On Mon, Feb 01, 2010, Ujwal Chinthala wrote: > Hmm, that could be a problem. > > This code is going to run on a box which is shipped to the customer. > So I don't believe we want to ship these boxes with private keys in them :). >
I didn't mean that. I mean that if you create a certificate containing the public key using the private key then you should have no problems. You just ship the certificate to the customer. > > Does Openssl have any API which can extract the PKCS7 data from the CMS > structure, which > in turn can be used with PKCS7 API's? The feature you've used with CMS (signing using a key identifier) is a CMS only feature and not compatible with PKCS#7. That's why you got the error in the first place. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
