----------
X-Sun-Data-Type: text
X-Sun-Data-Description: text
X-Sun-Data-Name: text
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 12
To add an PKCS7 as an attribute, one possibiliy is to use from PKCS9 version 2:
pKCS7PDU ATTRIBUTE ::= {
WITH SYNTAX Contentinfo
ID pkcs-9-at-pkcs7PDU
}
which ends up in an OID pkcs-9 25 5 as far as I see.
----------
X-Sun-Data-Type: html
X-Sun-Encoding-Info: 7bit
X-Sun-Charset: us-ascii
X-Sun-Content-Lines: 83
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hello!<br>
<br>
Dr. Stephen Henson wrote:<br>
<blockquote cite="[EMAIL PROTECTED]" type="cite">
<pre wrap="">On Wed, Sep 15, 2004, Antonio Ruiz Martínez wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello!
I've looking at the PKCS7_add_attribute function and I would like to
insert a signed PKCS7 as an attribute.
The header of the function is:
PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,void
*value);
I suppose that nid should be the NID_pkcs7_signed but I don't know which
values should be in atrtype (may it be V_ASN1_SEQUENCE ?) and in value
(der coding of the PKCS7? or the SEQUENCE of the PKCS7, in this case,
how can I get the sequence from the PKCS7?).
Could you help me, please?
Regards,
Antonio.
</pre>
</blockquote>
<pre wrap=""><!---->The NID is whatever OID is defined by whatever standard defines the syntax.
If there isn't a standard you might want to create a private OID and document
its meaning somewhere.
The meaning of atrtype and value are based on the ASN1_TYPE structure. For a
sequence atrtype is indeed V_ASN1_SEQUENCE and value is an ASN1_STRING
structure containing the encoding of the SEQUENCE.
</pre>
</blockquote>
Thanks for your answer, it has been very useful when I use an octect
string but not when but I have got a problem when I'm using a sequence.
I think I am not doing something properly because I don't get the
desired result.<br>
I've tried the following options:<br>
<br>
1) <br>
ASN1_OCTET_STRING *oct=NULL;<br>
oct=ASN1_STRING_new();<br>
ASN1_STRING_set(oct,p7_2,lenp7_2)<br>
where p7_2 -> coding in DER of a signed PKCS#7<br>
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct);<br>
i2d_PKC7 .....<br>
<br>
This way when I try to decode the result of the coding I get an error,
It seems the structure is not correct.<br>
However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed,
V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which
is an octet string that contains a DER coded PKCS7 but I would like
that the attribute was directly the PKCS7<br>
<br>
2) <br>
p7_2=d2i_PKCS7(NULL,&tsp,lenTSP);<br>
PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2);<br>
i2d_PKC7 .....<br>
<br>
This way I can decode the encoded PKCS7 but the PKCS7 is not inserted
properly as an attribute. <br>
<br>
How can I solve the problem?<br>
Could you help me another time, please?<br>
Thanks in advance,<br>
Regards,<br>
Antonio.<br>
<br>
</body>
</html>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
