Hi, I modified the code as you mentioned, I am just trying to verify if signing the certificate using private key works.
I signed the certificate using private key. But I still get the same error from CMS_verify. It complains about "signer certificate not found". Is this the right way to create the self-signed dummy certificate? It seems to behave exactly the same way as before. Please find the modified code below (just added a block of code for signing the cert). Also I printed the certificate for reference. -Ujwal Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: dsaWithSHA1 Issuer: Validity Not Before: Feb 3 20:02:06 2010 GMT Not After : Feb 3 20:02:06 2011 GMT Subject: Subject Public Key Info: Public Key Algorithm: dsaEncryption DSA Public Key: pub: 63:c5:5b:b8:c2:e0:75:94:c1:5e:8c:bb:49:a5:67: ef:38:c7:2c:0b:02:3f:2c:6c:ec:ae:9d:c3:10:51: f7:6e:33:eb:8e:1b:9c:6c:2f:ae:48:f5:bb:4d:26: ae:5a:16:dd:c8:26:78:96:28:e8:37:21:86:dc:a4: a9:2c:96:46:57:a9:05:ef:61:c6:42:04:8c:1b:a9: fe:7e:f1:70:e2:74:c7:dd:c9:0f:80:0f:30:83:12: 93:47:5a:4e:b9:9e:8f:4c:da:2c:ee:3a:a7:3a:9e: 95:38:11:77:f7:44:64:c5:5c:09:26:03:26:2f:fd: 43:5d:0d:5e:e4:60:31:08 P: 00:f5:fc:96:4d:f4:79:a2:f5:47:92:32:15:7f:23: a2:63:a1:c5:c8:42:8b:93:a0:70:e0:5b:5a:3a:79: 43:3f:f5:b5:03:85:25:96:a2:77:e6:88:a0:ab:8a: 64:23:44:8b:40:a5:64:57:22:87:dd:e0:0b:f8:24: 0c:3a:43:24:15:57:69:72:39:3a:f6:ce:3f:15:39: 41:1d:d3:18:ea:78:43:64:c5:7d:a0:27:25:33:8e: 80:17:40:73:43:ef:03:2b:da:18:75:ee:8b:09:cb: 10:2d:21:da:d9:51:54:1d:4f:00:10:29:b6:e2:ff: 38:ad:03:50:bc:46:da:c4:c5 Q: 00:ef:66:e9:29:73:09:fd:16:17:5c:50:06:91:20: 25:f9:cb:58:9f:97 G: 4f:e9:fb:0a:80:c7:95:db:79:90:fe:be:f0:24:99: b5:e8:62:b0:ba:95:47:a2:22:36:84:17:df:5f:8c: 2d:61:c9:dc:45:db:01:63:40:ec:cf:05:55:c4:44: 67:5a:98:d4:98:ee:3c:0b:f3:63:ad:76:bc:b1:6a: b1:cf:41:b9:ec:3a:10:c3:52:20:7f:46:5b:92:59: 8a:0e:8b:53:65:77:7a:91:f2:96:01:21:bd:bb:89: ec:47:71:8f:9d:29:05:3f:9b:c2:11:51:d8:3c:62: af:dd:27:80:ab:e1:1c:9f:0b:58:09:98:89:2e:99: 8f:6a:25:17:75:67:12:18 Signature Algorithm: dsaWithSHA1 30:2d:02:15:00:9a:3f:3d:53:7d:3f:d7:88:54:ed:fd:a0:af: 66:b7:af:ae:f4:91:36:02:14:47:83:20:7b:25:21:ef:66:73: 30:8d:b8:c8:04:48:49:40:ef:b2:c5 //COPY the DSA params and public keys from const char arrays into DSA structure DSA *dsaParams= DSA_new(); dsaParams->g = BN_new(); dsaParams->p = BN_new(); dsaParams->q = BN_new(); dsaParams->pub_key = BN_new(); BN_bin2bn((const unsigned char *)uLicenseCheckG, sizeof(uLicenseCheckG), dsaParams->g); BN_bin2bn((const unsigned char *)uLicenseCheckP, sizeof(uLicenseCheckP), dsaParams->p); BN_bin2bn((const unsigned char *)uLicenseCheckQ, sizeof(uLicenseCheckQ), dsaParams->q); BN_bin2bn((const unsigned char *)uLicenseCheckY, sizeof(uLicenseCheckY), dsaParams->pub_key); //Create a EVP_PKEY to use