Re: PKCS7_add_attribute

[Antonio Ruiz Mart�nez]

Dr. Stephen Henson wrote: On Wed, Sep 15, 2004, Antonio Ruiz Martínez wrote: Thanks for your answer, it has been very useful when I use an octect string but not when but I have got a problem when I'm using a sequence. I think I am not doing something properly because I don't get the desired result. I've tried the following options: 1) ASN1_OCTET_STRING *oct=NULL; oct=ASN1_STRING_new(); ASN1_STRING_set(oct,p7_2,lenp7_2) where p7_2 -> coding in DER of a signed PKCS#7 PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct); i2d_PKC7 ..... This way when I try to decode the result of the coding I get an error, It seems the structure is not correct. However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is an octet string that contains a DER coded PKCS7 but I would like that the attribute was directly the PKCS7 2) p7_2=d2i_PKCS7(NULL,&tsp,lenTSP); PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2); i2d_PKC7 ..... This way I can decode the encoded PKCS7 but the PKCS7 is not inserted properly as an attribute. How can I solve the problem? Could you help me another time, please? What errors are you getting and what makes you think it isn't inserted properly as an attribute? Thanks for your comments!!! I'm using the first solution 1), as you told me, that is...     oct=ASN1_STRING_new();     if  (!ASN1_STRING_set(oct,pkcs7inDER,lenPKCS7inDER)) {         lReturn=-50;         goto err;     }     p7=PKCS7_new();     if (p7==NULL) {         lReturn=-20;         goto err;     } ......        si=sk_PKCS7_SIGNER_INFO_value(p7->d.sign->signer_info,0);     if (si==NULL) {         lReturn=-4;         goto err;     }     PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(char *)oct); And I'm getting a file that attach you. This file I can't decode it. How are you trying to decode it. d2i_PKCS7... The technique I described is precisely that used to encode and decode the S/MIME capabilities attribute. See crypto/pkcs7/pk7_attr.c which I also wrote BTW :-) I've been looking at that code... And I'm doing the same, I think... Have you got any idea? Regards, Antonio.

test.der
Description: application/x509-ca-cert