On Mon, Oct 17, 2022 at 10:28:45AM +0200, Tim Meusel wrote:
> Hi!
> I maintain a Ruby script that does PKCS#7 signing and afterwards some
> enryption with AES-128-CFB. A trimmed down version:
>
> certpath = '/tmp/cert.pem'
> keypath = '/tmp/key/pem'
> d
Hi!
I maintain a Ruby script that does PKCS#7 signing and afterwards some
enryption with AES-128-CFB. A trimmed down version:
certpath = '/tmp/cert.pem'
keypath = '/tmp/key/pem'
data = 'teststring'
key = OpenSSL::PKey::RSA.new(File.read(keypath), '1234'
Hello,
I have a small update in order to close this issue.
The identity provider that produced the invalid signatures have fixed their
signatures so that we can verify them using the latest LTS version of
OpenSSL. We use Bouncy Castle in some products and it does not catch the
invalid signatures
Hello,
I think the person I spoke with might have thought about another set of
signatures for an in-house identity provider. If that is the case then
those signatures were probably generated by OpenSSL 1.0.2 and are OK. I
heard from another person today that the bad files were produced by the
othe
On 02/04/2019 17:34, Steffen wrote:
> Hello,
>
>> What had produced the signatures?
>
> I received word from my end that the signatures may have been produced by
> OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment but I
> cannot confirm this.
>
If that's the case, I'd re
Hello,
> What had produced the signatures?
I received word from my end that the signatures may have been produced by
OpenSSL 1.0.2 (no idea which letter release) in the Cygwin environment but
I cannot confirm this.
Matt Caswell wrote:
> Using the cert/data files you provided me off-list (thanks), I was able to
> confirm the above and narrow it down further to the following commit:
What had produced the signatures?
> In some cases, the damage is permanent and the spec deviation and
> securi
On 02/04/2019 10:44, Matt Caswell wrote:
On 01/04/2019 22:23, Steffen wrote:
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
Using the cert/data files you provided me off-list (thanks),
Hello Matt,
Thank you for looking into this!
So it seems like I have to figure out why the signatures are incorrectly
formatted and then fix it at every source if possible, or convert the
structures somehow if it can be done correctly. The only immediate solution
I can see is to downgrade to Open
On 01/04/2019 22:23, Steffen wrote:
> Hello,
>
> I believe that I have narrowed the problem down to one specific version of
> OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
Using the cert/data files you provided me off-list (thanks), I was able to
confirm the above an
Hello,
I believe that I have narrowed the problem down to one specific version of
OpenSSL. Version 1.1.0b works as expected while OpenSSL 1.1.0c does not.
I have currently only verified this using PKCS7_verify and CMS_verify since
I have no CLI at hand for these versions.
The changelog for 1.1.0
ror:2E09809E:CMS routines:CMS_SignerInfo_verify:verification
failure:crypto/cms/cms_sd.c:741:
Other ideas are much appreciated!
On Mon, Apr 1, 2019 at 3:58 PM Matt Caswell wrote:
>
>
> On 01/04/2019 14:46, Steffen wrote:
> > Hello,
> >
> > I am struggling with using OpenSS
On 01/04/2019 14:46, Steffen wrote:
> Hello,
>
> I am struggling with using OpenSSL 1.1.1 to verify a PKCS #7/CMS structure.
> Verification succeeds when I use OpenSSL 1.0.2, but 1.1.0 and 1.1.1 fails with
> "bad signature". I initially had this problem when using t
Hello,
I am struggling with using OpenSSL 1.1.1 to verify a PKCS #7/CMS structure.
Verification succeeds when I use OpenSSL 1.0.2, but 1.1.0 and 1.1.1 fails
with "bad signature". I initially had this problem when using the OpenSSL
library but I see that the problem also applies to the O
Alright, big thanks to both of you for your input!
On Mar 15, 2017 23:01, "Wouter Verhelst" wrote:
On 15-03-17 05:13, valéry wrote:
> Hi,
>
> thank you very much for your response.
> Say someone would be able to gather several clear text AES keys and
> their respective asymmetrically encrypted
On 15-03-17 05:13, valéry wrote:
Hi,
thank you very much for your response.
Say someone would be able to gather several clear text AES keys and
their respective asymmetrically encrypted RSA blocks. Would it weakens
the security of the RSA key pair ? I mean could it be easier for someone
using th
> Say someone would be able to gather several clear text AES keys and their
> respective asymmetrically encrypted RSA blocks. Would it weakens the security
> of the RSA key pair ? I mean could it be easier for someone using that
> information to brute force an RSA key pair ?
