Hi all,
I am trying to create a "Degenerate certificates-only CMS Signed-Data” using
openssl openssl-1.1.1c (from CentOS8) as described by
https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the
process I am getting the entry "Error: Object has zero length” in
I am implementing a module for ruby-openssl to add CMS API access to ruby.
(Once I figure it out, I will likely look at how to refactor PKCS7 API code,
but I don't care about that yet)
PKCS7 has the PKCS7_SIGNER_INFO object, and it is declared in pkcs7.h with
DECLARE_ASN1_FUNCTIONS().
CM
I'm very sorry for the late reply but I only read the list from time to
time.
To my knowledge, the PKCS7_sign will init the structure taking data from
th BIO, so if you put data in the BIO after the call to PKCS7_Sign, that
won't go into the PKCS7 structure.
Possibly, by addin
Hello OpenSSL-users
In the purpose of signing pdf files, I've found a difference of
behaviour that I can't explain between two ways of computing signatures.
The first one leads to an error in the way that Adobe says that the file
was modified after signing, the second does not.
First Method:
which is not known if you just have the binary chunk.
Indeed, PEM for S/MIME looks like
-BEGIN PKCS7-
-END PKCS7-
so you must add the header ("-BEGIN PKCS7-") and the trailer
Thanks
Chris
On 2017-09-28 11:23, Wouter Verhelst wrote:
On 28-09-17 01:19, ch
On Thu, Sep 28, 2017 at 2:28 AM, ch wrote:
> Hi!
>
> I thought the difference between PEM and DER is NOT ONLY a different
> encoding of the string?
> base64 vs. binary
>
> So to understand that clear please let me ask:
> If I convert a PEM-signature from base64 to binary then it is DER?
Yes. Well
Hi!
I thought the difference between PEM and DER is NOT ONLY a different
encoding of the string?
base64 vs. binary
So to understand that clear please let me ask:
If I convert a PEM-signature from base64 to binary then it is DER?
Thanks
Chris
On 2017-09-28 11:23, Wouter Verhelst wrote:
On 28
On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
is not working for verifiying
> a SMIME-message in my experience with
> smime or cms-smime on the console. I tried to convert the binary ones to
> base64 but that does not everytime the trick.
What you call "base64" is commonl
Hello!
Thanks for the support.
On 2017-09-28 01:06, Dr. Stephen Henson wrote:
On Thu, Sep 28, 2017, ch wrote:
Hello!
I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures
I try to do it "manually" and I now have
On Thu, Sep 28, 2017, ch wrote:
> Hello!
>
> I am working on a tool for verifying SMIME-messages.
> Because cms and smime is only able to verify base64 pkcs7-signatures
> I try to do it "manually" and I now have a problem with the
> signing-timestamp.
>
I'm
Hello!
I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures I
try to do it "manually" and I now have a problem with the signing-timestamp.
Lets do an example:
openssl smime -sign -md sha1 -in plain.txt -i
t;);
certificate = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
BIO_free_all(bio);
//Sign the binary..
PKCS7* pkcs7 = PKCS7_sign(NULL, NULL, NULL, NULL, PKCS7_PARTIAL);
PKCS7_sign_add_signer(pkcs7, certificate, pkey, NULL, PKCS7_PARTIAL);
PKCS7_final(pkcs7, NULL, PKCS7_PARTIAL);
if (!pkcs7)
t;);
certificate = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
BIO_free_all(bio);
//Sign the binary..
PKCS7* pkcs7 = PKCS7_sign(NULL, NULL, NULL, NULL, PKCS7_PARTIAL);
PKCS7_sign_add_signer(pkcs7, certificate, pkey, NULL, PKCS7_PARTIAL);
PKCS7_final(pkcs7, NULL, PKCS7_PARTIAL);
if (!pkcs7)
On 02/09/2016 16:39, Dr. Stephen Henson wrote:
> On Tue, Aug 30, 2016, David wrote:
>> How can I obtain the length of the overall sequence which contains PKCS7
>> signed data? This is important because the length I already have may be
>> longer than the actual PKCS7 data.
