Hi,
I'm trying to parse a PKCS#7 file using both openssl and IAIK libraries.
The problem comes out when the Issuer DN in the SignerInfo structure of the
p7
is compared with the DN of the certificate in the pkcs7.
Openssl claims they are different while IAIK claims they are equal.
An ASN1 dump of the p7 shows that the one entry of the 2 DNs is encoded
differently
(PRINTABLESTRING vs T61STRING) but the value is the same.
If I understand correctly, in my p7 the same DN has been encoded in two
different ways ..
What is the correct behaviour?
Any hint?
Here is the asn1dump utility output
0:d=0 hl=4 l=1949 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=1934 cons: cont [ 0 ]
19:d=2 hl=4 l=1930 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 11 cons: SET
28:d=4 hl=2 l= 9 cons: SEQUENCE
30:d=5 hl=2 l= 5 prim: OBJECT :sha1
37:d=5 hl=2 l= 0 prim: NULL
39:d=3 hl=4 l= 259 cons: SEQUENCE
43:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
56:d=4 hl=3 l= 243 cons: cont [ 0 ]
59:d=5 hl=3 l= 240 prim: OCTET STRING
302:d=3 hl=4 l=1044 cons: cont [ 0 ]
306:d=4 hl=4 l=1040 cons: SEQUENCE
310:d=5 hl=4 l= 760 cons: SEQUENCE
314:d=6 hl=2 l= 3 cons: cont [ 0 ]
316:d=7 hl=2 l= 1 prim: INTEGER :02
319:d=6 hl=2 l= 4 prim: INTEGER :41064558
325:d=6 hl=2 l= 13 cons: SEQUENCE
327:d=7 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
338:d=7 hl=2 l= 0 prim: NULL
340:d=6 hl=3 l= 146 cons: SEQUENCE
343:d=7 hl=2 l= 11 cons: SET
345:d=8 hl=2 l= 9 cons: SEQUENCE
347:d=9 hl=2 l= 3 prim: OBJECT :countryName
352:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT
356:d=7 hl=2 l= 52 cons: SET
358:d=8 hl=2 l= 50 cons: SEQUENCE
360:d=9 hl=2 l= 3 prim: OBJECT :organizationName
365:d=9 hl=2 l= 43 prim: PRINTABLESTRING :Centro Nazionale
per l'Informatica nella PA
410:d=7 hl=2 l= 46 cons: SET
412:d=8 hl=2 l= 44 cons: SEQUENCE
414:d=9 hl=2 l= 3 prim: OBJECT
:organizationalUnitName
419:d=9 hl=2 l= 37 prim: PRINTABLESTRING :Servizi di
Sicurezza e Certificazione
458:d=7 hl=2 l= 29 cons: SET
460:d=8 hl=2 l= 27 cons: SEQUENCE
462:d=9 hl=2 l= 3 prim: OBJECT :commonName
467:d=9 hl=2 l= 20 prim: PRINTABLESTRING :CNIPA TimeStamper
CA
489:d=6 hl=2 l= 30 cons: SEQUENCE
491:d=7 hl=2 l= 13 prim: UTCTIME :040727120648Z
506:d=7 hl=2 l= 13 prim: UTCTIME :151207120648Z
521:d=6 hl=3 l= 151 cons: SEQUENCE
524:d=7 hl=2 l= 11 cons: SET
526:d=8 hl=2 l= 9 cons: SEQUENCE
528:d=9 hl=2 l= 3 prim: OBJECT :countryName
533:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT
537:d=7 hl=2 l= 52 cons: SET
539:d=8 hl=2 l= 50 cons: SEQUENCE
541:d=9 hl=2 l= 3 prim: OBJECT :organizationName
546:d=9 hl=2 l= 43 prim: PRINTABLESTRING :Centro Nazionale
per l'Informatica nella PA
591:d=7 hl=2 l= 46 cons: SET
593:d=8 hl=2 l= 44 cons: SEQUENCE
595:d=9 hl=2 l= 3 prim: OBJECT
:organizationalUnitName
600:d=9 hl=2 l= 37 prim: PRINTABLESTRING :Servizi di
Sicurezza e Certificazione
639:d=7 hl=2 l= 34 cons: SET
641:d=8 hl=2 l= 32 cons: SEQUENCE
643:d=9 hl=2 l= 3 prim: OBJECT :commonName
648:d=9 hl=2 l= 25 prim: PRINTABLESTRING :CNIPA TimeStamper2
200410
675:d=6 hl=3 l= 159 cons: SEQUENCE
678:d=7 hl=2 l= 13 cons: SEQUENCE
680:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
691:d=8 hl=2 l= 0 prim: NULL
693:d=7 hl=3 l= 141 prim: BIT STRING
837:d=6 hl=3 l= 234 cons: cont [ 3 ]
840:d=7 hl=3 l= 231 cons: SEQUENCE
843:d=8 hl=2 l= 14 cons: SEQUENCE
845:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
850:d=9 hl=2 l= 1 prim: BOOLEAN :255
853:d=9 hl=2 l= 4 prim: OCTET STRING
859:d=8 hl=2 l= 19 cons: SEQUENCE
861:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key
Usage
866:d=9 hl=2 l= 12 prim: OCTET STRING
880:d=8 hl=2 l= 48 cons: SEQUENCE
882:d=9 hl=2 l= 3 prim: OBJECT :X509v3 CRL
Distribution Points
