I,
I've generated a PKCS#7 using CryptoAPI (NTSP6) using
CryptSignMessage().
This PKCS#7 is verified by PKCS7_Verify() function call.
The only problem I found is that using a detached signature the
CryptoAPI
generated signature hasn't a PKCS#1 type-1 padding and PKCS7_Verify()
will
fail.
In all my tests i never seen a little endian problem...
Dr S N Henson wrote:
>
> Shawn Page wrote:
> >
> >
> > I'm attempting to write some code to convert the output of an MS plugin.
> > The plugin admittedly violates PKCS7 by outputting the signature in little
> > endian.
> >
> > The question is how to access the signature itself, once having read what is
> > a PKCS7 blob in every other respect, in order to change the signature to big
> > endian, before verification.
> >
>
> There may be more than one signature...
>
> You can get a STACK_OF(PKCS7_SIGNER_INFO) using
> PKCS7_get_signer_info(p7).
>
> Use sk_PKCS7_SIGNER_INFO_num() to find out how many there are and
> sk_PKCS7_SIGNER_INFO_value(si, i) to get each one.
>
> The signature is the enc_digest field of the PKCS7_SIGNER_INFO
> structure: it is an ASN1_OCTET_STRING struture.
>
> You can get its length with: ASN1_STRING_length(os) and the actual data
> with ASN1_STRING_data(os).
>
> If there's something like a countersignature in there you'll have to
> manually decode and reencode it.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
--
FERDINANDO RICCHIUTI
Research & Development
CSP s.c. a r.l.
____________________________________________
Villa Gualino
Viale Settimo Severo, 63 - 10133 Torino [IT]
e-mail [EMAIL PROTECTED]
mob +39 (0)348 6023959
tel +39 (0)11 3165401
____________________________________________
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]