No
--
openssl-user
RSA key pair ?
Thank you
On Tue, Mar 14, 2017 at 3:12 PM, Salz, Rich via openssl-users <
openssl-users@openssl.org> wrote:
> > If so, would it be possible in principle to decrypt an encrypted PKCS#7
> envelope only knowing which AES key was used ?
>
> Yes. But maybe not w
> If so, would it be possible in principle to decrypt an encrypted PKCS#7
> envelope only knowing which AES key was used ?
Yes. But maybe not with the openssl api's :)
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
is the following picture correct ?
when creating an encrypted PKCS#7 envelope, a random AES key is generated
and encrypted with the provided RSA private key. The AES key is used to
encrypt the envelope content. The X509 certificate containing the
associated public key is included in the
On Mon, Nov 28, 2016, Wim Lewis wrote:
>
> However, I think the other half of my problem remains: if I'm putting
> another CMS object into a SignedData, AuthEnvelopedData, or other kind of
> wrapper, the OCTET STRING should contain the encoding of that object's
> structure (e.g. a BER-encoded Aut
On Nov 25, 2016, at 12:43 PM, Dr. Stephen Henson wrote:
> Something like that did happen for PKCS#7 but the OCTET STRING encapsulation
> is correct for CMS.
Aha, and this difference is called out in RFC5652 [5.2.1]. Thanks, that
clarifies things for me a little. So typically it'
...fields of the EnvelopedData structure...
> }
> }
> }
> }
>
> In other words, I have two extra, incorrect levels of encapsulation: the
> OCTET STRING and the extra ContentInfo.
>
Something like that did happen for PKCS#7 bu
I'm trying to produce nested structures, like signed-enveloped-signed data.
This is explicitly described in the various RFCs, but I can't figure out how to
get OpenSSL to produce valid output, and I can't find any code examples of
doing this.
What I'm doing (which doesn't quite work) is this: f
On 05/02/2015 14:30, Srinivas Rao wrote:
Hi All,
Is there a way to use openssl to sign data using a private key (on USB
token) and produce PKCS7 output on win32, if:
a) the data to be signed message is not touched yet and goes as input
to the solution to the answer to this problem, OR
b) signa
Hi All,
Is there a way to use openssl to sign data using a private key (on USB
token) and produce PKCS7 output on win32, if:
a) the data to be signed message is not touched yet and goes as input
to the solution to the answer to this problem, OR
b) signature is already generated, i.e message is h
I have been attempting to compile OpenSSL 1.0.1h on about 14 different
platforms/architectures for our product. I ran into an issue with one of the
unit tests on our HP-UX 11i v2 Itanium system in 64 bit mode.
CMS => PKCS#7 compatibility tests
signed content DER format, RSA key: OK
sig
Hi,
I try to embed an OCSP basic response in a PKCS #7 SignedData object.
When I run "openssl pkcs7 -inform DER -text -in file.p7c", I get:
unable to load PKCS7 object
5024:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as
n1\tasn_dec.c:1319:
5024:error:0D0
On Thu, Feb 21, 2013, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> > Sent: Wednesday, 20 February, 2013 19:06
>
> >
> > PKCS#7 and CMS are two similar standards but with a few
> > subtle differences.
>
> From: owner-openssl-us...@openssl.org On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, 20 February, 2013 19:06
> On Tue, Feb 19, 2013, Ulises S. wrote:
>
> > There is this odd behavior in which one in many signed
> files with PKCS#7 on JAVA won't
> > pass
On Tue, Feb 19, 2013, Ulises S. wrote:
> There is this odd behavior in which one in many signed files with PKCS#7 on
> JAVA won't
> pass the validation with Openssl, all Openssl signed data is correctly
> verified in JAVA though.
>
> Currently I have not a test case but a
Hello,
I have an application that decrypts an encrypted PKCS#7 structure.
When I run it with keys loaded from disk, it runs perfectly, but as
soon as I use engine keys from CAPI it fails with:
8244:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:.\crypto\evp\evp_enc.c
On Thu, Dec 15, 2011, Pietro Romanazzi wrote:
> Hi,
> afraid this question has been already issued but I did not find any solution
> surfing the web.
> I need to sign data with a RSA private key and obtain a pkcs#7 envelope with
> data, signature
> and certificate.
> In
Hi,
afraid this question has been already issued but I did not find any solution
surfing the web.