>
On Tue, Aug 30, 2016, David wrote:
> Hi,
>
> I have some PKCS7 data which I can read like this with OpenSSL:
>
> $ openssl asn1parse -i -inform der -in data.dat
> 0:d=0 hl=4 l=16208 cons: SEQUENCE
> 4:d=1 hl=2 l=9 prim: OBJECT:pkcs7-signedData
> .. mo
Hi,
I have some PKCS7 data which I can read like this with OpenSSL:
$ openssl asn1parse -i -inform der -in data.dat
0:d=0 hl=4 l=16208 cons: SEQUENCE
4:d=1 hl=2 l=9 prim: OBJECT:pkcs7-signedData
.. more ..
I can load it in code like so:
// buf contains the raw data, len the
Am 26.04.16 um 16:25 schrieb Stephan Mühlstrasser:
Hi,
I'm trying to plug my own digest algorithm implementation into the PKCS7
functions for creating a signature (using OpenSSL 1.0.2). The hash
computation shall be performed on a hardware device.
For that purpose I wanted to supply m
Hi,
I'm trying to plug my own digest algorithm implementation into the PKCS7
functions for creating a signature (using OpenSSL 1.0.2). The hash
computation shall be performed on a hardware device.
For that purpose I wanted to supply my own EVP_MD data structure to
PKCS7_add_signature
icate using the PKCS7_decrypt( )
> function. The error string is:
>
> OPENSSL error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error
>
> This only happens in FIPS mode so we suspect a weak cipher, but I'm unable
> to glean any specified error that would verify this suspicion. I was h
failedcert.crt <http://openssl.6102.n7.nabble.com/file/n63828/failedcert.crt>
Hello all,
I've attached a .crt certificate file that we are experiencing a problem
with. When trying to process this certificate using the PKCS7_decrypt( )
function. The error string is:
OPENSSL error:210
Am Sat, 19 Sep 2015 23:09:16 +0200 schrieb Jakob Bohm :
> 1. The error should not call this "plain", this would lead
>to the same misunderstanding I had earlier.
Right. I'm not an advanced english speaker, I shouldn't name it at all. ;-)
Btw. In the meantime I think my last suggestion for a
On 19/09/2015 15:34, Michael Heide wrote:
Am Wed, 16 Sep 2015 08:55:51 +0200 schrieb Michael Heide
:
My question now is: how to (proper) handle it?
Maybe a more sensible way to handle those signatures with OpenSSL is to still
not allow such things but instead return an error indicating succe
Am Wed, 16 Sep 2015 08:55:51 +0200 schrieb Michael Heide
:
> My question now is: how to (proper) handle it?
Maybe a more sensible way to handle those signatures with OpenSSL is to still
not allow such things but instead return an error indicating success if it
/would/ be allowed to do it this
Am Tue, 15 Sep 2015 23:18:02 +0200 schrieb Jakob Bohm :
> Where is *1 ?
Sorry, never mind. I screwed it up...
> Of cause, this error is really at the PKCS#1 level, even
> though the PKCS#7 standard formally repeats that particular
> part of PKCS#7 due to ISO/OSI/ITU fun with BIT STRING vs.
> OCT
On 15/09/2015 08:06, Michael Heide wrote:
Am Mon, 14 Sep 2015 21:01:49 +0200 schrieb Jakob Bohm :
Seems to be a file with the same criteria here.
That one is a big surprise to me.
Thanks.
(if it's a surprise to you, then it's ok to be a surprise for me too. ;-) )
It seems that as late as i
Am Mon, 14 Sep 2015 21:01:49 +0200 schrieb Jakob Bohm :
> > Seems to be a file with the same criteria here.
> That one is a big surprise to me.
Thanks.
(if it's a surprise to you, then it's ok to be a surprise for me too. ;-) )
> It seems that as late as in August 17 2015 (4 weeks ago),
> Syma
On 14/09/2015 17:40, Michael Heide wrote:
Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm :
Where can I see the actual file (Not the virustotal
description of the signature), I would need to look
at the actual details to make sense of this.
I think you have to use some kind of a subscrip
On 14/09/2015 17:40, Michael Heide wrote:
By the way, whomever signed this seems to be mixing
competing CAs (GlobalSign for the cert, Symantec for
the timestamp).
