>
>
> I was playing around with the CMS interface and I was wondering what is
> the right way to generate a signed and encrypted CMS.
>
take a look at this thread
https://marc.info/?l=openssl-users&m=141606382825289
>
>
> padding = 3 means "no padding" indicating that the data for signature is
> already padded. That's why the data size (flen) is 256 (hashed data padded to
> the rsa key size of 2048 bits, I guess). If you are using OpenSSL 1.1.1, this
> could be due to PSS padding in which case current implement
Hello Shiyao,
the signing time attribute has always been considered mandatory or in
any case useful and only with CAdES optional and even with PAdES not
allowed.
A request similar to yours has already been received (see
https://mta.openssl.org/pipermail/openssl-users/2017-February/005240.html)
I a
OK thanks,
initial implementation of STORE into my pkcs11 engine (1) is ready.
I am able to do this openssl storeutl -engine pkcs11
'pkcs11:objecttype=cert;object=test'
and this is result:
engine "pkcs11" set.
0: Certificate
-BEGIN CERTIFICATE-
MIIC/DCCAeSgAwIBAgIUDrAyYf/dMsavGGEuYMLqJxFrH
functionality
> required to hook with the OSSL_STORE functionality for storeutil to be
> useful.
>
> Cheers,
> Richard
>
> On Wed, 06 Mar 2019 09:47:01 +0100,
> Antonio Iacono wrote:
> >
> > There are some good tools for pkcs11, like pkcs11-tool of the OpenSC
&g
eric command to do exactly this sort of thing,
> 'openssl storeutil', available since OpenSSL 1.1.1.
>
> The pkcs11 backend / engine needs to implement the functionality
> required to hook with the OSSL_STORE functionality for storeutil to be
> useful.
>
> Cheers,
&g
There are some good tools for pkcs11, like pkcs11-tool of the OpenSC
project, but often only need the list of key ids to perform signature
operations with the engine.
I would propose a new pkcs11 command which, for now, only makes the
list of ids and labels of keys present in a token.
I have alre
> Does anybody know how to use the smartcard to encrypt and decrypt files?
Hi Boyd,
there are many ways to encrypt/decrypto with smartcard but since you
wrote to the list of OpenSSL I answer you how to do with OpenSSL.
In the meantime you need two other software, in addition to openssl,
the engin
Il giorno mar 8 gen 2019 alle ore 19:32 Jin Xie ha
scritto:
> Thank you! I would have a try.
>
>
Look here: https://github.com/MicrochipTech/cryptoauth-openssl-engine
Antonio
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
the crash with your debug version, please post a
> backtrace of the call stack when it’s stopped
>
> at the segmentation fault.
>
>
>
> HTH,
>
> Matthias
>
>
>
> *Von:* openssl-users *Im Auftrag von
> *Antonio
> Iacono
> *Gesendet:* Sonntag, 6. Januar
INE, e, &e->ex_data);
if I comment these lines openssl does not crash
I do not know engine well and I do not know what these two lines do, if
anyone has any suggestions I can do some tests
Thanks,
Antonio Iacono
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/lis
Hi everyone,
the patch discussed in this pull request
https://github.com/openssl/openssl/pull/7893 adds support for adding ESS
signing-certificate[-v2] attributes
to CMS signedData.
Although it implements only a small part of the RFC 5126 - CMS Advanced
Electronic Signatures (CAdES), it is suffici
Hi,
I think I have solved. Maybe you can write better and in fewer lines anyway
this attached code works.
Antonio
2017-12-20 11:07 GMT+01:00 Antonio Iacono :
>
> Hi,
> assuming I have the following:
> - data.txt
> - data.p7s (the detached signature)
>
> Can I generate the
Hi,
assuming I have the following:
- data.txt
- data.p7s (the detached signature)
Can I generate the bundled (p7m) signed file ?
I tried:
content = BIO_new_file("data.txt", "rb");
signature = BIO_new_file("data.p7s", "rb");
p7 = d2i_PKCS7_bio(signature, NULL);
PKCS7_set_detached(p7, 0);
bundled
14 matches
Mail list logo