DigestedData and AuthenticatedData

DigestedData

DigestedData implements RFC 5652 §7 — hash-protected content.

class DigestedData:
    @staticmethod
    def from_der(data: bytes) -> DigestedData: ...
    def to_der(self) -> bytes: ...

    version: int
    digest_algorithm_oid: ObjectIdentifier
    digest_algorithm_params: bytes | None
    encap_content_type: ObjectIdentifier
    encap_content: bytes | None
    digest: bytes

Usage

from synta.cms import DigestedData

dd = DigestedData.from_der(data)
print(f"digest algorithm: {dd.digest_algorithm_oid}")
print(f"digest: {dd.digest.hex()}")
if dd.encap_content:
    content = dd.encap_content  # raw content bytes

AuthenticatedData

AuthenticatedData implements RFC 5652 §9 — MAC-authenticated content.

class AuthenticatedData:
    @staticmethod
    def from_der(data: bytes) -> AuthenticatedData: ...
    def to_der(self) -> bytes: ...

    version: int
    originator_info: bytes | None
    recipient_infos: bytes                    # raw RecipientInfos SET bytes
    mac_algorithm_oid: ObjectIdentifier
    mac_algorithm_params: bytes | None
    digest_algorithm_oid: ObjectIdentifier | None
    digest_algorithm_params: bytes | None
    encap_content_type: ObjectIdentifier
    encap_content: bytes | None
    mac: bytes

    auth_attrs: bytes | None
    # Raw [2] IMPLICIT bytes.  Replace the leading tag byte with 0x31 before MAC
    # verification (same substitution as SignerInfo.signed_attrs).

    unauth_attrs: bytes | None

Usage

from synta.cms import AuthenticatedData

ad = AuthenticatedData.from_der(data)
print(f"mac algorithm: {ad.mac_algorithm_oid}")
print(f"mac: {ad.mac.hex()}")

if ad.auth_attrs:
    # Replace IMPLICIT [2] tag with SET tag 0x31 for MAC computation
    import synta
    attrs_set = b'\x31' + ad.auth_attrs[1:]
    dec = synta.Decoder(attrs_set, synta.Encoding.DER)
    # decode attributes ...

See also CMS Overview for the complete list of content types.