Why not? ;-)
Because using the timestamp server is generally a paid
service included in the certificate purchase.
Enjoy
Jakob
--
Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm :
> Where can I see the actual file (Not the virustotal
> description of the signature), I would need to look
> at the actual details to make sense of this.
I think you have to use some kind of a subscription and use their APIs to
access thei
On 11/09/2015 23:26, Michael Heide wrote:
Various intermediate certs. Verisign, Symantec, etc.
But now I see, did't got it before: the root is always "Thawte Timestamping CA"
-- using md5WithRSAEncryption.
Example:
https://www.virustotal.com/en/file/1d1bb76575e780123814259eb2dbbf26f1c9035d8f0d4
On 11/09/2015 23:26, Michael Heide wrote:
Am Fri, 11 Sep 2015 15:07:20 +0200 schrieb Jakob Bohm :
2.3.1 RFC2985 form Timestamp countersignature Attribute
This one.
I thought so, many people think this one is proprietary,
not realizing it was in the original PKCS#9 document.
I have not encoun
Am Fri, 11 Sep 2015 15:07:20 +0200 schrieb Jakob Bohm :
> 2.3.1 RFC2985 form Timestamp countersignature Attribute
This one.
> I have not encountered this before, which signing authority,
> AlgorithmIdentifier and year (first digits of timestamp) did
> you see this with?
Various intermediate ce
C2985 timestamp countersignature format.
AuthentiCode signatures not inside an SpcAdditionalSignatures
attribute and made using the SHA-1 or MD5 hash algorithm SHOULD
AVOID using the RFC3161 timestamp counter signature format.
Those Timestamps are inside a PKCS7 SignerInfo Structure (OpenSSL
Hi,
I'm using OpenSSL to verify a (proprietary?) timestamp in Microsoft
Authenticode via PKCS7_verify() (in pk7_smime.c).
Those Timestamps are inside a PKCS7 SignerInfo Structure (OpenSSL type
PKCS7_SIGNER_INFO). I put those inside a PKCS7 to be able to use PKCS7_verify().
Most of the
Dear all,
I wrote a function like this:
DLL_INT ECryptEncryptData(char* certFile, char* dataFile, char*
encryptedFile, char* errMsg, int errMsgLen)
{
static char* func = "ECryptEncryptData";
int rc = 0;
char msg[MSG_LEN];
BIO *in = NULL, *out = NULL;//, *tbio = NULL;//, *dout = N
e PKCS7_Sign() call appears to add the
> entire message to the pkcs7 DER encoded file.
>
> Is this typical?
>
> Can I pass in NULL to omit the message if I'm sending it in separately?
>
The message is needed to compute the hash. If you don't want to include it in
the e
I'm working through the 'openssl smime -sign' example.
1
The '-in' parameter appears to be the message, not a hash of the
message. Correct?
2
When I run the example, the PKCS7_Sign() call appears to add the entire
message to the pkcs7 DER encoded file.
Is thi
s:ASN1_get_object:
>too long:.\crypto\asn1\asn1_lib.c:142:
Okay, that's an error. See below.
>
> From: Dave Thompson-5 [via OpenSSL] <[hidden email]>
> To: likejiujitsu <[hidden email]>
> Sent: Thursday, July 18, 2013 6:5
kejiujitsu
Sent: Thursday, July 18, 2013 6:58 PM
Subject: RE: error "unable to load PKCS7 object... wrong tag"
> From: [hidden email] On Behalf Of Anil
> Sent: Thursday, 18 July, 2013 10:51
> Thank you for your reply.
> I used HxD but could not find any occ
> From: owner-openssl-us...@openssl.org On Behalf Of Anil
> Sent: Thursday, 18 July, 2013 10:51
> Thank you for your reply.
> I used HxD but could not find any occurrence of 0x30 followed by 0x82.
> Anything else to try?
>
openssl asn1parse -inform DER -in mycert.spc
If that gives an error, you
Thank you for your reply.
I used HxD but could not find any occurrence of 0x30 followed by 0x82.
Anything else to try?
