PKI.js is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins.
1) I have all the certificates in a SignedData structure except for the root CA's one. At the same time one of intermediate CA's certificates is trusted so that I seem don't need to have a root:
Can I use SignedData.verify() to verify the chain (without having root)? The root is the "Microsoft Code Verification Root" which I'm not able to find.
UPD:
2) I've also noticed that there seems no difference between:
putting additional certificates to SignedData.certificates (say, after downloading them from InfoAccess unsecure HTTP (not HTTPS) URIs)
providing them in trustedCerts property of SignedDataVerifyParams
But as far as I understand there should be the significant difference between them:
in the first case we don't care if the certificates are forged -- this will be revealed during the verification procedure. We just provide here the absent certificates to build the chain from the signer up to the trusted certificate
in the second case we provide trusted certificates which we downloaded from trusted places like Microsoft or DigiCert website. We take the responsibility that the certificates are not forged.
Hi guys!
1) I have all the certificates in a SignedData structure except for the root CA's one. At the same time one of intermediate CA's certificates is trusted so that I seem don't need to have a root:
signer -> intermediate1 -> intermediate2 (trusted) -> root (absent)Can I use SignedData.verify() to verify the chain (without having root)? The root is the "Microsoft Code Verification Root" which I'm not able to find.
UPD: 2) I've also noticed that there seems no difference between:
But as far as I understand there should be the significant difference between them:
Thank you!