On Mon, Aug 15, 2011, Chang Lee wrote: > Has anyone been able to use PKCS7_verify(...) to verify a SignedData > signature with authenticated attributes? I've looked through the code and > it seems PKCS7_signatureVerify() checks for the existence of authenticated > attributes and calls PKCS7_digest_from_attributes() which, along with the > embedded comment /* mdc is the digest ctx that we want, unless there are > attributes, > * in which case the digest is the signed attributes */, gave the impression > that it computed the digest of the attributes. Looking at the > code, PKCS7_digest_from_attributes() just returns the MessageDigest > attribute. This implementation would be wrong. Is this a bug or do have I > stayed up too long looking at this code. > I'm using 0.9.8r. >
The way things work (though the PKCS#7 standard isn't very clear in places) is that if you have authenticated attributes the message digest of the content is contained in a message digest attribute. The digital signature of the PKCS#7 structure is on the encoding of those attributes. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