- Original Message -
From: Dr. Stephen Henson
To: openssl-users@openssl.org
Cc:
Sent: Wednesday, July 17, 2013 3:14 PM
Subject: Re: error "unable to load PKCS7 o
On Wed, Jul 17, 2013, likejiujitsu wrote:
>
> Running
>
> openssl pkcs7 -inform DER -in mycert.spc -print_certs -out mycert.crt
>
> gives error
>
> unable to load PKCS7 object 4372:error:0D0680A8:asn1 encoding
> routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\ta
Running
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out mycert.crt
gives error
unable to load PKCS7 object 4372:error:0D0680A8:asn1 encoding
routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\asn1\tasn_dec.c:1319:
4372:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
ng my code to use the new CMS API instead
> of
> > PKCS7.
> >
> > In my code before I was able to determine the type of pkcs7, and even
> > distinguish between a signed data (.p7m), signature (.p7s) and cert chain
> > (.p7b), using this function:
> >
> > PKC
On Wed, May 22, 2013, Phillip Hellewell wrote:
> I'm in the process of refactoring my code to use the new CMS API instead of
> PKCS7.
>
> In my code before I was able to determine the type of pkcs7, and even
> distinguish between a signed data (.p7m), signature (.p7s) an
I'm in the process of refactoring my code to use the new CMS API instead of
PKCS7.
In my code before I was able to determine the type of pkcs7, and even
distinguish between a signed data (.p7m), signature (.p7s) and cert chain
(.p7b), using this function:
PKCS7Type determine_pkcs7_type(
I thought I had posted this already but cannot seem to find it.
I have tried by all means to figure out the API to create a PKCS7 for a
signature file.
Basically I have a signature file and want to wrapper it in a PKCS7. The
Signature is an
ECDSA and uses a SHA256 digest of a file that needs to
On Fri, Oct 12, 2012, redpath wrote:
>
> Tried to find documentation and examples ( which includes searching the
> forum)
> for using a PKCS7 standard in context to what I am trying to do for best
> practices
> when using a signature to verify a document received.
>
Tried to find documentation and examples ( which includes searching the
forum)
for using a PKCS7 standard in context to what I am trying to do for best
practices
when using a signature to verify a document received.
Basically I have a document file (100k) called
BackgroundCheck.doc
used to verify the authentication of the file. The
> signature works great
> > but I want to use
> > best practices to package the signature. A PKCS7 was
> suggested. So I assume
> > I can extract this signature from the PKCS7 to verify the
> file contents
> > which
On 10/11/2012 4:16 PM, redpath wrote:
Well the situation is I have a file which has been signed for its contents.
This signature
is used to verify the authentication of the file. The signature works great
but I want to use
best practices to package the signature. A PKCS7 was suggested. So I
Well the situation is I have a file which has been signed for its contents.
This signature
is used to verify the authentication of the file. The signature works great
but I want to use
best practices to package the signature. A PKCS7 was suggested. So I assume
I can extract this signature from
On Thu, Oct 11, 2012, redpath wrote:
>
> I have a PKCS7 file with signature in the envelope.
> What API function can I use to open the PKCS7 to extract the signature data
> and length
> and then verify the message digest? The verify is shown below assuming I got
> the signature
On 10/11/2012 1:59 PM, redpath wrote:
I have a PKCS7 file with signature in the envelope.
What API function can I use to open the PKCS7 to extract the signature
data
and length
and then verify the message digest? The verify is shown below assuming
I got
the signature
data and length.
int
I have a PKCS7 file with signature in the envelope.
What API function can I use to open the PKCS7 to extract the signature data
and length
and then verify the message digest? The verify is shown below assuming I got
the signature
data and length.
int rc = ECDSA_verify(0, md, 20, signaturedata
>From: Mohammad khodaei [mailto:m_khod...@yahoo.com]
>Sent: Tuesday, 18 September, 2012 06:52
>Thanks for the response. The encryption is also done by me.
