6E2020616E6420456E6372797074696F6E20284F4944312E33
2E3137312E312E322E312E32292E204B65792047656E65726174696F6E20627920435350
2E20302906082B06010505070201161D687474703A2F2F7265706F7369746F72792E6C75
7874727573742E6C75
300B
0603551D0F
0404030204B0
301F
0603551D23
041830168014CEFE469D632F89FDF2381625D8F16CDE47F8CEC1
3031
0603551D1F
042A30283026A024A0228620687474703A2F2F63726C2E6C757874727573742E6C752F4C
544E43412E63726C
301D
0603551D0E
041604149B93CC4AA2F18692880D41AB02D3C6BBDD362452
300D
06092A864886F70D010105
0500
Page 7
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
7
03820101
00B76BE507F770E0D3018178BFA2AD55B4FF455FDB58258C7B65305E2220D8E8B723A8AA
F7F57A9369387938F22A8AEC22EA9946F2E5F1C5DD60F447A98407F6508457A42EE203D3
68DEF26520E52B8BE52475630ED605E187B78494DF8A92AC14527A5390B2E05481E58726
9B3C02DB308179A9947663CC7BBECF1FCC8FCEE95DC76A88C9FB082F1F1627E8DB5C0CC4
5411FD08D79F9EC7D949D5A94096B352F84719533F1442DAEE9BC55386C33BC56455852D
087282FC1443D225C763DB1C800EC777D3907C55797199212165FBBA7ADA01B192D1BF3D
45E5A073F80652760AEBF772D81764A7622956F4D1942BD36CBF98EDF8EC096427C098DA
087D4ED232
3181F0
3081ED
020101
304B
3045
310B
3009
0603550406
13024C55
3115
3013
060355040A
130C4C7578547275737420732E61
311F
301D
0603550403
13164C75785472757374204E6F726D616C69736564204341
02020A4F
3009
06052B0E03021A
0500
300D
06092A864886F70D010101
0500
048180
93B2F085AF3806A86EE61094C2168990BD1C7205B4E7469209324A76E3D47B0D8E80A446
D363A2B3850AEA41C5C1D6F2A5E064496E122E5248D060C4FE38B0C7C9AE6DCE54E813C4
09C5324793A7139E162B2ABFEBBB0DC9E0B65E5C802163B1971762C9D60A9CC1CB2AF477
55B91D35A49248ECF1171521CD39043E2062ADEE
# dSIG data
<<
The terminating dSIG chunk again is a DER-encoded signed data instance:
SEQUENCE {
INTEGER 1
SET {
}
Page 8
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
8
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.7.1
}
[0] {
SEQUENCE {
SEQUENCE {
[0] {
INTEGER 2
}
INTEGER 2639
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.1.5
NULL
}
SEQUENCE {
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.6
PrintableString LU
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.10
PrintableString LuxTrust s.a
}
Page 9
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
9
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.3
PrintableString LuxTrust Normalised CA
}
}
}
SEQUENCE {
UTCTime Mon May 21 15:00:14 CEST 2007
UTCTime Fri May 21 15:00:14 CEST 2010
}
SEQUENCE {
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.6
PrintableString DE
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.7
PrintableString Germany
}
}
SET {
Page 10
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
10
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.10
PrintableString Dialogika GmbH
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.11
PrintableString HRB Nr. 7347
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.3
PrintableString Martin Peter Bosslet
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.4
PrintableString Bosslet
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.42
Page 11
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
11
PrintableString Martin Peter
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.5
PrintableString 10100382480000210980
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.9.1
