RE: Newbie question X509 certificate stores SOLVED
There seems to be a problem with whatever has been used to save the data. It is prepending the byte 0, 1 to the start of the structure. If you skip these OpenSSL has no problems parsing the PKCS#7 data. Worked a treat. I downloaded an older version of the PKZIP application note, and everything became clear. The mysterious two bytes at the beginning are the version number (I assume of the version of M$ CryptoAPI used to create the store). I very vaguely remember something about it now, but I am using a newer version of PKZIPs Appnote, which for some reason omits this info. Kicking myself now. Thank you for all your help. Regards, Chris smime.p7s Description: S/MIME cryptographic signature
RE: Newbie question X509 certificate stores
What do you mean fails to open the store? What does the data look like that you are feeding into d2i_PKCS7()? Doies it have lines with -BEGIN in it? I cannot find this anywhere in the data. If the data is available as a file try: openssl pkcs7 -in file -inform DER openssl pkcs7 -in file and if both of those fail: openssl asn1parse -inform DER -in file I have saved the data blob to a file (which I have attached to the posting). All of the above commands fail with the same errors as d2i_PKCS7(). The asn1parse command complains about a bad Boolean. I am stumped here. Chris cert_store_data Description: Binary data
RE: Newbie question X509 certificate stores
-Original Message- From: [EMAIL PROTECTED] [mailto:owner-openssl- [EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: 13 August 2005 17:44 To: openssl-users@openssl.org Subject: Re: Newbie question X509 certificate stores On Sat, Aug 13, 2005, Chris Morrison wrote: Michael wrote: Hi Chris, What type of keystores are you talking about here? (pkcs#12?) It's a PKCS#7 store, I am trying to read the certificate store from a digitally signed ZIP file. I have done it with no probs in VC++ using Microsoft's CryptoAPI, you just read the data into a buffer, which you use to create a CRYPT_DATA_BLOB object that can be passed to the CertOpenStore() function. I cannot see how to do this in openSSL, assuming that it can be done. Ah now that's a different thing entirely. CryptoAPI for its own reasons decides to allow parsing of certificates only PKCS#7 data using its certficate store functions. OpenSSL instead allows PKCS#7 data to be converted to an internal structure called PKCS7 which contains the details of the parsed data. If the relevant data is in memory d2i_PKCS7() will create the structure. From then on you can follow the code which is called with the print_certs function in apps/pkcs7.c. I've finally found time to get back to this project. Thanks for the pointers Steve. However, I've tried using the above call d2i_PKCS7(), but it fails to open the store with the errors below. 4777:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946: 4777:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:304:Type=PKCS7 What are these supposed to mean? When is there going to be some documentation for the API of OpenSSL? Chris smime.p7s Description: S/MIME cryptographic signature
Re: Newbie question X509 certificate stores
So many replies. I don't know where to start. Chris Morrison wrote: Hi all, I have recently moved over to Linux, having rid my computer of the M $.Windows virus. I am porting a program that I wrote over to Linux and I am looking for a library to provide X509 digital certificate functions. Micro$oft provide a function in their CryptoAPI called CertOpenStore() which allows you to open a digital certificate store from a file or memory. Is there such a function under OpenSSL? It look like a great library but the lack of documentation on the API (that I can find) is a major drag. Regards, Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Newbie question X509 certificate stores
Michael wrote: Hi Chris, What type of keystores are you talking about here? (pkcs#12?) It's a PKCS#7 store, I am trying to read the certificate store from a digitally signed ZIP file. I have done it with no probs in VC++ using Microsoft's CryptoAPI, you just read the data into a buffer, which you use to create a CRYPT_DATA_BLOB object that can be passed to the CertOpenStore() function. I cannot see how to do this in openSSL, assuming that it can be done. Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Newbie question X509 certificate stores
Hi all, I have recently moved over to Linux, having rid my computer of the M $.Windows virus. I am porting a program that I wrote over to Linux and I am looking for a library to provide X509 digital certificate functions. Micro$oft provide a function in their CryptoAPI called CertOpenStore() which allows you to open a digital certificate store from a file or memory. Is there such a function under OpenSSL? It look like a great library but the lack of documentation on the API (that I can find) is a major drag. Regards, Chris __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]