>I have generated the cipher text as below:
> in = BIO_new_mem_buf(pchContent, iPriKeyLen);
> if (!in) { //
>
_
From: Dave Thompson
To: openssl-users@openssl.org
Sent: Monday, September 17, 2012 8:45 PM
Subject: RE: Converting BIO* to PKCS7*
>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
>Sent: Monday, 17 September, 2012 05:01
>I've got a problem regar
>From: owner-openssl-us...@openssl.org On Behalf Of Mohammad Khodaei
>Sent: Monday, 17 September, 2012 05:01
>I've got a problem regarding BIO* to PKCS7* conversion. I want to
>call PKCS7_decrypt() function to decrypt a cipher text. Before that,
>I have this s
On Sun, Feb 26, 2012, Dirk Eisenberg wrote:
> Hi,
>
> I received a PKCS7 message with enveloped data (:pkcs7-envelopedData) and
> looking for a way to decrypt the content (PKCS10 CSR) only with the CLI. Is
> this possible with openssl? I tried several things with the help of
Hi,
I received a PKCS7 message with enveloped data (:pkcs7-envelopedData) and
looking for a way to decrypt the content (PKCS10 CSR) only with the CLI. Is
this possible with openssl? I tried several things with the help of the
asn1parse command but did not find the solution :-(
My message looks
I have a pkcs7 message that contains a chain of certificates. The
root certificate is the Apple CA. I am using ruby to verify the
message and I have something that I think works, but I am wondering if
there is a much easier method of doing what I am doing
My specific question is in regards
Hi Dave,
Thanks a lot for your response. I will try this out.
Thanks
Anamitra
On 12/13/11 9:46 PM, "Dave Thompson" wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta
>>Majumdar
>> Sent: Tuesday, 13 December, 2011 14:37
>
>> >I a
On Wed, Dec 14, 2011, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
> > Sent: Tuesday, 13 December, 2011 14:37
>
> > >I am looking for OpenSSL api to parse pkcs7 bag of
> > certificate file that
> > &g
> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar
> Sent: Tuesday, 13 December, 2011 14:37
> >I am looking for OpenSSL api to parse pkcs7 bag of
> certificate file that
> >has two certificates a SubCA and the other the leaf cert.
> Is there a
>I am looking for OpenSSL api to parse pkcs7 bag of certificate file that
>has two certificates a SubCA and the other the leaf cert.
Is there an openssl api that would enable use to parse this pkcs7 bag and
separate out the certificates.
Any pointers will be appreciated.
Thanks
An
> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta
Majumdar
> Sent: Thursday, 17 November, 2011 19:44
> There is a requirement to process a pkcs7 bag of certificate chain.
> Is there an OpenSSL API to parse the certificates in a PKCS7
> bag and get
> each of t
There is a requirement to process a pkcs7 bag of certificate chain.
Is there an OpenSSL API to parse the certificates in a PKCS7 bag and get
each of the certificates in the bag as Base64 encoded string.
Any pointers will be greatly appreciated.
Thanks
Anamitra
As far as merging, I would take a look at the actual PDF format.
-Eduardo
-Original Message- From: q0...@cuba.ionum.ch
Sent: Friday, September 02, 2011 6:42 AM
To: openssl-users@openssl.org
Subject: pkcs7 signature with timestamp
Hi there
I'm trying to create a pkcs7 signature with times
@openssl.org
Subject: pkcs7 signature with timestamp
Hi there
I'm trying to create a pkcs7 signature with timestamp for a pdf-signature.
With "openssl smime -sign -in tmp.pdf -inkey s.key -signer s.cer
-outform der -binary" i get a der-encode pkcs7-signature.
With "ope
Hi there
I'm trying to create a pkcs7 signature with timestamp for a pdf-signature.
With "openssl smime -sign -in tmp.pdf -inkey s.key -signer s.cer
-outform der -binary" i get a der-encode pkcs7-signature.
With "openssl ts -query -data tmp.pdf -out req.tsq" and &q
Hi,
I am trying to create a pkcs7 file containing
- public key.
- signer info (this signer info contains a signature from another
piece of data calculated previously).
This pkcs7 is of type pkcs7-signedData and the (non existent) data is
of type pkcs7-data. In (the simplest broken code
On 06/30/2011 11:25 AM, James Berry wrote:
Hi:
I need to sign a challenge string using the private key present on a
smartcard. The smartcard has a PKCS11-compliant library and I have
been able to open the card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format
Hi:
I need to sign a challenge string using the private key present on a smartcard.
