Hello! I'm trying to add a new signer to a PKCS#7 that I receive from another person. In first term, I'm decoding the PKCS#7 and then I'm trying to using my private key and my cert to sign the content of this PKCS#7 and insert my signature in this PKCS#7 in order to get the PKCS#7 with the two signatures. The problem is that, when I'm verifying the PKCS#7 obtained, with this code, the first signature is invalid and the second one is valid (the first signature's signer).
I have parsed the result and I think the problem is the length of the signature is 0. Do you have any idea? Could you help me, please? Regards, Antonio. PKCS7 *p7_Co=B64_read_PKCS7(in); if (p7_Co==NULL) { printf("Error\n"); } BIO_free(in); PKCS7_SIGNER_INFO *si=PKCS7_add_signature(p7_Co,certCo,privKeyCo,EVP_md5()); PKCS7_add_certificate(p7_Co,certCo); if ((p7bio=PKCS7_dataInit(p7_Co,NULL))==NULL) { return -1; } BIO_write(p7bio,ASN1_STRING_data(p7_Co->d.data),ASN1_STRING_length(p7_Co->d.data)); BIO_flush(p7bio); if (!PKCS7_dataFinal(p7_Co,p7bio)) { return -2; } BIO_free(p7bio); int lenDerP7Co=i2d_PKCS7(p7_Co,NULL); unsigned char *derSignedP7Co=(unsigned char *)malloc((lenDerP7Co)*sizeof(unsigned char)); if ((derSignedP7Co)==NULL) { return -3; } unsigned char *tmpderP7Co=derSignedP7Co; lenDerP7Co=i2d_PKCS7(p7_Co,&tmpderP7Co); ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]