@peculiar/x509 is an easy to use TypeScript/Javascript library based on @peculiar/asn1-schema that makes generating X.509 Certificates and Certificate Requests as well as validating certificate chains easy
In the certs-only CMS Signed Data structure exported by the X509Certificates class, the eContentType field is left as the default of an empty OID. However, the CMS RFC 5652 section 5.2 states:
In the degenerate case where there are no signers, the EncapsulatedContentInfo value being "signed" is irrelevant. In this case, the content type within the EncapsulatedContentInfo value being "signed" MUST be id-data (as defined in Section 4), and the content field of the EncapsulatedContentInfo value MUST be omitted.
In particular, the OpenSSL pkcs7 command complains about the empty OID and considers the data malformed:
Setting the eContentType field to id_data allows OpenSSL to parse the structure and complies with the standard. I can open a PR with this change for your review.
In the certs-only CMS Signed Data structure exported by the X509Certificates class, the eContentType field is left as the default of an empty OID. However, the CMS RFC 5652 section 5.2 states:
In particular, the OpenSSL pkcs7 command complains about the empty OID and considers the data malformed:
Setting the eContentType field to id_data allows OpenSSL to parse the structure and complies with the standard. I can open a PR with this change for your review.