Re: sMIMEEncryptionKeyPreference

Dr. Stephen Henson Sun, 30 Nov 2003 09:22:08 -0800

On Sun, Nov 30, 2003, Thomas Monjalon wrote:

> >On Fri, Nov 28, 2003, Thomas Monjalon wrote:
> >>
> >>What is the problem if I use the following code ?
> >>What am I using that is not implemented ?
> >>
> >>////// BEGIN //////
> >>/*
> >>SMIMEEncryptionKeyPreference ::= CHOICE {
> >>  issuerAndSerialNumber   [0] IssuerAndSerialNumber,
> >>  receipentKeyId          [1] RecipientKeyIdentifier,
> >>  subjectAltKeyIdentifier [2] SubjectKeyIdentifier
> >>}
> >>*/
> >>// IssuerAndSerialNumber is chosen
> >>
> >>PKCS7_ISSUER_AND_SERIAL issuer_and_serial ;
> >>
> >>X509_NAME_set (& issuer_and_serial->issuer, X509_get_issuer_name 
> >>(myCertificate)) ;
> >>issuer_and_serial->serial = M_ASN1_INTEGER_dup (X509_get_serialNumber 
> >>(x509)) ;
> >>int len = i2d_PKCS7_ISSUER_AND_SERIAL (& issuer_and_serial, NULL) ;
> >>
> >>unsigned char * pp = (unsigned char *) OPENSSL_malloc (len) ;
> >>unsigned char * p = pp ;
> >>i2d_PKCS7_ISSUER_AND_SERIAL (& issuer_and_serial, & p) ;
> >>ASN1_STRING seq = ASN1_STRING_new () ;
> >>ASN1_STRING_set (seq, pp, len) ;
> >>OPENSSL_free (pp) ;
> >>
> >>PKCS7_add_signed_attribute (si, NID_id_smime_aa_encrypKeyPref, 
> >>V_ASN1_SEQUENCE, seq) ;
> >>
> >>////// END //////
> 
> Dr. Stephen Henson wrote:
> 
> >You are using an IssuerAndSerialNumber for the attribute type instead of
> >SMIMEEncryptionKeyPreference. The two are encoded differently. You need an
> >ASN1 module to handle SMIMEEncryptKeyPreference.
> 
> Where could I find documentation about these encoding rules ?
>


What you actually need is a new SMIMEEncryptionKeyPreference structure and an
appropriate piece of ASN1 code. This isn't documented at present but there are
plenty of examples in the existing ASN1 modules.

If you grep for CHOICE it should give you some idea of the required format.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: sMIMEEncryptionKeyPreference

Reply via email to