On Tue, Jan 26, 2010, Ujwal Chinthala wrote: > Hi, > > Thanks for all the help. I modified the code based on your comments. > > Basically, I am trying to verify a CMS data signed by a C# program. So I have > the base 64 decoded CSM data stored as nBytes a BYTE array. > > I have to verify the data(nBytes) using the DSA params and public key which > is hard coded in the code as const char arrays(uLicenseCheckG, > uLicenseCheckP, uLicenseCheckQ and uLicenseCheckY). > > I tried to verify even using the CMS_NO_CONTENT_VERIFY flag. CMS_verify() > fails with error "signer certificate not found". > > I digged in to the code and found that CMS_Verify() tries to copy the > st(stack of x509 certs) to cms and fails? I am copying the skid value from the > cms and creating the x509Cert using that so they match. I have notices that > the x509Cert->skid is becoming NULL after the call to CMS_verify(). > Is there anything wrong with the above x509 cert created above with the > public key and DSA params and skid. Am I missing something? > What else do I need to verify correctly? >
It looks like you're trying to verify the CMS structure with a public key only and no actual certificate. I'd have to check but I'm not totally sure you can do that at present with the OpenSSL CMS implementation. Do you have access to the private key? Is so creating a dummy self-signed certificate containing that key and the SKID extension (which would hopefully match the one you have in the CMS message) would solve this problem then instead of hard coding the public key in your program you could hard code the certificate. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