IA5String martin.bosslet@dialogika.de
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.12
PrintableString Professional Person
}
}
}
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
NULL null
Page 12
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
12
}
BIT STRING {2, 3, 8, 15, 16, 20, 23, 30, 32, 39, 40, 47, 56, 58, 61, 63, 66,
67, 71, 72, 76, 77, 78, 79, 80, 81, 83, 88, 89, 90, 91, 92, 94, 95, 96, 97, 98, 99, 102, 105,
106, 108, 109, 113, 114, 116, 118, 122, 126, 127, 129, 130, 131, 133, 134, 135, 136, 138,
139, 141, 145, 148, 152, 156, 157, 159, 161, 163, 164, 165, 166, 167, 168, 169, 172, 173,
174, 175, 177, 179, 182, 186, 188, 194, 196, 198, 199, 202, 204, 206, 207, 210, 213, 215,
216, 218, 220, 222, 224, 225, 229, 230, 232, 234, 250, 251, 252, 253, 254, 255, 256, 257,
259, 262, 263, 264, 266, 267, 268, 269, 272, 276, 278, 279, 286, 287, 289, 290, 291, 293,
294, 295, 296, 305, 308, 309, 310, 311, 312, 316, 317, 319, 320, 321, 322, 324, 325, 328,
334, 335, 336, 339, 341, 344, 345, 347, 349, 351, 353, 357, 361, 362, 364, 367, 368, 369,
371, 372, 374, 377, 378, 381, 387, 389, 390, 391, 392, 393, 394, 395, 400, 401, 402, 406,
409, 410, 411, 413, 416, 421, 423, 426, 428, 429, 430, 431, 432, 434, 436, 438, 439, 441,
446, 450, 452, 454, 455, 460, 462, 465, 466, 468, 470, 471, 474, 476, 477, 478, 480, 483,
485, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 503, 504, 506, 510,
511, 512, 513, 514, 515, 519, 521, 522, 523, 528, 529, 530, 531, 532, 534, 535, 536, 540,
543, 545, 549, 550, 551, 552, 553, 554, 555, 556, 557, 560, 561, 562, 563, 566, 569, 571,
572, 573, 574, 578, 580, 581, 585, 587, 588, 589, 590, 595, 596, 597, 598, 599, 600, 601,
603, 604, 606, 607, 609, 610, 611, 613, 616, 617, 618, 620, 621, 626, 628, 629, 630, 631,
632, 636, 637, 640, 643, 644, 645, 648, 653, 654, 658, 660, 661, 665, 668, 669, 670, 671,
673, 675, 678, 680, 682, 683, 684, 685, 690, 691, 694, 695, 696, 697, 700, 702, 706, 707,
709, 712, 713, 714, 715, 717, 720, 726, 729, 731, 733, 735, 739, 742, 744, 746, 747, 748,
749, 753, 754, 756, 757, 759, 762, 763, 766, 769, 770, 771, 772, 775, 776, 780, 781, 783,
786, 787, 790, 791, 792, 793, 795, 799, 802, 804, 807, 809, 811, 816, 818, 821, 822, 824,
825, 826, 827, 829, 830, 833, 834, 835, 836, 840, 841, 842, 844, 846, 849, 857, 861, 862,
864, 865, 866, 867, 877, 878, 879, 882, 883, 887, 889, 890, 891, 895, 901, 904, 905, 909,
911, 913, 914, 917, 918, 923, 924, 926, 928, 930, 931, 932, 938, 939, 940, 944, 945, 946,
952, 955, 958, 959, 960, 963, 964, 966, 968, 969, 971, 972, 975, 976, 977, 979, 980, 985,
989, 990, 993, 997, 998, 999, 1000, 1001, 1002, 1006, 1007, 1009, 1010, 1011, 1013,
1014, 1015, 1016, 1017, 1019, 1020, 1021, 1022, 1023, 1024, 1025, 1027, 1028, 1029,
1031, 1032, 1033, 1037, 1038, 1040, 1042, 1043, 1045, 1047, 1048, 1051, 1054, 1055,
1057, 1058, 1060, 1062, 1064, 1067, 1068, 1070, 1071, 1072, 1073, 1074, 1075, 1077,
1079, 1086, 1094, 1095, 1103, 1119}
}
[3] {
SEQUENCE {
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.19
BOOLEAN true
Page 13
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
13
OCTET STRING 30 00
}
SEQUENCE {
OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
OCTET STRING { 30 52 30 23 06 08 2B 06 01 05 05 07 30 01 86 17
68 74 74 70 3A 2F 2F 6F 63 73 70 2E 6C 75 78 74 72 75 73 74 2E 6C 75 30 2B 06 08
2B 06 01 05 05 07 30 02 86 1F 68 74 74 70 3A 2F 2F 63 61 2E 6C 75 78 74 72 75 73 74
2E 6C 75 2F 4C 54 4E 43 41 2E 63 72 74
}
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.32
OCTET STRING { 30 81 FE 30 08 06 06 04 00 8F 7A 01 02 30 81
F1 06 07 2B 81 2B 01 02 01 01 30 81 E5 30 81 B7 06 08 2B 06 01 05 05 07 02 02 30 81
AA 1A 81 A7 4C 75 78 54 72 75 73 74 20 4E 6F 72 6D 61 6C 69 73 65 64 20 43 65 72
74 69 66 69 63 61 74 65 20 6F 6E 20 53 53 43 44 2E 20 55 73 61 67 65 3A 20 45 6C 65
63 74 72 6F 6E 69 63 20 53 69 67 6E 61 74 75 72 65 20 28 4F 49 44 20 31 2E 33 2E 31
37 31 2E 31 2E 32 2E 31 2E 31 29 20 41 75 74 68 65 6E 74 69 63 61 74 69 6F 6E 20 20
61 6E 64 20 45 6E 63 72 79 70 74 69 6F 6E 20 28 4F 49 44 31 2E 33 2E 31 37 31 2E
31 2E 32 2E 31 2E 32 29 2E 20 4B 65 79 20 47 65 6E 65 72 61 74 69 6F 6E 20 62 79
20 43 53 50 2E 20 30 29 06 08 2B 06 01 05 05 07 02 01 16 1D 68 74 74 70 3A 2F 2F 72
65 70 6F 73 69 74 6F 72 79 2E 6C 75 78 74 72 75 73 74 2E 6C 75
}
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.15
OCTET STRING 03 02 04 B0
}
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.35
OCTET STRING { 30 16 80 14 CE FE 46 9D 63 2F 89 FD F2 38
16 25 D8 F1 6C DE 47 F8 CE C1
}
Page 14
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
14
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.31
OCTET STRING { 30 28 30 26 A0 24 A0 22 86 20 68 74 74 70
3A 2F 2F 63 72 6C 2E 6C 75 78 74 72 75 73 74 2E 6C 75 2F 4C 54 4E 43 41 2E 63 72
6C
}
SEQUENCE {
OBJECT IDENTIFIER 2.5.29.14
OCTET STRING 04 14 9B 93 CC 4A A2 F1 86 92 88 0D 41 AB
02 D3 C6 BB DD 36 24 52
}
}
}
}
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.1.5
NULL null
}
BIT STRING {0, 2, 3, 5, 6, 7, 9, 10, 12, 14, 15, 16, 17, 18, 21, 23, 29, 30, 31, 32,
33, 34, 35, 37, 38, 39, 41, 42, 43, 48, 49, 50, 56, 57, 59, 62, 63, 71, 72, 79, 81, 82, 83, 84,
88, 90, 91, 92, 93, 94, 95, 96, 98, 102, 104, 106, 108, 109, 111, 113, 115, 117, 119, 120,
122, 123, 125, 128, 129, 130, 131, 132, 133, 134, 135, 137, 141, 143, 145, 147, 148, 149,
150, 151, 152, 153, 155, 156, 158, 159, 161, 163, 164, 170, 173, 175, 176, 180, 181, 185,
186, 187, 188, 190, 191, 193, 194, 197, 199, 202, 203, 209, 211, 212, 213, 214, 218, 222,
226, 232, 233, 235, 236, 240, 241, 242, 244, 248, 250, 251, 253, 254, 255, 258, 262, 263,
264, 266, 268, 272, 274, 276, 278, 280, 281, 282, 283, 285, 286, 287, 288, 289, 290, 291,
293, 295, 297, 298, 299, 300, 302, 304, 307, 310, 311, 313, 314, 316, 319, 322, 323, 324,
329, 330, 331, 332, 335, 338, 339, 340, 344, 345, 346, 347, 350, 354, 356, 358, 360, 364,
366, 368, 369, 370, 372, 373, 378, 382, 384, 385, 386, 388, 390, 392, 395, 396, 399, 401,
405, 406, 408, 409, 410, 411, 414, 416, 417, 418, 421, 423, 424, 425, 426, 427, 431, 432,
433, 437, 439, 440, 441, 443, 444, 445, 447, 449, 450, 456, 457, 458, 459, 461, 465, 469,
470, 471, 472, 474, 476, 479, 480, 485, 493, 494, 495, 496, 497, 498, 499, 501, 502, 505,
507, 512, 517, 521, 523, 525, 526, 527, 528, 530, 533, 538, 540, 541, 542, 544, 545, 546,
Page 15
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
15
550, 558, 559, 560, 561, 563, 566, 567, 569, 570, 572, 576, 577, 579, 580, 581, 582, 584,
585, 586, 587, 590, 593, 594, 597, 599, 602, 608, 609, 610, 613, 615, 618, 620, 622, 623,
624, 628, 630, 631, 632, 633, 634, 637, 639, 642, 645, 649, 650, 651, 653, 655, 657, 658,
662, 663, 668, 669, 670, 672, 673, 675, 677, 678, 685, 687, 688, 689, 690, 695, 696, 701,
702, 703, 704, 706, 707, 709, 710, 711, 712, 717, 720, 723, 725, 728, 729, 731, 732, 733,
734, 735, 736, 740, 742, 744, 747, 750, 752, 754, 756, 757, 763, 765, 769, 771, 774, 777,
778, 779, 780, 782, 785, 787, 790, 791, 792, 795, 800, 802, 803, 806, 808, 809, 810, 817,
819, 821, 824, 831, 832, 833, 834, 837, 839, 840, 845, 846, 847, 850, 853, 854, 856, 859,
860, 862, 863, 866, 867, 868, 869, 878, 880, 881, 883, 884, 886, 887, 890, 891, 896, 903,
905, 906, 907, 908, 911, 912, 914, 916, 919, 920, 923, 925, 929, 930, 931, 933, 934, 937,
938, 942, 943, 944, 945, 948, 949, 953, 954, 955, 956, 958, 959, 960, 962, 963, 964, 965,
966, 968, 969, 972, 973, 974, 975, 979, 980, 981, 982, 983, 984, 985, 988, 989, 992, 996,
997, 998, 999, 1000, 1001, 1004, 1005, 1006, 1008, 1009, 1010, 1012, 1015, 1017, 1019,
1020, 1021, 1023, 1024, 1025, 1029, 1030, 1031, 1033, 1034, 1036, 1038, 1040, 1044,
1048, 1049, 1052, 1055, 1056, 1057, 1058, 1059, 1060, 1062, 1063, 1068, 1074, 1076,
1077, 1078, 1079, 1083, 1084, 1085, 1086, 1087, 1091, 1093, 1094, 1098, 1101, 1102,
1103, 1104, 1105, 1106, 1108, 1112, 1113, 1115, 1116, 1118, 1119, 1121, 1123, 1124,
1125, 1132, 1133, 1136, 1137, 1141, 1145, 1147, 1149, 1155, 1159, 1160, 1161, 1162,
1163, 1164, 1165, 1167, 1172, 1176, 1177, 1179, 1181, 1182, 1183, 1184, 1187, 1188,
1189, 1190, 1191, 1192, 1195, 1196, 1197, 1198, 1200, 1201, 1205, 1206, 1207, 1208,
1209, 1211, 1212, 1215, 1217, 1220, 1223, 1224, 1225, 1227, 1229, 1231, 1232, 1234,
1236, 1239, 1241, 1248, 1251, 1253, 1254, 1256, 1258, 1259, 1262, 1263, 1265, 1267,
1270, 1272, 1273, 1274, 1275, 1276, 1281, 1285, 1286, 1287, 1291, 1292, 1295, 1297,
1299, 1302, 1303, 1306, 1307, 1308, 1309, 1310, 1311, 1315, 1317, 1321, 1326, 1328,
1329, 1331, 1332, 1334, 1336, 1337, 1338, 1340, 1341, 1342, 1344, 1347, 1348, 1350,
1351, 1352, 1353, 1357, 1359, 1361, 1363, 1366, 1367, 1368, 1373, 1374, 1376, 1377,
1382, 1383, 1386, 1387, 1388, 1390, 1391, 1392, 1393, 1397, 1399, 1401, 1402, 1405,
1409, 1411, 1413, 1415, 1416, 1421, 1423, 1426, 1428, 1429, 1431, 1436, 1441, 1442,
1443, 1446, 1448, 1454, 1456, 1457, 1458, 1459, 1460, 1461, 1467, 1469, 1473, 1478,
1479, 1480, 1481, 1483, 1486, 1490, 1493, 1495, 1496, 1497, 1501, 1502, 1503, 1505,
1506, 1510, 1511, 1512, 1513, 1515, 1516, 1518, 1519, 1523, 1524, 1525, 1528, 1540,
1541, 1542, 1544, 1545, 1549, 1550, 1551, 1553, 1554, 1555, 1557, 1558, 1559, 1560,
1561, 1563, 1566, 1567, 1568, 1571, 1577, 1578, 1579, 1580, 1581, 1585, 1587, 1589,
1591, 1593, 1594, 1595, 1596, 1599, 1601, 1602, 1603, 1607, 1608, 1611, 1612, 1615,
1618, 1623, 1626, 1631, 1633, 1634, 1637, 1639, 1640, 1641, 1642, 1643, 1644, 1646,
1647, 1648, 1650, 1651, 1652, 1654, 1657, 1658, 1659, 1660, 1662, 1664, 1665, 1667,
1668, 1670, 1679, 1680, 1682, 1683, 1687, 1688, 1691, 1694, 1696, 1697, 1699, 1703,
1704, 1706, 1707, 1708, 1709, 1710, 1711, 1714, 1715, 1716, 1717, 1719, 1721, 1725,
1727, 1728, 1729, 1730, 1733, 1735, 1736, 1738, 1745, 1746, 1747, 1750, 1751, 1752,
1753, 1754, 1755, 1756, 1765, 1766, 1769, 1771, 1774, 1777, 1778, 1779, 1781, 1782,
1788, 1790, 1792, 1793, 1794, 1796, 1798, 1799, 1800, 1801, 1802, 1803, 1805, 1806,
