Re: MS Crypto API

Ferdinando Ricchiuti Mon, 02 Apr 2001 01:25:01 -0700
I,
I've generated a PKCS#7 using CryptoAPI (NTSP6) using
CryptSignMessage().
This PKCS#7 is verified by PKCS7_Verify() function call.
The only problem I found is that using a detached signature the
CryptoAPI
generated signature hasn't a PKCS#1 type-1 padding and PKCS7_Verify()
will
fail.
In all my tests i never seen a little endian problem...

Dr S N Henson wrote:
> 
> Shawn Page wrote:
> >
> >
> > I'm attempting to write some code to convert the output of an MS plugin.
> > The plugin admittedly violates PKCS7 by outputting the signature in little
> > endian.
> >
> > The question is how to access the signature itself, once having read what is
> > a PKCS7 blob in every other respect, in order to change the signature to big
> > endian, before verification.
> >
> 
> There may be more than one signature...
> 
> You can get a STACK_OF(PKCS7_SIGNER_INFO) using
> PKCS7_get_signer_info(p7).
> 
> Use sk_PKCS7_SIGNER_INFO_num() to find out how many there are and
> sk_PKCS7_SIGNER_INFO_value(si, i) to get each one.
> 
> The signature is the enc_digest field of the PKCS7_SIGNER_INFO
> structure: it is an ASN1_OCTET_STRING struture.
> 
> You can get its length with: ASN1_STRING_length(os) and the actual data
> with ASN1_STRING_data(os).
> 
> If there's something like a countersignature in there you'll have to
> manually decode and reencode it.
> 
> Steve.
> --
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

--
FERDINANDO RICCHIUTI
Research & Development

CSP s.c. a r.l. 
____________________________________________
Villa Gualino
Viale Settimo Severo, 63 - 10133 Torino [IT]

e-mail           [EMAIL PROTECTED]
mob                       +39 (0)348 6023959
tel                       +39  (0)11 3165401
____________________________________________
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: MS Crypto API

Reply via email to
