On 05/02/2015 14:30, Srinivas Rao wrote:
Hi All,
Is there a way to use openssl to sign data using a private key (on USB
token) and produce PKCS7 output on win32, if:
a) the data to be signed message is not touched yet and goes as input
to the solution to the answer to this problem, OR
b) signature is already generated, i.e message is hashed and signed
and only needs to be encoded in PKCS7,
If yes, for which of the above case and how (please give some pointers
on how to go about it).
Thanks
Srinivas
Are you trying to get us to help with a school assignment?
This looks a lot like how a teacher would ask a question to
his students to find out how much they have understood
themselves.
That said, the main pointers I can give you are these:
Verylittlein OpenSSL differs between Win32 and other
systems. Howeverthere is one part in the question that
will usually be slightly different onWin32.If you
understand the question and OpenSSL general features, you
should be able to recognize which part that is.
One of the alternatives is going to be more difficult than
the other because it is a less common task, but it may still
be doable with some ingenuity.
The task (either one if both are doable) can be performed
using almost no APIs and interfaces other than those
provided by OpenSSL and ANSI C. If you are tempted to use
other tools, look closer at the OpenSSL feature lists and
available options.
In your code below you forgot to use two of the items your
teacher gave you, which is probably the problem.
On 1/30/15, Srinivas Rao <srir...@gmail.com> wrote:
All,
Please let me know if my below mentioned usage of PKCS7_sign()+adding
signer info is wrong and how.
Really appreciate your response.
cheers and regards
Srinivas
On 1/29/15, Srinivas Rao <srir...@gmail.com> wrote:
OpenSSL experts,
Here the intention is to get the signed data (raw signature obtained
by PKCS11 APIs like C_Sign) to be packed in PKCS7 format (attached -
with certificate, content and signer info) using openssl.
I am using USB token (smart card) for signing.
Here's the code snippet.
PKCS7* p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_signed);
//PKCS7_SIGNER_INFO* pSI = PKCS7_SIGNER_INFO_new();
//PKCS7_SIGNER_INFO_set(pSI, pX509, pX509->cert_info->key->pkey,
EVP_sha256());
//PKCS7_add_signer(p7, pSI);
PKCS7_SIGNER_INFO* pSI = PKCS7_add_signature(p7, pX509,
pX509->cert_info->key->pkey, EVP_sha256()); // <== core dumps here
:
:
where pX509 is correctly obtained X509* node using d2i_X509() from the
value obtained from PKCS11 funcstions like C_GetAttributeValue() etc.
I believe the set of the commented lines is the alternate way for this
add signature function - that also dumps core at
PKCS7_SIGNER_INFO_set() function.
I have no clue as to what am I doing wrong here.
Appreciate your help.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
