|
Hello All, I
have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in
PKCS#7 format. After creating signed data, I am
passing the data to the function “Verify_CMS()” (This function is
not listed below, part of _javascript_) to verify. But this function is
returning “Incorrect CMS” error. Is
there any mistake in the following piece of code in creating signed data in
PKCS#7 format? Any
comment on this will help me greatly. Thanking you… PBYTE PKI_SignData (PBYTE
pbByteArraytoAuthenticate, unsigned int uiByteArraytoAuthenticate_len,
int ioptions, char* pcCertName) { unsigned
char* pcTempAuthData = NULL; unsigned
short usDataLength = 0; X509
*pSignerCert = NULL; EVP_PKEY
*pkey = NULL; BIO
*InputData = NULL; if
(pbByteArraytoAuthenticate == NULL) return
0; /*
check options parameters and validate the platform support */ if
( (ioptions & 1) && (bSupportingOpaqueSignatures == false) ) { g_pkiReasonCode
= CMS_NO_OPAQUE_SIGNATURES; return
0; }
if
( (!(ioptions & 1)) && (bSupportingDitachedSignatures == false) ) { g_pkiReasonCode
= CMS_NO_DETACH_SIGNATURE; return
0; } if
( (ioptions & 2) && (bStoringCertificate == false) ) { g_pkiReasonCode
= CMS_NO_CERTIFICATE; return
0; } pSignerCert
= GetCertifcateByCertName(pcCertName); // get certificate from Cert store if(!pSignerCert) { g_pkiReasonCode
= CMS_NO_CERTIFICATE; return
0; } pkey
= GetRSAPrivateKeyByCertName(pcCertName); // gets corresponding private
key if(!pkey) { g_pkiReasonCode
= CMS_NO_CERTIFICATE; return
0; } InputData =
GetBIOBydata((char*)pbByteArraytoAuthenticate, uiByteArraytoAuthenticate_len); //
converts array of data to bio, since PKCS7_sign takes data in //bio
format if(!InputData)
{ g_pkiReasonCode
= CMS_FAILURE; return
0; } EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); EVP_add_digest(EVP_dss1()); EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); pkcs7
= PKCS7_sign (pSignerCert, pkey, NULL, InputData, options); // here options = 0 usDataLength
= ASN1_item_i2d(pkcs7, &pcTempAuthData,ASN1_ITEM_rptr(PKCS7)); if
(!usDataLength) { g_pkiReasonCode
= CMS_FAILURE; return
0; }
Return
pcTempAuthData;
} Thanks, Madhu ##################################################################### This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. ##################################################################### |
