Erwann ABALEA wrote:
>
> Hi,
>
> I'm facing a problem I can't manage to solve.
>
> I need to create a structure like this one:
>
> signed PKCS#7 {
> signer certificate
> authenticated attributes
> content: enveloped PKCS#7 {
> recipient certificates
> enc_content: data
> }
> }
>
> I know how to create an enveloped PKCS#7 alone, with data encipherment, I
> know how to create a signed PKCS#7 alone, with data signature, but I don't
> know how to encapsulate an enveloped PKCS#7 inside a signed PKCS#7.
>
> Creating a signedAndEnveloped PKCS#7 is *not* an option, I *must* have
> this encapsulation.
>
[snip]
>
> What is the correct way to do this?
Don't know, yet :-) This isn't something I've ever tried. The relevant
code my not properly handle this construct.
However first thing: is that really what you want to do? The usual
reason for doing this is to generate a "signed and encrypted" S/MIME
message which isn't the above structure at all.
Also this is one of the areas of incompatibility with PKCS#7 and CMS (as
used in S/MIME v3). If want to do the equivalent in CMS its a different
structure but with a more logical layout.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