I need to sign data with a RSA private key and obtain a pkcs#7 envelope with
data, signature
and certificate.
In the past I remember I found the solution with OpenSSL command line.
Unfortunately
Correcting myself for the record:
> From: owner-openssl-us...@openssl.org On Behalf Of Dave Thompson
> Sent: Thursday, 17 November, 2011 18:53
> As I said, I don't believe any openssl commandline
> function will create a 'degenerate' (cert-only) PKCS#7, which
uot;Certificate encrypted by hardware key".
The certificate contains the key for your device, which is hardware
(apparently); and is signed by the CA's key, which may be hardware
or not (for openssl usually not). Certificates generally are
NOT encrypted, and certificates in PKCS#7 defin
me in PKCS#7 format; (This step that
I not understand to do);3 - Store the Certificate in Flash memory (Not
Implemented yet, but is not difficult) The step 2 I try to use openssl, but I
not understand, because there aren't examples how to implement Certificate.
Thanks for helpLaerte Juni
> From: owner-openssl-us...@openssl.org On Behalf Of Laerte Junior
> Sent: Saturday, 12 November, 2011 14:22
>I'm working with embedded system project and I need to receive
PKCS7
> and store the fields(DN, signature, public key, etc.). Before, I generate
> a CSR to test (atta
Hi,
I'm working with embedded system project and I need to receive PKCS7 and store
the fields(DN, signature, public key, etc.). Before, I generate a CSR to test
(attached file), but now I need to generate PKCS7 to test. How to do it? I need
to generate a small PKCS7 as possible. Thanks
On Tue, Nov 23, 2010, richard.folw...@barclays.com wrote:
> I'm fairly comfortable now using OpenSSL from the command line for basic
> operations: certificate management, encryption, decryption, signing and
> verification. However I need to create encrypted and signed files to
>
I'm fairly comfortable now using OpenSSL from the command line for basic
operations: certificate management, encryption, decryption, signing and
verification. However I need to create encrypted and signed files to
meet PKCS#7, and cannot find any documentation online that explains how
to do
On Thu, Aug 05, 2010, Giacomo Boccardo wrote:
> I had to re-compile openssl using the flag enable-cms in order to use the
> cms command. Why is it disabled by default?
>
It was a new feature in a stable branch of OpenSSL and due to the policy at
the time new features were disabled by default. I
I had to re-compile openssl using the flag enable-cms in order to use
the cms command. Why is it disabled by default?
Thanks,
J.
Messaggio Originale
Oggetto: Re: Error inspecting PKCS#7 DER
Da: Dr. Stephen Henson
A: openssl-users@openssl.org
Data: 04/08/2010 16:30:54
On Wed, Aug 04, 2010, Giacomo Boccardo wrote:
> When I try to inspect the file in the attachment (PKCS#7, DER format) I
> have the following error:
>
> $ openssl pkcs7 -inform DER -in cadesBES_singleCounterSignatureWithDate.p7m
> unable to load PKCS7 object
> 2491:error:0D06
When I try to inspect the file in the attachment (PKCS#7, DER format)
I have the following error:
$ openssl pkcs7 -inform DER -in cadesBES_singleCounterSignatureWithDate.p7m
unable to load PKCS7 object
2491:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1316:
2491
Hi guys,
I have to create a program following the PKCS#7 standard with
Signed-And-Enveloped-Data datatype:
SignedAndEnvelopedData ::= SEQUENCE {
version Version,
recipientInfos RecipientInfos,
digestAlgorithms DigestAlgorithmIdentifiers,
encryptedContentInfo EncryptedContentInfo,
certificates
On Wed, Jun 23, 2010, Federico Berton wrote:
> Hi guys, I am trying to save a pkcs#7 structure with sign-and-enveloped data
> to a file but I can't find the appropriate function. I know that i should
> use somewhat kind of BIO. Can somebody help me?
>
i2d_PKCS7_bio() will w
Hi guys, I am trying to save a pkcs#7 structure with sign-and-enveloped data to
a file but I can't find the appropriate function. I know that i should use
somewhat kind of BIO. Can somebody help me?
Thanks in advance and sorry for my bad english.
Berton Fed
Hey I'm using this code to verify my PKCS#7 signed object and extract it from
the S/MIME
This code works perfectly if I test it with boost and send a mock SMIME to it.
This mock up is generated with OpenSSL.
