Hello Goetz, your hint to bother about apps/dgst.c at first was great. It took me two days but now im able to create a PEM-message for a Certificate-Request which works. My next problem is to create a complete PEM-message as shown below : -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 4,ENCRYPTED Content-Domain: RFC822 DEK-Info: DES-CBC,<dekinfo> [openssl ??? ...] Originator-Certificate: <my own certificate> Key-Info: RSA, <keyinfo 1> [openssl ??? .... ] Issuer-Certificate: <issuercert> MIC-Info: RSA-MD5,RSA, <signature on text with my privatekey> Recipient-ID-Asymmetric: <asymmid> [openssl ??? .... ] Key-Info: RSA, <keyinfo 2> [openssl ??? .... ]
base64( encrypt(<text>) [openssl ??? ...] ) -----END PRIVACY-ENHANCED MESSAGE----- I've no idea how to fill the gaps which are marked with [openssl ??? ...]. Can you give me some hints what sequence of commands could fill these gaps? Bye Martin -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Goetz Babin-Ebell Gesendet: Samstag, 3. September 2005 23:59 An: openssl-users@openssl.org Betreff: Re: AW: PRIVACY-ENHANCED MESSAGE RFC 1421, 1422, 1423, 1424 [EMAIL PROTECTED] wrote: > Hello Goetz, Hello Martin, > thank you very much for this information. > My problem is that the german health insurance companies expect PEM mail. > So I have no choice. > It would be very helpful to know how to create Pem mails. As I said: you can do the signing manually, pick the data and create a PEM message around it. I think the best way to start that is to look in apps/dgst.c After you have a basic understanding to that code, building a PEM message is straight forward (but still work)... >From the shell you could call that command, get the signature and tweak it until it fits into the PEM header. (But don't forget to translate the \n to \r\n before signing...) > Otherwise how do I create PKCS#7 mailformat? For a first impression look at openssl smime... > P.S. Meanwhile I'm able to compile and debug openssl. OK that's a first step. My recommendation is to have a look in selected modules in apps/ and try to get a basic feeling whats happening there... >From time to time you should look in the headers and the man pages. (but be warned: in the headers are some black pre processor magics...) >>I'm a newbie to openssl. Here is my question : >>How can I create a "PRIVACY-ENHANCED MESSAGE" according to RFC 1421, >>1422, 1423, 1424 ? > > One can use the basic signing / encrypting functionallity of OpenSSL > to create the signature and build the signed message by hand. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
