Hello, I have the raw signature data of a elliptic curve DSA operation from a smart card. In addition I will have a certificate for the public key of the elliptic curve algorithm. I want to store the results as a p7s file. How can this be done?
I haven't found any documentation, only the in the pkcs7/sign.c file I found something maybe interesting: p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); What's this? Is this content necessary? si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1()); if (si == NULL) goto err; /* If you do this then you get signing time automatically added */ What does this mean? PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); /* we may want to add more */ PKCS7_add_certificate(p7,x509); /* Set the content of the signed to 'data' */ PKCS7_content_new(p7,NID_pkcs7_data); if (!nodetach) PKCS7_set_detached(p7,1); Now the what is read in? The raw signature data? if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i <= 0) break; BIO_write(p7bio,buf,i); } if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); Apart from this: Must the data to be signed in DER to be valid with PKCS#7? Thanks, Karsten ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]