Hi Stephen. Thank you for your answer, and excuse me if my questions can look stupid to you, but your answer made me a little bit confused (probably that's 'cause I'm a newbie with openssl...).
Following your directions, I've been able to parse the first counter signature of every signature. My confusion is about this : >You need to iterate over the attributes and each attribute to find all countersignatures. How can I iterate since PKCS7_get_attribute(m_pSignerInfo, NID_pkcs9_countersignature); returns just one object? And I still can't find anywhere how I can loop through the elements of a sequence... I've looked very much in the mailing list archive and in the FAQ, but I couldn't find any good answer... Thank you for your help and your time. Regards, Massimiliano Ziccardi On Mon, May 19, 2008 at 1:30 PM, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Mon, May 19, 2008, Massimiliano Ziccardi wrote: > > > Hi Stephen. > > Thank you very much! > > > > This is my code (just a snippet): > > > > STACK_OF(X509_ATTRIBUTE)* unauth_attr = pSignerInfo->unauth_attr; > > ASN1_TYPE *res = PKCS7_get_attribute(m_pSignerInfo, > > NID_pkcs9_countersignature); > > > > Now, res should point to a SEQUENCE of COUNTER SIGNATUREs. > > > > No it contains the encoding of a single counter signature. The specs state > that you can have either one ore more counter signature attributes or more > than one countersignature per attribute. > > You need to iterate over the attributes and each attribute to find all > countersignatures. That is a bit messy and there should really be a > function > to do this. > > > You told: > > > > >You need to extract the ASN1_STRING structure form ASN1_TYPE and then > its > > data > > >and length > > > > you mean: > > > > res->value.sequence->data > > res->value.sequence->length > > > > ? > > > > You should avoid accessing structures directly where possible but there > isn't > anything here which can extract the data. > > So you need something like... > > ASN1_STRING *csig = res->value.sequence; > > Then get the length with ASN1_STRING_length() and its data with > ASN1_STRING_data(). Then pass those through d2i_PKCS7_SIGNER_INFO() see FAQ > and docs for details and pitfalls. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >