Checking the 9.5a version I have seen that the authenticatedAttribute
encoding is now ordered, but int the signature verify code I have also read the
following note:
/* Note: when forming the encoding of the attributes we
* shouldn't reorder them or this will break the signature.
* This is done by using the IS_SEQUENCE flag.
*/
I am sure that i am missing something, but why you don't need to sort
attributes while verifying ?
thanks for any answer
Sergio Tabanelli
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: giovedì 14 settembre 2000 10.33
To: [EMAIL PROTECTED]
Subject: Re: signature using openca sign tool
Perhaps this is a problem of old versions of SSLeay and OpenSSL, but some
time ago i found two errors in the pkcs7 stuff, one was the use of
signature
algorithms instead of encryption algorithms in the digestEncAlg field of
pkcs7, and the other one was a wrong signature production due to a wrong
encoding of the authenticatedAttributes SET(in DER encoding SET elements
must be sorted).
I apologize if these bugs are already fixed in new openssl pkcs7 stuff.
Ciao
Sergio Tabanelli
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
