On Thursday 24 July 2003 08:18 pm, Dr. Stephen Henson wrote: > > I wrote a VC++ application that calls CryptSignMessage() to sign a > > message. The result is a signed encoded blob. MSDN library says, > > "Currently only PKCS_7_ASN_ENCODING is supported". It looks like this > > encoded blob is encoded in PKCS#7 or S/MIME. Does anybody know, using > > OpenSSL, how to parse it into a PKCS7 object? > > Its PKCS#7 signedData. You can use the smime utility with -inform DER or > programatically d2i_PKCS7().
That works well. Thanks! Then, how do I verify the signature in the blob? I checked crypto/pkcs7/verify.c, and tried to use it directly ./verify -p blob It returned 3 verify errors and caused core dump: depth=0 /DC=.../DC=.../C=US/O=.../CN=.../emailAddress=... verify erro:num=20:unable to get local issuer certificate verify return:1 depth=0 /DC=.../DC=.../C=US/O=.../CN=.../emailAddress=... verify error:num=27:certificate not trusted verify return:1 depth=0 /DC=.../DC=.../C=US/O=.../CN=.../emailAddress=... verify error:num=21:unable to verify the first certificate verify return:1 signer info Segmentation fault (core dumped) The certificate contained in the blob is self-signed, is that the problem? Is there any way to bypass the certificate verify process, but pull out the public key from the certificate and verify the signature directly? thanks! -- Meiyuan Zhao ---------------------------------------------- [EMAIL PROTECTED] http://www.cs.dartmouth.edu/~zhaom ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