in creating a certificate EVP_PKEY *evpTemp = EVP_PKEY_new(); EVP_PKEY_assign_DSA(evpTemp, dsaParams); //Create a CMS content info structure out of the license key CMS_ContentInfo *cms = NULL; BIO *bioBuff = BIO_new_mem_buf((char *)nBytes, nCountOfBytes); BIO_set_mem_eof_return(bioBuff,0); cms = d2i_CMS_bio(bioBuff, NULL);// i believe this finds the end of ASN1 data STACK_OF(CMS_SignerInfo) *sinfos; CMS_SignerInfo *si; sinfos = CMS_get0_SignerInfos(cms); si = sk_CMS_SignerInfo_value(sinfos, 0); ASN1_OCTET_STRING* keyid; X509_NAME* issuer; ASN1_INTEGER* sno; int rc = CMS_SignerInfo_get0_signer_id(si, &keyid, &issuer, &sno); //USE THIS KEYID TO SET THE x509Cert->skid VALUE printf ("si: %d %p %p %p\n", rc, keyid, issuer, sno); //create a x509 cert with above DSA params and public key and skid X509 *x509Cert = X509_new(); X509_set_version(x509Cert, 2); ASN1_INTEGER_set(X509_get_serialNumber(x509Cert), 0); x509Cert->skid = ASN1_OCTET_STRING_dup(keyid); X509_gmtime_adj(X509_get_notBefore(x509Cert),0); X509_gmtime_adj(X509_get_notAfter(x509Cert), (long) 60*60*24*365); int error = X509_set_pubkey(x509Cert, evpTemp); if (error) { printf("set public key error: %s", ERR_error_string(ERR_get_error(), NULL)); } // BEGIN - SIGNING THE CERTIFICATE WITH THE PRIVATE KEY, uLicenseCheckX is a const char array which holds private key DSA *privKey = DSA_new(); privKey->g = BN_new(); privKey->p = BN_new(); privKey->q = BN_new(); //privKey->pub_key = BN_new(); privKey->priv_key = BN_new(); /* tried both*/ BN_bin2bn((const unsigned char *)uLicenseCheckG, sizeof(uLicenseCheckG), privKey->g); BN_bin2bn((const unsigned char *)uLicenseCheckP, sizeof(uLicenseCheckP), privKey->p); BN_bin2bn((const unsigned char *)uLicenseCheckQ, sizeof(uLicenseCheckQ), privKey->q); //BN_bin2bn((const unsigned char *)uLicenseCheckY, sizeof(uLicenseCheckY), privKey->pub_key); BN_bin2bn((const unsigned char *)uLicenseCheckX, sizeof(uLicenseCheckX), privKey->priv_key); EVP_PKEY *evpPriKEY = EVP_PKEY_new(); EVP_PKEY_assign_DSA(evpPriKEY, privKey); X509_sign(x509Cert, evpPriKEY, EVP_dss1()); // END - SIGNING THE CERTIFICATE WITH THE PRIVATE KEY X509_print_fp(stdout, x509Cert); //create a stack of x509 cert to use it in CMS_verify STACK_OF(X509) *st=sk_X509_new_null(); sk_X509_push(st, x509Cert); //x509Cert->skid IS VALID HERE printf ("skid: %p\n", x509Cert->skid); //It fails here with "signer certificate not found" error //Also tried using the CMS_NO_CONTENT_VERIFY int cmsVerify = CMS_verify(cms, st, NULL, NULL, NULL, CMS_NOINTERN|CMS_NO_SIGNER_CERT_VERIFY); errortemp = ERR_get_error(); ERR_error_string(errortemp, errorbuff); printf("countofbytes = %d, error num = %d, and error = %s\n",nCountOfBytes,errortemp, errorbuff); //x509Cert->skid IS NOT VALID HERE printf ("skid: %p\n", x509Cert->skid);