2.3.2.4.2 SignerInfo Constraints

The SignerInfo in the SignedData structure (section 2.3.2.4.1) MUST conform to the following constraints:

• The authenticatedAttributes (section 2.3.2.4.4) field MUST be present.

• This field MUST contain the following attributes:

  • A content-type attribute with its value set as specified in [PKCS7] section 9.2.

  • A message-digest attribute with its value set as specified in [PKCS7] section 9.2.

• This field can also contain:

  • One SpcStatementType attribute (section 2.3.2.4.4.1), but this attribute MUST be ignored.

  • One SpcSpOpusInfo attribute (section 2.3.2.4.4.2).

• If the signature has been timestamped, then the unauthenticatedAttributes field (section 2.3.2.4.5) MUST be present and MUST contain a single Countersignature attribute ([PKCS9] section 6.6). If the signature has not been timestamped, the unauthenticatedAttributes field MUST be absent.