Rodney Thayer wrote: > > > Anyway, these S/MIME vendors seem to all think something called > a '.p7c' file is the way to store certs and such. It appears to > be a PKCS-7 Data object (i.e. not encrypted, not signed, just > enveloped). I'm not entirely sure of that as I haven't gotten > openssl to produce one that's equivalent. > A .p7c file is usually a degenerate DER encoded PKCS#7 signed data form. It contains just some certificates and no content or signers. It is used as a means of carrying certificates. Anyway to produce one you need to get the necessary certificates in PEM form and concatenate them together into a file. Netscape for example wants the end user certificate first but usually the order isn't too important [Netscape is a bit naughty in this regard]. Anyway you can then create the necessary file with: openssl crl2pkcs7 -nocrl -certfile certs.pem -outform DER -out file.p7c If you want to pull one of these apart and get at the certificates then: openssl pkcs7 -inform DER -in file.p7c -print_certs -out certs.pem should do the job. Steve. -- Dr Stephen N. Henson. UK based freelance Cryptographic Consultant. For info see homepage at http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED] NOTE NEW (13/12/98) PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
