" via RT" <[EMAIL PROTECTED]> writes: > there are 2 published standard versions: 1.5 and 1.6 > http://www.rsasecurity.com/rsalabs/node.asp?id=2129
Does OpenSSL Support both of them? > The "1" shows version 1.5 rules apply > ftp://ftp.rsasecurity.com/pub/pkcs/ps/pkcs-7.ps.gz > > SET of objects here should be DigestAlgorithmIdentifier > with DigestAlgorithms "include MD2 and MD5" (clause 6.3). > > For S/MIME (draft-ietf-smime-rfc2633bis-08.txt), > DigestAlgorithmIdentifier "MUST support SHA-1" (clause 2.1). > See also draft-ietf-smime-rfc3369bis-02.txt clause 10.1.1. > > For a project implementing SET, I was using SHA-1 here > http://www.unity.net/~vf/naina_r1.tgz > and that was specified in SET books. > For the message attached, SignedData start at offset 63 > and objectID in question at offset 74. > > I'd suggest to double-check exactly what specifications > the other PKI (creating PKCS7 in question) follows It's Windows. It supposedly is trying to support CMS / S/MIME. Telling me "windows is broken, go fix it" is unfortunately as helpful as telling me "the sky is blue, go fix it". :( Windows accepts either "sha1" or "sha1WithRSAEncryption" in this particular slot; It would be nice if openssl did, too, even if it's not 100% "to the spec". As Jon Postel always said, "be liberal in what you accept". -derek -- Derek Atkins 617-623-3745 [EMAIL PROTECTED] www.ihtfp.com Computer and Internet Security Consultant ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
