On Wed, Sep 15, 2004, Antonio Ruiz Martínez wrote: > > Thanks for your answer, it has been very useful when I use an octect > string but not when but I have got a problem when I'm using a sequence. > I think I am not doing something properly because I don't get the > desired result. > I've tried the following options: > > 1) > ASN1_OCTET_STRING *oct=NULL; > oct=ASN1_STRING_new(); > ASN1_STRING_set(oct,p7_2,lenp7_2) > where p7_2 -> coding in DER of a signed PKCS#7 > PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)oct); > i2d_PKC7 ..... > > This way when I try to decode the result of the coding I get an error, > It seems the structure is not correct. > However, if I try with PKCS7_add_attribute(si, NID_pkcs7_signed, > V_ASN1_OCTET_STRING,(void *)oct) it works but I've an attribute which is > an octet string that contains a DER coded PKCS7 but I would like that > the attribute was directly the PKCS7 > > 2) > p7_2=d2i_PKCS7(NULL,&tsp,lenTSP); > PKCS7_add_attribute(si, NID_pkcs7_signed, V_ASN1_SEQUENCE,(void *)p7_2); > i2d_PKC7 ..... > > This way I can decode the encoded PKCS7 but the PKCS7 is not inserted > properly as an attribute. > > How can I solve the problem? > Could you help me another time, please? >
What errors are you getting and what makes you think it isn't inserted properly as an attribute? How are you trying to decode it. The technique I described is precisely that used to encode and decode the S/MIME capabilities attribute. See crypto/pkcs7/pk7_attr.c which I also wrote BTW :-) And I notice that the decoding in there isn't quite right: it should check the type is really V_ASN1_SEQUENCE and reject if it isn't. I'll have to fix that... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]