On Tue, Jan 17, 2006, Bernhard Froehlich wrote: > [EMAIL PROTECTED] wrote: > > > > >Hi! > > > >I need to convert PKCS#7 attached signatures to PKCS#7 detached > >signatures. > > > >Is it possibly? Is there any example? > > > >Thanks anyway! > > I don't think doing this is possible using the openssl utilitoies, but > it might be done using the ASN1 APIs. Maybe you should have a look at > the asn1parse utility (apps/asn1pars.c) as a staring point. > >
It is possible with some caveats. Basically you have to poke around the PKCS7 structure, get get hold of the content ASN1_OCTET_STRING struture, create a BIO out of it and then zero out the field so the PKCS7 structure no longer includes the content. The caveats are that the format of the included content may not be appropriate for the detached content for (MIME multipart/signed format). In particular that MIME type requires valid MIME headers and canonical format for the first (to be signed) part. If the embedded content isn't of that form it can't be translated without breaking the signature. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
