Error signing a message

Thu, 20 May 2004 08:18:51 -0700 

 But, If I use first the PKCS7_sign() function and after that I use
 PKCS7_encrypt(), then how do I obtain after the original data?. That is, I
use PKCS7_decrypt() to obtain the signed message in a bio (out), and after
that I'm doing the next:

     PKCS7 *signed_content=PKCS7_new();
     d2i_PKCS7_bio(out,&signed_content);

 Well, the content of signed_content not  seems  to be the correct, because
If I verify it using PKCS7_verify() then I obtain the next message:
 "error:0D06B08E:asn1 encoding routines:ASN1_d2i_bio:not enough data".

 Another question, how must I obtain  the original data from that PKCS7
signed_content?. Thanks

----- Original Message ----- 
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 18, 2004 5:59 PM
Subject: Re: Error signing a message


> On Tue, May 18, 2004, Antonio Andrés Espallardo wrote:
>
> > Hi everybody. I'm having some problems building a signedAndEnveloped
> > message. I build that message according to the crypto/pkcs7/enc.c, and
it
> > seems well because every procedure I invoke to build the final
> > signedAndEnveloped return a correct value. But I'm having one problem
when I
> > try to obtain the data from that signedAndEnveloped, exactly when I try
the
> > following:
> >
> > ilas=PKCS7_dataVerify(cert_store,&cert_ctx,tmpmem,p7,si);
> >
> > The value returned is <= 0, which means the data couldn't be verified
> > correctly and some error happened when tha data was signed.
> >
> > The process I follow to obtain the original data is based on the
> > crypto/pkcs7/dec.c code. I'm using openssl-0.9.7d, and I tried too with
> > other versions (0.9.7b and 0.9.7a). Some suggest? Thanks
>
> What actual error do you get with ERR_print_errors_fp(stderr)?

 The signed and enveloped type is largely obsolete, it has a number of
 deficiencies such as no signed attributes.

 I don't think that type has ever been tested.

 The stuff in enc.c is ancient.


 The normal way to handle this is to embed an signed message within an
encrypted one. There are high level APIs that support that: see PKCS7_sign()
and PKCS7_encrypt().

 Steve.




______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to