Metadata for digital signature

0
votes

Is possible to append to PKCS #7 or other formats of digital signature data that should not be signed? For example, I have a signature of the invoice document and I want to append some metadata, such as email or user after signing, after signing.

1
cryptographydigital-signaturepkcs#7
Not that I'm aware, but there's nothing stopping you from making a composite structure where the first part is the metadata you are referring to and the second part is the PKCS7 part. - President James K. Polk

1 Answers

1
votes

Yes it is possible. Look for unsigned attributes as a keyword, e.g. in https://www.rfc-editor.org/rfc/rfc3852#section-11.4. This is used to add counter signatures, timestamps, validation data and other stuff in various signature formats. These attributes are not included in hash calculation and can therefore be added and changed after signature creation.