The smartcard has a PKCS11-compliant library and I have been able to open the
card etc with the PKCS11 driver.
Now I would like to sign a message in PKCS7 format to be sent elsewhere for
verification
Thanks for the answer and for clearing things, but I actually managed to do it
last weekend. It was a delay in posting on the forum. But really thanks,
because now I see that I have done things right.
some help again. I'm doing the decryption now. Done almost
> everything, but have a question related to the public key of the
recipient.
> So i encrypted a text into PKCS7 enveloped data. Now, I am
> reading from that structure the symmetric key IV and the encrypted
> d
Need some help again. I'm doing the decryption now. Done almost everything, but
have a question related to the public key of the recipient.
So i encrypted a text into PKCS7 enveloped data. Now, I am reading from that
structure the symmetric key IV and the encrypted data with the symmetri
On Fri, Jun 10, 2011, Claudiu Stanciu wrote:
> Hy. I am trying to encrypt a text into a pkcs7 format without using
> PKCS7_encrypt, because i want to control the key used. So I have done almost
> everything, but can't put the IV in the pkcs7 data. trying to obtain a PKCS7
> en
Hy. I am trying to encrypt a text into a pkcs7 format without using
PKCS7_encrypt, because i want to control the key used. So I have done almost
everything, but can't put the IV in the pkcs7 data. trying to obtain a PKCS7
enveloped data with aes_cbc_256 encryption.
I can't understan
line, like this:
openssl pkcs7 -inform DER -text -in myInsydeL2CertVarSigned.dat
-print_certs
But when using the DER cert in my program, at this call:
Pkcs7 = d2i_PKCS7 (NULL, &P7Data, (int)P7Length);
I get a NULL return. Debugging into the call, I verified the cert DER data
looks
On Mon, Jan 24, 2011, Giacomo Boccardo wrote:
> I generated the file "42.txt.p7m" in the attachment using the command:
>
> openssl cms -sign -in 42.txt -outform der -out 42.txt.p7m -keyid -signer
> selfSignedCert.pem -inkey private.key
>
>
> When I inspect it using the command
>
> openssl asn1p
I generated the file "42.txt.p7m" in the attachment using the command:
openssl cms -sign -in 42.txt -outform der -out 42.txt.p7m -keyid
-signer selfSignedCert.pem -inkey private.key
When I inspect it using the command
openssl asn1parse -inform der -i -in 42.txt.p7m
I can't see inside the
Hi all.I'm using OpenSSL 1.0.0a and I need to produce some different kinds of
signed PKCS7; in particular, I'm trying hard to change the signature algorithm
to sha256-with-rsa (sha256WithRSAEncryption, OID.1.2.840.113549.1.1.11).The
output (parsed with asn1parse command) shall be l
Hi list!
I need a hand with sign + archive + cript data using PKCS7
SignedAndEnvelopedData type.
This model is requested for an app I'm building and the archiving part
was added to compress the enveloped data;the application specification
the archiving part should be done in gzip format.
Op
On Fri, Jun 18, 2010, Niels Stevens wrote:
> Hey,
>
> My program was working fine, suddenly it stopped working after I updated my
> mac today.
>
> I'm using OpenSSL 0.9.8n 24 and I get these 2 errors when I try to sign the
> PKCS7. I've got no errors when I
Hey,
My program was working fine, suddenly it stopped working after I updated my mac
today.
I'm using OpenSSL 0.9.8n 24 and I get these 2 errors when I try to sign the
PKCS7. I've got no errors when I loaded my cert and key.
3341:error:0B080074:lib(11):func(128):reason(116):/S
Hello,
I'm working on an application that generates PKCS#7 SignedData structures, but
with a slightly different format to S/MIME. We're using a version 3 SignedData
structure, and minor changes such as no signingTime in the Authenticated
Attributes. As such, I'm working at the level using func
Hi All,
I'm developing for Windows CE (6.0) and running into problems validating
PKCS7 Signatures created on Windows CE.
