fix: Verification of MS countersignatures now takes into account signer info digest and verifies it against digest of content info (timestamp info) #104
The signature of the signed attributes was verified, the digest of countersigned signature was verified but what was missing is the verification that the signed attributes are actually signing the embedded timestamp information. This would allow anyone to take a valid countersignature, replace content info of the signed data with their own timestamp info, recalculate hash against the countersigned signature and it would be verified as OK.
The signature of the signed attributes was verified, the digest of countersigned signature was verified but what was missing is the verification that the signed attributes are actually signing the embedded timestamp information. This would allow anyone to take a valid countersignature, replace content info of the signed data with their own timestamp info, recalculate hash against the countersigned signature and it would be verified as OK.