Standard format for digital signature

Question

I want to make a javascript library for signing messages. I expect the format to be something like...

--- BEGIN SIGNED MESSAGE ---
This is a plain old message
It goes on and on...
--- BEGIN RSA OF SHA1 ---
Base64Stringassfd86asdf870n8
09as8d76fn098==
--- END SIGNED MESSAGE ---

But I don't know the correct format. I could replicate PGP format (I am sure it is not hard to find info on that) but I would prefer to use a standard method if there is one.

Is there a standard format for this kind of signed message?

Answer 1

Cryptographic Message Syntax (a.k.a PKCS #7) is a very commonly used format for signed data. It also supports encryption and authentication of payload contents, so it's a bit of an uber-format. The downside is the complexity of implementation - the specification can be tiresome to trawl through and you have to be comfortable working with ASN.1.

OpenPGP format is likely to be simpler to implement and more readable to the human eye (no ASN.1 to be seen). This might be the best bet for simplicity. Again, you would have the option to add encryption at a later date, if you so desired. However, the specification can be equally infuriating to work with - I've never encountered an RFC that was so... imprecise before.

Answer 2

For sake of completion, W3C XML Signature, it is slightly easier from the syntax and encoding perspective but requires that the final data is in XML.