But I'm trying to verify a S/MIME with the same structure that has been
ge
* Eisenacher, Patrick wrote on Tue, Feb 23, 2010 at 12:30 +0100:
[...]
> "The selection of a trust anchor is a matter of policy: it
>could be the top CA in a hierarchical PKI, the CA that
>issued the verifier's own certificate(s), or any other CA in
>a network PKI."
>
> And no, I don
On Mon, Feb 22, 2010, Eisenacher, Patrick wrote:
>
> Unfortunately, the perceived verification algorithm is a limitation in
> openssl, which always wants to do path validation up to a self signed cert,
> even if no revocation checking is requested. And no, there's no way to
> modify its verificat
Hi Patrick,
sorry for the bad line-breaking, but I'm stuck here with a poor msa.
> -Original Message-
> From: Patrick Patterson
>
> On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
> > > -Original Message-
> > > From: Patrick Patterson
> > >
> > > On 12/02/10 8:51 AM, s
On February 22, 2010 09:18:25 am Eisenacher, Patrick wrote:
> > -Original Message-
> > From: Patrick Patterson
> >
> > On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> > > Is there a way (via the API rather than the tool) to tell
> >
> > OpenSSL that
> >
> > > the sub-CA certificate is tru
> -Original Message-
> From: Patrick Patterson
>
> On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> > Is there a way (via the API rather than the tool) to tell
> OpenSSL that
> > the sub-CA certificate is trusted and it doesn't need to
> walk further
> > up the chain? For my case, I embed
On 12/02/10 8:51 AM, skillz...@gmail.com wrote:
> Is there a way (via the API rather than the tool) to tell OpenSSL that
> the sub-CA certificate is trusted and it doesn't need to walk further
> up the chain? For my case, I embed the sub-CA certificate in my code
> and I'm space constrained so I'd
On Thu, Feb 11, 2010 at 1:31 PM, wrote:
> I have a DER-encoded PKCS#7 file that I'd like to extract the
> certificate from, verify that certificate against a specific sub-CA
> certificate, then use the certificate's public key to verify a
> signature.
>
> I looked at
I have a DER-encoded PKCS#7 file that I'd like to extract the
certificate from, verify that certificate against a specific sub-CA
certificate, then use the certificate's public key to verify a
signature.
I looked at the code for the pkcs7 tool and it looks directly inside
the PKCS7
On Thu, Jan 28, 2010, Jaraba Nieto, Fernando wrote:
>
>
> I would know if it's possible with openssl to sign a digest message,
> without using the original document. If it's then I can send hash digest
> to the client and receive signed hash to build pkcs#7 structure.
I would know if it's possible with openssl to sign a digest message,
without using the original document. If it's then I can send hash digest
to the client and receive signed hash to build pkcs#7 structure.
Thanks a lot
Fernando.
On Tue, Jan 12, 2010, Douglas Gemignani wrote:
> This looks like a recent change in the v1.0.0 beta
> *) Update PKCS#7 enveloped data routines to use new API. This is now
> supported by any public key method supporting the encrypt operation. A
> ctrl is added to allow th
This looks like a recent change in the v1.0.0 beta
*) Update PKCS#7 enveloped data routines to use new API. This is now
supported by any public key method supporting the encrypt operation. A
ctrl is added to allow the public key algorithm to examine or modify
the PKCS#7
On Tue, Jan 12, 2010, Douglas Gemignani wrote:
> Hello,
>
> I need to generate a pkcs#7 certificate with a enveloped message
> inside it. As far as I understand this message (X509) will be
> encrypted with a random generated TDES key.
> This is my snippet, but it is still i
Hello,
I need to generate a pkcs#7 certificate with a enveloped message
inside it. As far as I understand this message (X509) will be
encrypted with a random generated TDES key.
This is my snippet, but it is still incomplete and some comments
regarding my doubts, I hope someone could help me
Ger Hobbelt wrote:
What may have impact here is that a memory s/s BIO does not act like a
file BIO by default.
To get the same behaviour (at end-of-data == End of File), you should
add the call
BIO_set_mem_eof_return(pio, 0);
after the line
pio = BIO_new(BIO_s_mem())
to ensure y
ular EOF signal when the memory buffer has
been read in its entirety.
On Thu, Apr 9, 2009 at 12:59 PM, Anton D Kachalov wrote:
> Good day!
>
> I have problem with reading S/MIME PKCS#7 container from membuf. I've got
> "not enough data" error in ASN parsing routine (asn1_d
Good day!
