Hello all, I face the following problem: I have to parse PKCS#7 SignedData structures, some of which use BER encoding for the EncapContentInfo content, the Certificate and CRL sets and also the unsigned attributes set inside the signer info. The CAdES standard (ETSI TS 101 733 V1.8.1) requires for its ArchiveTimestampV2 attribute that a message digest is to be computed including various elements of the signature structure, especially including the afore-mentioned that possibly were BER-encoded in the initial signature.
Parsing BER is no problem with OpenSSL, but if I reencode the signature, DER encoding is applied and naturally my verification of the message digest fails. A more general problem is that many signatures pretend to be DER-encoded but they actually apply the wrong order in DER sets. Thus, computing the message digest also fails because the set elements are put out in a different order than the original one, although the set elements themselves are DER-encoded... Can I and if so, how, force OpenSSL to re-encode the structure using the existing encoding (and set order), so that the output is again encoded exactly the same way that it was read? Thanks for your help, Martin
