On Fri, Apr 23, 2004, Antonio Ruiz Martínez wrote: > Hello! > > I'm trying to add a new signer to a PKCS#7 that I receive from > another person. In first term, I'm decoding the PKCS#7 and then I'm > trying to using my private key and my cert to sign the content of this > PKCS#7 and insert my signature in this PKCS#7 in order to get the PKCS#7 > with the two signatures. The problem is that, when I'm verifying the > PKCS#7 obtained, with this code, the first signature is invalid and the > second one is valid (the first signature's signer). > > I have parsed the result and I think the problem is the length of the > signature is 0. >
There isn't any way to do this cleanly with the current API. Ideally adding a new signer should take the digest from the existing signer and add it to the new signer data however this isn't supported at present. The best you can do is to create a new PKCS#7 structure by signing the same content then merge the two manually by modifying the PKCS7 structure internals. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