I have problem with reading S/MIME PKCS#7 container from membuf. I've
got "not enough data" error in ASN parsing routine (asn1_d2i_read_bio).
I have sign & crypt zip file (430kb) with S/MIME PKCS#7 within PHP. Then
I wrote a small application to decrypt & ve
Hi,
I'm investigating upgrading the applications I'm responsible for from
SHA1 as the default PKCS#7 SignedData digest algorithm to stronger
digests such as SHA256, in ways that preserve backwards compatibility
for signature verifiers which do not support digest algorithms other
than SH
Hi all,
With OpenSSL, can I create PKCS#7 CMS messages just using a pre-shared
symmetric key?
I just need to package the secret with its encryption algorithm identifier,
and the PKCS#7 envelope looks ideal for this.
The only additional data that I may wish to add to the message may be the
All,
I have what is probably going to be an extremely newbie
issue/question. I have a customer moving to us who uses Apache Tomcat
with a PKCS#7 certificate and an accompanying .key file which looks
rather foreign to me. Personally, i've never dealt with anything
outside of the "pla
On Mon, Aug 04, 2008, Travis wrote:
> I've been trying to get OpenSSL to parse PKCS#7 objects made with
> BouncyCastle, which uses SHA-2 hashes in it.
>
> However, I haven't had much luck. I know that OpenSSL has support for
> SHA-2 directly, but I think the ASN.1 pa
I've been trying to get OpenSSL to parse PKCS#7 objects made with
BouncyCastle, which uses SHA-2 hashes in it.
However, I haven't had much luck. I know that OpenSSL has support for
SHA-2 directly, but I think the ASN.1 parser is blowing up on the
particular NID/OID for SHA-2 hashes.
D
Hello,
Anybody know how I can extract the certificates from a chained PKCS#7
file? I can't seem to find the part of the API that deals with this,
although I can find lots of references to the command line program that
does it.
Thanks,
On Wed, May 28, 2008 at 02:23:44PM -0500, [EMAIL PROTECTED] wrote:
> On Tue, May 27, 2008 at 03:23:27PM -0500, [EMAIL PROTECTED] wrote:
> > So a developer at my company is having a problem.
> >
> > When our business partner signs a data object using Bouncy Castle
> >
On Tue, May 27, 2008 at 03:23:27PM -0500, [EMAIL PROTECTED] wrote:
> So a developer at my company is having a problem.
>
> When our business partner signs a data object using Bouncy Castle
> (PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
> works fine, but whe
So a developer at my company is having a problem.
When our business partner signs a data object using Bouncy Castle
(PKCS#7 CMS), outputs PEM, and we use OpenSSL and read it in, that
works fine, but when we try to get the data out of it, we're getting a
null string.
My hunch is
hat file ( I signed the file using
> RSA_sign)
> > funtion. ). once the file is signed I need to envelope the file as a CMS
> > package.
> >
> > So Could any one who has prior knowledege on usage of pkcs function ,
> please
> >
o envelope the file as a CMS
> package.
>
> So Could any one who has prior knowledege on usage of pkcs function , please
> help me how to do this signing and verification .
> If possible please give me the link
e the links where I can get data on these PKCS#7
funtions ..
please help me ,
--
--Best Regards
Shankar
pkcs funtions (any
document or pdf or examples of signin, encryption , compression.) ..
and source which explains the usage of PKCS#7 API's in openssl...
--
--Best Regards
Shankar
So I've got to interchange data with a Java-based environment. I
believe their choice of libraries is with Bouncy Castle, which IIUC
implements a newer version of PKCS#7 called CMS. We only have OpenSSL,
which uses PKCS#7 v1.5..
Does anyone have experience with these kinds of situations
We have singed a digest with RSA_sing and we have an PKCS#1. We need to
transform from the PKCS#1 to a PKCS#7.
¿Do you know how to transform the PKCS#1 to a PKCS#7?
Thank you.
Fernando.
Hello,
I've read the following in the latest CHANGES file of the openSSL
0.9.9 snapshot 20071220:
*) Add option -stream to use PKCS#7 streaming in smime utility. New
function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
to output in BER and PEM format.
Does this
[EMAIL PROTECTED] wrote:
I've a problem. I need to cypher a buffer of bytes with pkcs7 format but
I can't use certificates,i need encrypt using only a key or password.
I have searched but I do not find anything to do it.
Read the syntax for PKCS#7:
ftp://ftp.rsasecuri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] schrieb:
> Hello all!!
