Marco Donati wrote: > > Something strange happens if I build a multi signature PKCS7. > > If I add a wrong signature (certificate and key not alligned), when i try to > verify the wrong signature is the LAST. > > e.g.: > > sign with cert 1, key 1 > sign with cert A, key B (wrong signature) > sign with cert 2, key 2 > sign with cert 3, key 3 > ... > > (every signature is added to the PKCS7 using the PKCS7_add_signature > function, the signer certificate is added using the > PKCS7_add_certificate function) > > in verify operation, the sequence is: > > 1,1 verified > 2,2 verified > 3,3 verified > A,B not verified. > The signatures are encoded as an ASN1 SET OF SignerInfo. As such they may not retain the original order after encoding and decoding. They are sorted into lexical order when encoded and this may well reorder them. The behaviour you observe is probably just pure luck. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
