Hi,
I am trying to create a pkcs7 file containing
- public key.
- signer info (this signer info contains a signature from another
piece of data calculated previously).
This pkcs7 is of type pkcs7-signedData and the (non existent) data is
of type pkcs7-data. In (the simplest broken code):
evp_key = rsa private key
cert = x509 cert
sign = RSA-SHA1 signature from some info retrieved elsewhere
PKCS7* pkcs = PKCS7_new();
PKCS7_set_type(pkcs, NID_pkcs7_signed);
PKCS7_SIGNER_INFO* pk_signer = PKCS7_add_signature(pkcs, cert,
evp_key, EVP_sha1());
ASN1_OCTET_STRING* hash_octect = ASN1_OCTET_STRING_new();
ASN1_OCTET_STRING_set(hash_octect, sign, sign_len);
pk_signer->enc_digest = hash_octect;
PKCS7_add_certificate(pkcs, cert);
PKCS7_final(pkcs, NULL, 0);
I am pretty sure that is not the way to set the enc_digest on the signer info.
When I inspect the Asn1 created (openssl asn1parse) I see that:
- No "pkcs7-data" object was generated
- An "itu-t" (is that the pkcs7-data)
- No messageDigest object was included (the one from the signer info)
I am trying to get the rsa block file created while signing a JAR file
in the Java platform in case you were wondering.
Does anyone know how to tweak this in order to get the proper pkcs7?
Thanks for your help,
Federico
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
