On Tue, May 28, 2013 at 4:38 PM, Phillip Hellewell wrote:
> Before I switched from PKCS7 to CMS, I had the ability to get the
> actual signature (encrypted digest) by looking at
> signer_info->enc_digest->data.
>
> Now that is encapsulated with no way to get at it,
Same
Before I switched from PKCS7 to CMS, I had the ability to get the
actual signature (encrypted digest) by looking at
signer_info->enc_digest->data.
Now that is encapsulated with no way to get at it, even though I can
get the rest of the signer info using these two functions:
CMS_SignerInfo_get0
On Thu, May 23, 2013 at 10:34 AM, Dr. Stephen Henson wrote:
> This is very rarely encountered in practice. The only time I've ever come
> across it is in Windows authenticode signatures.
Thanks Steve. I think I can make a good argument to my managers that
it's not worth bothering to support it.
Attached is a really old (circa 2000) file called "ieexcep.cat". Windows
recognizes it as a "Security Catalog Information". It is a weird file
because it is like a mix of a cert chain (.p7b) and a signature (.p7s).
The d2i_PKCS7_bio() succeeds on it, but d2i_CMS_bio() does not. This is
the only
On Thu, May 23, 2013 at 5:33 AM, Dr. Stephen Henson wrote:
> On Wed, May 22, 2013, Phillip Hellewell wrote:
>
> > Looking at the implementation of CMS_get0_signers(), it looks like it
> > creates a new stack of X509 that I will have to free.
>
> It's midway between 1
; return
PKCS7Type_UNKNOWN if # certs + # crls == 0.
return PKCS7Type_Certs;
}
}
Thanks,
Phillip
On Thu, May 23, 2013 at 5:29 AM, Dr. Stephen Henson wrote:
> On Wed, May 22, 2013, Phillip Hellewell wrote:
>
> > I'm in the process of refactori
Looking at the implementation of CMS_get0_signers(), it looks like it
creates a new stack of X509 that I will have to free.
Isn't the convention to use a "1" if the return values needs to be freed,
and "0" if not? So shouldn't this function be named CMS_get1_signers()?
(Note that CMS_get1_crls()
I'm in the process of refactoring my code to use the new CMS API instead of
PKCS7.
In my code before I was able to determine the type of pkcs7, and even
distinguish between a signed data (.p7m), signature (.p7s) and cert chain
(.p7b), using this function:
PKCS7Type determine_pkcs7_type(PKCS7*
On Tue, May 21, 2013 at 11:00 AM, Viktor Dukhovni
wrote:
> If so, this is a Windows Perl bug IMHO. The parent should wait
> for the child to exit with close(STDOUT) in either scenario.
> Any special treatment of STDOUT should be reset after
>
> open STDOUT,"|cmd";
>
> in such a way as to
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,"| \"$^X\" $xlate $flavour $output";
whereas the others have this:
open OUT,"| \"$^X\" $xlate $flavour $
I forgot to mention, I am using perl.exe version 5.16.3 and nasm.exe
version 2.10.07.
Phillip
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@ope
On Tue, May 21, 2013 at 9:08 AM, Phillip Hellewell wrote:
> But when executed from my build script (a batch file), it runs into
> problems.
Here is a copy of my build script. Can anyone spot a problem with it?
@echo off
if "%1"=="" goto buildall
setlocal
cd
On Tue, May 21, 2013 at 5:33 AM, Dr. Stephen Henson wrote:
> Just tried it myself with Visual Studio 2012, nasm version 2.10.07 and it
> compiles with no problems for me. I also tried it without nasm (i.e. ml64) and
> that worked OK too.
Ok, this is very helpful to know that it is working for oth
On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell wrote:
> Should I try to patch it myself?
FYI, the linker error is occurring because nasm is failing with a ton
of errors on x86_64-g2m.asm, I think maybe because it is creating the
wrong type of asm.
So I tried masm instead, and it is work
On Thu, May 16, 2013 at 5:27 PM, Phillip Hellewell wrote:
> But do I have to sacrifice performance to be able to upgrade to 1.0.1?
Anyone? Can I be the only one in the whole world who wants to build
openssl on Windows 64-bit with optimized assembly routines?
Should I try to patch it mys
I'm trying to upgrade from 0.9.8y to 1.0.1e, but I'm getting this linker error.
link /nologo /subsystem:console /opt:ref /debug /dll
/out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
@C:\Users\PHELLE~1\AppData\Local\Temp\nm6C7E.tmp
Creating library out32dll\libeay32.lib and object out32dll\libea
On Sat, Jul 10, 2010 at 12:13 PM, Jeffrey Walton wrote:
> > The general approach is to encrypt data using a symmetric cipher (e.g.,
> > AES-256) with a randomly-generated key, and then encrypt that symmetric
> key
> > with the RSA (public) key.
> AES-256 requires a RSA modulus with an equivalent
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric key
with the RSA (public) key.
And for the symmetric encryption you'll also have to make a decision about
what mode to use (ECB, CBC, CTR, etc). Whatever
On Thu, May 27, 2010 at 2:20 PM, Chuck Pareto wrote:
> Hi,
> I'm still unsure as to the max length string I can use to encrypt. I'm using
> the rsacrypto class in .net to encrypt.
> I know I can't pass in a string that's 256 bytes long or greater because
> there us an exception that gets thrown. B
On Wed, May 5, 2010 at 7:07 AM, Anthony Gabrielson
wrote:
> works. So I'm curious whats going on - ism y understanding of CBC mistaken?
You need to keep things aligned for it to work properly. Try
replacing the first 7 bytes with 0 rather than removing them and
shifting everything over. You sh
Is there any way to tell what type of data is contained inside a PKCS7
signedData smime.p7m file?
I have several emails all with an smime.p7m attachment, but the data
inside the smime.p7m is different:
1. plaintext
2. a MIME email
3. binary data like a word document
When getting the data out of a
On Wed, Apr 28, 2010 at 6:45 AM, Dr. Stephen Henson wrote:
> On Wed, Apr 28, 2010, Phillip Hellewell wrote:
>>
>> It makes me wonder though why isn't UTF-8 the default output on a
>> Linux system with LANG set to "en_US.UTF-8"?
>>
>
> Backwards
On Wed, Apr 28, 2010 at 12:39 AM, Phillip Hellewell wrote:
> On Tue, Apr 27, 2010 at 5:29 PM, Luis Neves wrote:
>>
>> As I think they are in DER format so I use
>> openssl x509 -inform DER -in xx.cer -noout -text
>
> I was able to get it to output the cha
On Tue, Apr 27, 2010 at 5:29 PM, Luis Neves wrote:
>
> As I think they are in DER format so I use
> openssl x509 -inform DER -in xx.cer -noout -text
I was able to get it to output the characters correctly by adding
"-nameopt multiline,utf8,-esc_msb" to the command-line.
It makes me wonder th
orted?
My version of OpenSSL doesn't seem to have any CMS functions (perhaps too
old), but my needs are pretty basic so I think I'll be ok without them.
Phillip
On Thu, Apr 15, 2010 at 4:14 PM, Dr. Stephen Henson wrote:
> On Thu, Apr 15, 2010, Phillip Hellewell wrote:
>
> > Appar
Apparently PKCS7_decrypt() only works on enveloped data. How can I decrypt
a PKCS7 of type signedAndEnveloped or encrypted?
Thanks,
Phillip
26 matches
Mail list logo