887:d=9 hl=2 l= 41 prim: OCTET STRING
930:d=8 hl=2 l= 90 cons: SEQUENCE
932:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Certificate
Policies
937:d=9 hl=2 l= 83 prim: OCTET STRING
1022:d=8 hl=2 l= 31 cons: SEQUENCE
1024:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Authority
Key Identifier
1029:d=9 hl=2 l= 24 prim: OCTET STRING
1055:d=8 hl=2 l= 17 cons: SEQUENCE
1057:d=9 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key
Identifier
1062:d=9 hl=2 l= 10 prim: OCTET STRING
1074:d=5 hl=2 l= 13 cons: SEQUENCE
1076:d=6 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
1087:d=6 hl=2 l= 0 prim: NULL
1089:d=5 hl=4 l= 257 prim: BIT STRING
1350:d=3 hl=4 l= 599 cons: SET
1354:d=4 hl=4 l= 595 cons: SEQUENCE
1358:d=5 hl=2 l= 1 prim: INTEGER :03
1361:d=5 hl=3 l= 155 cons: SEQUENCE
1364:d=6 hl=3 l= 146 cons: SEQUENCE
1367:d=7 hl=2 l= 11 cons: SET
1369:d=8 hl=2 l= 9 cons: SEQUENCE
1371:d=9 hl=2 l= 3 prim: OBJECT :countryName
1376:d=9 hl=2 l= 2 prim: PRINTABLESTRING :IT
1380:d=7 hl=2 l= 52 cons: SET
1382:d=8 hl=2 l= 50 cons: SEQUENCE
1384:d=9 hl=2 l= 3 prim: OBJECT :organizationName
1389:d=9 hl=2 l= 43 prim: T61STRING :Centro Nazionale
per l'Informatica nella PA
1434:d=7 hl=2 l= 46 cons: SET
1436:d=8 hl=2 l= 44 cons: SEQUENCE
1438:d=9 hl=2 l= 3 prim: OBJECT
:organizationalUnitName
1443:d=9 hl=2 l= 37 prim: PRINTABLESTRING :Servizi di
Sicurezza e Certificazione
1482:d=7 hl=2 l= 29 cons: SET
1484:d=8 hl=2 l= 27 cons: SEQUENCE
1486:d=9 hl=2 l= 3 prim: OBJECT :commonName
1491:d=9 hl=2 l= 20 prim: PRINTABLESTRING :CNIPA TimeStamper
CA
1513:d=6 hl=2 l= 4 prim: INTEGER :41064558
1519:d=5 hl=2 l= 9 cons: SEQUENCE
1521:d=6 hl=2 l= 5 prim: OBJECT :sha1
1528:d=6 hl=2 l= 0 prim: NULL
1530:d=5 hl=4 l= 273 cons: cont [ 0 ]
1534:d=6 hl=2 l= 26 cons: SEQUENCE
1536:d=7 hl=2 l= 9 prim: OBJECT :contentType
1547:d=7 hl=2 l= 13 cons: SET
1549:d=8 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
1562:d=6 hl=2 l= 35 cons: SEQUENCE
1564:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
1575:d=7 hl=2 l= 22 cons: SET
1577:d=8 hl=2 l= 20 prim: OCTET STRING
1599:d=6 hl=3 l= 205 cons: SEQUENCE
1602:d=7 hl=2 l= 11 prim: OBJECT
:id-smime-aa-signingCertificate
1615:d=7 hl=3 l= 189 cons: SET
1618:d=8 hl=3 l= 186 cons: SEQUENCE
1621:d=9 hl=3 l= 183 cons: SEQUENCE
1624:d=10 hl=3 l= 180 cons: SEQUENCE
1627:d=11 hl=2 l= 20 prim: OCTET STRING
1649:d=11 hl=3 l= 155 cons: SEQUENCE
1652:d=12 hl=3 l= 146 cons: SEQUENCE
1655:d=13 hl=2 l= 11 cons: SET
1657:d=14 hl=2 l= 9 cons: SEQUENCE
1659:d=15 hl=2 l= 3 prim: OBJECT :countryName
1664:d=15 hl=2 l= 2 prim: PRINTABLESTRING :IT
1668:d=13 hl=2 l= 52 cons: SET
1670:d=14 hl=2 l= 50 cons: SEQUENCE
1672:d=15 hl=2 l= 3 prim: OBJECT
:organizationName
1677:d=15 hl=2 l= 43 prim: T61STRING :Centro
Nazionale per l'Informatica nella PA
1722:d=13 hl=2 l= 46 cons: SET
1724:d=14 hl=2 l= 44 cons: SEQUENCE
1726:d=15 hl=2 l= 3 prim: OBJECT
:organizationalUnitName
1731:d=15 hl=2 l= 37 prim: PRINTABLESTRING :Servizi di
Sicurezza e Certificazione
1770:d=13 hl=2 l= 29 cons: SET
1772:d=14 hl=2 l= 27 cons: SEQUENCE
1774:d=15 hl=2 l= 3 prim: OBJECT :commonName
1779:d=15 hl=2 l= 20 prim: PRINTABLESTRING :CNIPA
TimeStamper CA
1801:d=12 hl=2 l= 4 prim: INTEGER :41064558
1807:d=5 hl=2 l= 13 cons: SEQUENCE
1809:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
1820:d=6 hl=2 l= 0 prim: NULL
1822:d=5 hl=3 l= 128 prim: OCTET STRING
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Viaggi e vacanze, last minute e crociere, week end e brevi soggiorni,
clicca e scopri tutte le opportunitą per single e famiglie
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2838&d=20041006
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