Hello Lidia,
> I've a problem. I need to cypher a buffer of bytes with pkcs7 format but
> I can't use certificates,i need encrypt using only a key or password.
Are you really sure PKCS#7
2007/10/17, [EMAIL PROTECTED] <[EMAIL PROTECTED]
>:
>
> Hello all!!
>
> I've a problem. I need to cypher a buffer of bytes with pkcs7 format
> but I can't use certificates,i need encrypt using only a key or
> password.
>
> I have searched but I do not find anything to do it.
>
> I work with c, and
Hello all!!
I've a problem. I need to cypher a buffer of bytes with pkcs7 format
but I can't use certificates,i need encrypt using only a key or
password.
I have searched but I do not find anything to do it.
I work with c, and the function PKCS7_encrypt() needs
certificates...There is so
Hello,
I hope someone can help. I have an existing signature which was made with a
smartcard. So, how can I create a valid pkcs#7 structure
which contains this signature value. I appreciate any thoughts, references,
samples or other help!
Thanks and best regards
Christian Wiesbauer
Hello,
I wasn't able to get a PKCS #7 file using the dgst and
rsautl command.
So now I'm trying with the smime command. However, I´m
doing something wrong since I get "Error reading
S/MIME message" because the file I want to sign is not
in SMIME format (I suppose).
Is there a
Hello,
I need to sign a file using a RSA Key and get a
PKCS#7/CMS file.
I´ve tried the following command but Openssl complains
that the data is too large for the key size.
openssl rsautl -in 1.xml -out 1.xml.cms.base64 -inkey
britanico1.pem -sign
I´ve read the documentation of rsautl and its
Hi there,
I have a problem to fill a PKCS#7 (or CMS) structure and I can't find any hints
on the web so I hope someone in this group can help.
How to read or write a PKCS7 file programatically I have managed, but I have
the following problem:
I have a digital signature of a document done
All,
Is there a way to simply extract the message digest from a PKCS #7
signature? Here is a little back ground to hopefully explain the
context.
We have separate data and signature. In order to reduce memory
requirements, we'd like to generate our digest while we decompress the
The post process would be done by the signer (on his machine with all
the credential availables), with the key present. If this can be done
inside PKCS_sign, or during the same session.
I don't want this re-encoding to be particulary a post-process, just
want it to be done anytime, of course ...
Benjamin Sergeant wrote:
I'd like to know how to proceed (is it doable) to convert a PKCS #7
data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;)
with several cert (the one from the signer) and a chain of cert, from
BER to DER encoding.
Is the decryption key present to sig
Hi,
I'd like to know how to proceed (is it doable) to convert a PKCS #7
data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;)
with several cert (the one from the signer) and a chain of cert, from
BER to DER encoding.
I have another one PKCS #7 data which was made with the
Bernhard Froehlich wrote:
[EMAIL PROTECTED] wrote:
Hi!
I need to convert PKCS#7 attached signatures to PKCS#7 detached
signatures.
Is it possibly? Is there any example?
Thanks anyway!
Since noone else answered I'll thay the little I believe to know about
the subject... ;)
I
On Tue, Jan 17, 2006, Bernhard Froehlich wrote:
> [EMAIL PROTECTED] wrote:
>
> >
> >Hi!
> >
> >I need to convert PKCS#7 attached signatures to PKCS#7 detached
> >signatures.
> >
> >Is it possibly? Is there any example?
> >
> >Thanks
[EMAIL PROTECTED] wrote:
Hi!
I need to convert PKCS#7 attached signatures to PKCS#7 detached
signatures.
Is it possibly? Is there any example?
Thanks anyway!
Since noone else answered I'll thay the little I believe to know about
the subject... ;)
I don't think doing this i
Hi!
I need to convert PKCS#7 attached signatures
to PKCS#7 detached signatures.
Is it possibly?
Is there any example?
Thanks anyway!
Nikolay Elenkov wrote:
> I am trying to patch the PKCS#7 code to (partially) handle CMS ver 3.
> What I need is to parse a CMS structure that has an attribute
> certificate in the certificates field of SignedData.
>
...
>
> typedef struct certificate_choices_st {
>
Hello,
I am trying to patch the PKCS#7 code to (partially) handle CMS ver 3.
What I need is to parse a CMS structure that has an attribute
certificate in the certificates field of SignedData.
The relevant defintions from RFC 2630 are:
SignedData ::= SEQUENCE {
version CMSVersion
1 - 100 of 197 matches
Mail list logo
