CMS Sign Data
CMS Sign Data generates a CMS / PKCS#7 digital signature for the provided input text.
The step signs the data using a certificate and private key and outputs the encoded CMS signature.
It supports both attached and detached signatures.
Parameters
PRIVATE_KEY
Private key in PEM format used for signing.
Example:
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqh... -----END PRIVATE KEY-----
Required
CERTIFICATE
X.509 certificate in PEM format corresponding to the private key.
Example:
-----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgI... -----END CERTIFICATE-----
Required
TEXT_ENCODING
Encoding used to convert input text into bytes before signing.
Supported values:
- ascii
- utf8
- unicode
- base64
Default: ascii
SIGNATURE_ENCODING
Encoding used to convert CMS signature bytes into string output.
Supported values:
- base64 (recommended)
- hex
Default: base64
CMS_DETACHED
Specifies whether the signature should be detached.
- true → Detached signature (data not embedded)
- false → Attached signature (data embedded inside CMS)
Default: false
CMS_INCLUDE_OPTION
Specifies which certificates to include in the CMS signature.
Supported values:
- none
- endcertonly
- excludeRoot
- wholeChain
Default: endcertonly
TEXT_PARAM
Message parameter name that contains the input text to be signed.
Default: TEXT
SIGNATURE_PARAM
Message parameter name that receives the generated CMS signature.
Direction: Out
Default: SIGNATURE
Execution Context Behavior
- Reads text from TEXT_PARAM.
- Converts the text into bytes using TEXT_ENCODING.
- Loads the private key and certificate.
- Creates a CMS (PKCS#7) signature using the certificate and private key.
- Applies the configured CMS_INCLUDE_OPTION.
- Generates either attached or detached signature based on CMS_DETACHED.
- Encodes the CMS signature using SIGNATURE_ENCODING.
- Writes the result to SIGNATURE_PARAM.
Example Configuration
| Parameter | Value |
|---|---|
| PRIVATE_KEY | -----BEGIN PRIVATE KEY-----... |
| CERTIFICATE | -----BEGIN CERTIFICATE-----... |
| TEXT_ENCODING | ascii |
| SIGNATURE_ENCODING | base64 |
| CMS_DETACHED | false |
| CMS_INCLUDE_OPTION | endcertonly |
| TEXT_PARAM | TEXT |
| SIGNATURE_PARAM | SIGNATURE |
Example Result
SIGNATURE = [base64 cms signature]