Before I switched from PKCS7 to CMS, I had the ability to get the
actual signature (encrypted digest) by looking at
signer_info-enc_digest-data.
Now that is encapsulated with no way to get at it, even though I can
get the rest of the signer info using these two functions:
On Tue, May 28, 2013 at 4:38 PM, Phillip Hellewell ssh...@gmail.com wrote:
Before I switched from PKCS7 to CMS, I had the ability to get the
actual signature (encrypted digest) by looking at
signer_info-enc_digest-data.
Now that is encapsulated with no way to get at it,
Same problem goes
+ # crls == 0.
return PKCS7Type_Certs;
}
}
Thanks,
Phillip
On Thu, May 23, 2013 at 5:29 AM, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, May 22, 2013, Phillip Hellewell wrote:
I'm in the process of refactoring my code to use the new CMS API instead
On Thu, May 23, 2013 at 5:33 AM, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, May 22, 2013, Phillip Hellewell wrote:
Looking at the implementation of CMS_get0_signers(), it looks like it
creates a new stack of X509 that I will have to free.
It's midway between 1 and 0
Attached is a really old (circa 2000) file called ieexcep.cat. Windows
recognizes it as a Security Catalog Information. It is a weird file
because it is like a mix of a cert chain (.p7b) and a signature (.p7s).
The d2i_PKCS7_bio() succeeds on it, but d2i_CMS_bio() does not. This is
the only
On Thu, May 23, 2013 at 10:34 AM, Dr. Stephen Henson st...@openssl.org wrote:
This is very rarely encountered in practice. The only time I've ever come
across it is in Windows authenticode signatures.
Thanks Steve. I think I can make a good argument to my managers that
it's not worth bothering
I'm in the process of refactoring my code to use the new CMS API instead of
PKCS7.
In my code before I was able to determine the type of pkcs7, and even
distinguish between a signed data (.p7m), signature (.p7s) and cert chain
(.p7b), using this function:
PKCS7Type
Looking at the implementation of CMS_get0_signers(), it looks like it
creates a new stack of X509 that I will have to free.
Isn't the convention to use a 1 if the return values needs to be freed,
and 0 if not? So shouldn't this function be named CMS_get1_signers()?
(Note that CMS_get1_crls() is
On Tue, May 21, 2013 at 5:33 AM, Dr. Stephen Henson st...@openssl.org wrote:
Just tried it myself with Visual Studio 2012, nasm version 2.10.07 and it
compiles with no problems for me. I also tried it without nasm (i.e. ml64) and
that worked OK too.
Ok, this is very helpful to know that it is
On Tue, May 21, 2013 at 9:08 AM, Phillip Hellewell ssh...@gmail.com wrote:
But when executed from my build script (a batch file), it runs into
problems.
Here is a copy of my build script. Can anyone spot a problem with it?
@echo off
if %1== goto buildall
setlocal
cd /d %~dp0..
@call target
I forgot to mention, I am using perl.exe version 5.16.3 and nasm.exe
version 2.10.07.
Phillip
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Good news, I found the bug! I got thinking, why is x86_64-gf2m the
only one giving me a problem? So I compared x86_64-gf2m.pl to the
others and found that it has this line:
open STDOUT,| \$^X\ $xlate $flavour $output;
whereas the others have this:
open OUT,| \$^X\ $xlate $flavour
On Tue, May 21, 2013 at 11:00 AM, Viktor Dukhovni
openssl-us...@dukhovni.org wrote:
If so, this is a Windows Perl bug IMHO. The parent should wait
for the child to exit with close(STDOUT) in either scenario.
Any special treatment of STDOUT should be reset after
open STDOUT,|cmd;
in
On Thu, May 16, 2013 at 5:27 PM, Phillip Hellewell ssh...@gmail.com wrote:
But do I have to sacrifice performance to be able to upgrade to 1.0.1?
Anyone? Can I be the only one in the whole world who wants to build
openssl on Windows 64-bit with optimized assembly routines?
Should I try
On Mon, May 20, 2013 at 1:12 PM, Phillip Hellewell ssh...@gmail.com wrote:
Should I try to patch it myself?
FYI, the linker error is occurring because nasm is failing with a ton
of errors on x86_64-g2m.asm, I think maybe because it is creating the
wrong type of asm.
So I tried masm instead
I'm trying to upgrade from 0.9.8y to 1.0.1e, but I'm getting this linker error.
link /nologo /subsystem:console /opt:ref /debug /dll
/out:out32dll\libeay32.dll /def:ms/LIBEAY32.def
@C:\Users\PHELLE~1\AppData\Local\Temp\nm6C7E.tmp
Creating library out32dll\libeay32.lib and object
On Sat, Jul 10, 2010 at 12:13 PM, Jeffrey Walton noloa...@gmail.com wrote:
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric
key
with the RSA (public) key.
AES-256 requires a RSA modulus with an
The general approach is to encrypt data using a symmetric cipher (e.g.,
AES-256) with a randomly-generated key, and then encrypt that symmetric key
with the RSA (public) key.
And for the symmetric encryption you'll also have to make a decision about
what mode to use (ECB, CBC, CTR, etc).
On Thu, May 27, 2010 at 2:20 PM, Chuck Pareto chuckda...@gmail.com wrote:
Hi,
I'm still unsure as to the max length string I can use to encrypt. I'm using
the rsacrypto class in .net to encrypt.
I know I can't pass in a string that's 256 bytes long or greater because
there us an exception
Is there any way to tell what type of data is contained inside a PKCS7
signedData smime.p7m file?
I have several emails all with an smime.p7m attachment, but the data
inside the smime.p7m is different:
1. plaintext
2. a MIME email
3. binary data like a word document
When getting the data out of
On Tue, Apr 27, 2010 at 5:29 PM, Luis Neves luisne...@hotmail.com wrote:
As I think they are in DER format so I use
openssl x509 -inform DER -in xx.cer -noout -text
I was able to get it to output the characters correctly by adding
-nameopt multiline,utf8,-esc_msb to the command-line.
It
On Wed, Apr 28, 2010 at 12:39 AM, Phillip Hellewell ssh...@gmail.com wrote:
On Tue, Apr 27, 2010 at 5:29 PM, Luis Neves luisne...@hotmail.com wrote:
As I think they are in DER format so I use
openssl x509 -inform DER -in xx.cer -noout -text
I was able to get it to output the characters
On Wed, Apr 28, 2010 at 6:45 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Apr 28, 2010, Phillip Hellewell wrote:
It makes me wonder though why isn't UTF-8 the default output on a
Linux system with LANG set to en_US.UTF-8?
Backwards compatibility reasons mainly. We have to be very
version of OpenSSL doesn't seem to have any CMS functions (perhaps too
old), but my needs are pretty basic so I think I'll be ok without them.
Phillip
On Thu, Apr 15, 2010 at 4:14 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Thu, Apr 15, 2010, Phillip Hellewell wrote:
Apparently PKCS7_decrypt
Apparently PKCS7_decrypt() only works on enveloped data. How can I decrypt
a PKCS7 of type signedAndEnveloped or encrypted?
Thanks,
Phillip
25 matches
Mail list logo