On Wed, Dec 31, 2003, Christian Weber wrote: > Dear OpenSSL user, > > does anybody have a hint how to add a signed attribute during signing > with smime? Further: which OID should be taken to add a attribute like > "siged on behalf of..." or "representing (a function)". >
You need to use the low level S/MIME API for this, check the source to PKCS7_sign() which already adds some signed attributes (for S/MIME capabilities). You can use whatever OID you like because this is non standard, it should however be from an OID tree you have access to rather than a made up OID. Just don't expect any other software to recognize it. Of course you shouldn't expect the attribute to mean anything much. Anyone who known the OID could add whatever string they want: i.e. it wont in any secure way say that someone is really authorized to sign on behalf of someone else. > In which order should that OID be added to the other signed attirbutes > (like signing time). > Any order, the ASN1 encoder will sort it out. > In which way should the api be used to extract signed attributes from > verfication process or during signing for visualization? > Using smime (source), are the singed attributes in the p7 structure? > How may we extraxt e.g. the signing time or the other signed attributes > as mentioned above? > The attributes are in the PKCS7 structure specifically in the PKCS7_SIGNER_INFO structure. You can use PKCS7_get_signed_attribute() to retrieve them. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