The same code running on Win32 creates valid Signatures. I noticed, that on
Win CE, the exact same payload with the exact same private key and
certificate creates sign
Hello,
I would like to verify a pkcs7 signature from a document, is pkcs7 detached
signature.
I have extracted form the document, the signature is a very long hexadecimal
string.
I used this command but the I get a verification failure.
openssl dgst -verify -sha1
2 maart 2010 13:54
> To: openssl-users@openssl.org
> Subject: Re: PKCS7 - SubjectKeyIdentifier CHOICE in SignerIdentifier
fails?
>
> On Mon, Mar 22, 2010, Stef Hoeben wrote:
>
> > Hello,
> >
> > subjectKeyIdentifier [0] SubjectKeyIdentifier }
> >
>
ently PKCS7_decrypt() only works on enveloped data. How can I
> decrypt
> > a PKCS7 of type signedAndEnveloped or encrypted?
> >
>
> Signed and enveloped isn't supported and hardly anyone implements it any
> more.
>
> BTW you are best using the CMS function
On Thu, Apr 15, 2010, Phillip Hellewell wrote:
> Apparently PKCS7_decrypt() only works on enveloped data. How can I decrypt
> a PKCS7 of type signedAndEnveloped or encrypted?
>
Signed and enveloped isn't supported and hardly anyone implements it any more.
BTW you are best
Apparently PKCS7_decrypt() only works on enveloped data. How can I decrypt
a PKCS7 of type signedAndEnveloped or encrypted?
Thanks,
Phillip
thanks Mounir!
yes the 'write' thing was a typo. the second issue was the problem.
sean
your are right the pass in type should be a
> Date: Sun, 4 Apr 2010 02:22:29 +0200
> From: mounir.idra...@idrix.net
> To: openssl-users@openssl.org
> Subject: Re: pkcs7
96);
p7 = d2i_PKCS7(NULL, &ptr, inlen);
I hope this will help.
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
On 4/3/2010 3:06 AM, sean wang wrote:
Hello,
I have a pkcs7 encoded cert which i want to load. the following code block
works fine: ( I am doing a base64 decoding first, will explain th
Hello,
I have a pkcs7 encoded cert which i want to load. the following code block
works fine: ( I am doing a base64 decoding first, will explain the reason in
the second half):
BIO *bio, *b64;
PKCS7 * p7;
b64 = BIO_new(BIO_f_base64());
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL
On Mon, Mar 22, 2010, Stef Hoeben wrote:
> Hello,
>
> subjectKeyIdentifier [0] SubjectKeyIdentifier }
>
> Could it be that the SubjectKeyIdentifier CHOICE isn't supported here,
> that the parser expects a IssuerAndSerialNumber only?
>
Yes the SKID option is not part of the PKCS#7 stand
Hello,
We're having a pkcs7 file that gives the following error when being parsed:
9872:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:.\crypto\asn1\tasn_dec.c:1320
(openssl-1.0.0-beta3, but same prob in openssl 0.9.8g)
Here's part of the file dump, the prob seem
On Fri, Feb 26, 2010, Alexei Soloview wrote:
> Hello!
>
>
>
> I try to check signature on PKCS7-structure(see attached file pkcs7.bin).
>
> The following sequence of commands is performed:
>
> openssl pkcs7 -in pkcs7.bin -inform DER -outform PEM -out pkcs7.PEM
Hello!
I try to check signature on PKCS7-structure(see attached file pkcs7.bin).
The following sequence of commands is performed:
openssl pkcs7 -in pkcs7.bin -inform DER -outform PEM -out pkcs7.PEM
openssl smime -verify -in pkcs7.PEM -inform pem -noverify 1>pkcs7.data
Verificat
On Thu, Nov 26, 2009 at 7:59 PM, Dr. Stephen Henson wrote:
> On Mon, Nov 23, 2009, Mathieu Malaterre wrote:
>
>> Steve,
>>
>> >> Do you have a sample PBE blob you want to decrypt?
>> >
>> > Here is one:
>> >
>> > $ wget http://idisk.mac.com/dclunie-Public/securedicomfileset.tar.bz2
>> > $ openssl
1 - 100 of 356 matches
Mail list logo
