[EMAIL PROTECTED] wrote: > Hello Goetz, > > your hint to bother about apps/dgst.c at first was great. > It took me two days but now im able to create a PEM-message > for a Certificate-Request which works. > My next problem is to create a complete PEM-message > as shown below :
I fear creating a complete PEM message is beyond the OpenSSL command line interface. You will have to do OpenSSL programming. I recommend the following steps: 1. Have a really good look at RFC-1421. (You have to know what the different header fields contain.) 2. Look into apps/dgst.h 3. Look into include/openssl/pem.h and include/openssl/evp.h (And don't let you scare away by the pre processor magic !) Especially I recommend a good look at PEM_SealInit(), -Update() and -Final() A good look at EVP_SealInit() might help... A hint: you build the pubk array by iterating over all certificates and doing X509_get_pubkey(). > -----BEGIN PRIVACY-ENHANCED MESSAGE----- > Proc-Type: 4,ENCRYPTED > Content-Domain: RFC822 > DEK-Info: DES-CBC,<dekinfo> [openssl ??? ...] The iv you get from the _Init() function. > Originator-Certificate: > <my own certificate> > Key-Info: RSA, > <keyinfo 1> [openssl ??? .... ] the ek[idx] entry from the _Init() function. > Issuer-Certificate: > <issuercert> > MIC-Info: RSA-MD5,RSA, > <signature on text with my privatekey> But remember: the signature is encrypted with the same encryption params than the message... > Recipient-ID-Asymmetric: > <asymmid> [openssl ??? .... ] X509_get_issuer_name() -> i2d_X509_NAME() -> Base 64 encoded "," X509_get_serialNumber() -> ASN1_STRING_print() > Key-Info: RSA, > <keyinfo 2> [openssl ??? .... ] the ek[idx] entry from the _Init() function. > > base64( encrypt(<text>) [openssl ??? ...] ) the out params from the PEM_/EVP_SealUpdate() / _SealFinal() function (eventually base64 encoded > -----END PRIVACY-ENHANCED MESSAGE----- > > I've no idea how to fill the gaps which are marked with [openssl ??? ...]. > Can you give me some hints what sequence of commands could fill these gaps? As I said: no commands but called functions. The most important functions are PEM_SealInit() / PEM_SealUpdate() and PEM_SealFinal(). The in them generated data you have to Base64 encode. You only have to know which data you have to put where in the PEM message... Please bear with me, it's 7 years ago I did that... Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