1807, 1809, 1810, 1811, 1814, 1816, 1817, 1819, 1820, 1827, 1829, 1830, 1831, 1833,
Page 16
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
16
1834, 1837, 1840, 1842, 1845, 1846, 1847, 1849, 1850, 1854, 1858, 1860, 1863, 1865,
1867, 1869, 1870, 1872, 1873, 1874, 1875, 1877, 1880, 1881, 1883, 1887, 1888, 1891,
1893, 1898, 1900, 1902, 1903, 1904, 1905, 1907, 1910, 1911, 1913, 1914, 1916, 1917,
1920, 1922, 1923, 1924, 1925, 1926, 1927, 1928, 1931, 1932, 1936, 1937, 1938, 1940,
1941, 1943, 1944, 1945, 1946, 1947, 1948, 1952, 1953, 1954, 1956, 1957, 1964, 1967,
1969, 1970, 1973, 1978, 1981, 1982, 1983, 1984, 1985, 1992, 1995, 1996, 2000, 2001,
2003, 2004, 2006, 2012, 2017, 2018, 2019, 2020, 2021, 2023, 2025, 2028, 2029, 2030,
2032, 2033, 2035, 2038, 2042, 2043, 2046}
}
}
SET {
SEQUENCE {
INTEGER 1
SEQUENCE {
SEQUENCE {
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.6
PrintableString LU
}
}
SET {
SEQUENCE {
OBJECT IDENTIFIER 2.5.4.10
PrintableString LuxTrust s.a
}
}
SET {
SEQUENCE {
Page 17
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
17
OBJECT IDENTIFIER 2.5.4.3
PrintableString LuxTrust Normalised CA
}
}
}
INTEGER 2639
}
SEQUENCE {
OBJECT IDENTIFIER 1.3.14.3.2.26
NULL null
}
SEQUENCE {
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
NULL null
}
OCTET STRING { 93 B2 F0 85 AF 38 06 A8 6E E6 10 94 C2 16 89 90 BD
1C 72 05 B4 E7 46 92 09 32 4A 76 E3 D4 7B 0D 8E 80 A4 46 D3 63 A2 B3 85 0A EA
41 C5 C1 D6 F2 A5 E0 64 49 6E 12 2E 52 48 D0 60 C4 FE 38 B0 C7 C9 AE 6D CE
54 E8 13 C4 09 C5 32 47 93 A7 13 9E 16 2B 2A BF EB BB 0D C9 E0 B6 5E 5C 80 21
63 B1 97 17 62 C9 D6 0A 9C C1 CB 2A F4 77 55 B9 1D 35 A4 92 48 EC F1 17 15 21
CD 39 04 3E 20 62 AD EE
}
}
}
}
The following particularities can be observed:
The version is 1.
The digest algorithms structure is empty because this information is supplied ex
ante by the introductory chunk.
Page 18
PNG Signature Example
Dialogika GmbH & LuxTrust S.A.
18
The encapsulated content is empty and specified by the id data object identifier.
The certificates section typically contains all certificates required for constructing a
path to a trusted root. However, the signer certificate only is listed here. CRLs are
omitted.
The structure contains the set of signer infos which is the essential part of the dSIG
chunk containing the actual digital signature wrapped as a trailing OCTET
STRING.
The signer info structure conforms to the following general syntax:
SignerInfo ::= SEQUENCE {
version CMSVersion,
sid SignerIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
signatureAlgorithm SignatureAlgorithmIdentifier,
signature SignatureValue,
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL
}
SignerIdentifier ::= CHOICE {
issuerAndSerialNumber IssuerAndSerialNumber,
subjectKeyIdentifier [0] SubjectKeyIdentifier
}
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
Attribute ::= SEQUENCE {
attrType OBJECT IDENTIFIER,
attrValues SET OF AttributeValue
}
AttributeValue ::= ANY
SignatureValue ::= OCTET STRING
The SignedAttrs and UnsignedAttrs are empty. The digest algorithm used is SHA-1
corresponding to the algorithm listed in the introductory chunk, The signature
algorithm used is RSA.
>>
99765417 # dSIG CRC
00000000 # IEND: length 0
49454E44 # IEND
AE426082 # IEND CRC