Hello, I would like to convert a data file plus its seperate PKCS#7 detached signature (.p7s file) into a single .pk7 encapsulated file.
First I tried with the openssl command line tool (Linux, version 0.9.8d and
current 1.0.0beta2 which behaves the same):
openssl smime -pk7out -in test.txt.p7s -inform der -content test.txt \
-out test.pk7
While -content is considered when I do a -verify, unfortunatley it's not used
by -pk7out. The resulting out-file still contains only the signature without
the content.
Then I tried using the OpenSSL C API and wrote something like this:
---------------------------------------------------
BIO_read_filename(datafile, "test.txt");
BIO_read_filename(sigfile, "test.txt.p7s.pem");
BIO_write_filename(outfile,"test.txt.pk7.pem");
p7=PEM_read_bio_PKCS7(sigfile,NULL,NULL,NULL);
PKCS7_set_detached(p7,0);
p7bio=PKCS7_dataInit(p7,datafile);
for (;;)
{
i=BIO_read(datafile,buf,sizeof(buf));
if (i <= 0) break;
BIO_write(p7bio,buf,i);
}
BIO_flush(p7bio);
PKCS7_dataFinal(p7,p7bio);
PEM_write_bio_PKCS7(outfile,p7);
---------------------------------------------------
That didn't work either. But I admit I don't understand yet how the PKCS7
structures and functions actually work. Unfortunately the pkcs7(3)
documentation on http://www.openssl.org/docs/crypto/crypto.html is missing.
Does anyone have a hint how I can do such a p7s-to-pk7 conversion?
Kind regards,
Stephan Uhlmann
signature.asc
Description: This is a digitally signed message part.
