---------- X-Sun-Data-Type: text X-Sun-Data-Description: text X-Sun-Data-Name: text X-Sun-Charset: us-ascii X-Sun-Content-Lines: 12
To add an PKCS7 as an attribute, one possibiliy is to use from PKCS9 version 2: pKCS7PDU ATTRIBUTE ::= { WITH SYNTAX Contentinfo ID pkcs-9-at-pkcs7PDU } which ends up in an OID pkcs-9 25 5 as far as I see. ---------- X-Sun-Data-Type: html X-Sun-Encoding-Info: 7bit X-Sun-Charset: us-ascii X-Sun-Content-Lines: 83 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Hello!<br> <br> Dr. Stephen Henson wrote:<br> <blockquote cite="[EMAIL PROTECTED]" type="cite"> <pre wrap="">On Wed, Sep 15, 2004, Antonio Ruiz Martínez wrote: </pre> <blockquote type="cite"> <pre wrap="">Hello! I've looking at the PKCS7_add_attribute function and I would like to insert a signed PKCS7 as an attribute. The header of the function is: PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,void *value); I suppose that nid should be the NID_pkcs7_signed but I don't know which values should be in atrtype (may it be V_ASN1_SEQUENCE ?) and in value (der coding of the PKCS7? or the SEQUENCE of the PKCS7, in this case, how can I get the sequence from the PKCS7?). Could you help me, please? Regards, Antonio. </pre> </blockquote> <pre wrap=""><!---->The NID is whatever OID is defined by whatever standard defines the syntax. If there isn't a standard you might want to create a private OID and document its meaning somewhere. The meaning of atrtype and value are based on the ASN1_TYPE structure. For a sequence atrtype is indeed V_ASN1_SEQUENCE and value is an ASN1_STRING structure containing the encoding of the SEQUENCE. </pre> </blockquote> Thanks for your answer, it has been very useful when I use an octect string but not when but I have got a problem when I'm using a sequence. I think I am not doing something properly because I don't get the desired result.<br> I've tried the following options:<br> <br> 1) <br> ASN1_OCTET_STRING *oct=NULL;<br> oct=ASN1_STRING_new();<br> ASN1_STRING_set(oct,p7_2,lenp7_2)<br> where p7_2 -> coding in DER of a signed PKCS#7<br> PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct);<br> i2d_PKC7 .....<br> <br> This way when I try to decode the result of the coding I get an error, It seems the structure is not correct.<br> However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is an octet string that contains a DER coded PKCS7 but I would like that the attribute was directly the PKCS7<br> <br> 2) <br> p7_2=d2i_PKCS7(NULL,&tsp,lenTSP);<br> PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2);<br> i2d_PKC7 .....<br> <br> This way I can decode the encoded PKCS7 but the PKCS7 is not inserted properly as an attribute. <br> <br> How can I solve the problem?<br> Could you help me another time, please?<br> Thanks in advance,<br> Regards,<br> Antonio.<br> <br> </body> </html> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]