On Tue, Feb 19, 2013, Ulises S. wrote: > There is this odd behavior in which one in many signed files with PKCS#7 on > JAVA won't > pass the validation with Openssl, all Openssl signed data is correctly > verified in JAVA though. > > Currently I have not a test case but according to certain ppl that claim > that there is this "remain" in some situations in which for example JAVA > fill with random bytes according to the RSA Labs Standard Specification of > the structure and that Openssl don't do this, I'm wondering if this has > something to do with the openssl.org entry: > > "This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 > they cannot currently parse, for example, the new CMS as described in > RFC2630" > > If this is true, can someone explain with more details why openssl don't > follow the "standard" or explain the behavior so we can build a more > accurate validator? >
PKCS#7 and CMS are two similar standards but with a few subtle differences. If you want to process CMS then use the CMS routines instead. The interface is almost identical at the application level except the APIs begin CMS_ instead of PKCS7_. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org