On Thu, Jul 10, 2014, Konstantin Shemyak wrote: > I'm signing data with PKCS7_sign(), and the result has a 0-byte > element for eContent under encapContentInfo. This is a snap from > 'openssl cms -cmsout -print' of the resulting signature: > > ... > encapContentInfo: > eContentType: pkcs7-data (1.2.840.113549.1.7.1) > eContent: > ... > > Or, from 'openssl asn1parse' (which clearly shows length=0): > > ... > 43:d=3 hl=2 l= 15 cons: SEQUENCE > 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data > 56:d=4 hl=2 l= 2 cons: cont [ 0 ] > 58:d=5 hl=2 l= 0 prim: OCTET STRING > (next element after the SEQUENCE follows) > ... > > I would rather expect no 'eContent' block at all, like this: > > ... > encapContentInfo: > eContentType: pkcs7-data (1.2.840.113549.1.7.1) > eContent: <ABSENT> > ... > > Or, consequently, > > ... > 43:d=3 hl=2 l= 11 cons: SEQUENCE > 45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data > (next element after the SEQUENCE follows) > ... > > Is it possible to make PKCS7_sign() behave in the latter way, i.e. > not create the container with zero-byte content? >
Are you using the PKCS7_DETACHED flag? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
