On Thu, Jan 28, 2010, Jaraba Nieto, Fernando wrote: > > > I would know if it's possible with openssl to sign a digest message, > without using the original document. If it's then I can send hash digest > to the client and receive signed hash to build pkcs#7 structure. >
It is possible using the CMS routines which can be compatible with PKCS#7. There aren't any examples of this but in outline you'd: Create CMS SignedData structure using CMS_sign(). Add a signer using CMS_add1_signer(). Add message digest using CMS_signed_add1_attr_by_NID(). Sign structure using CMS_SignerInfo_sign(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
