I took the sign.c example and modified it slightly to use artifacts I have, but it seems the result just produces a PKCS7 that has a signature? I want to have the data (PDF or JPG) in there as I need to use it after validating that it is trusted.
Basically I have a piece of data and a signature and want to envelope it in something for best practices. Otherwise I simply send the data and the signature and validate trust and use the data. I have to get the data out of the PKCS7 and use it just having a signature is not very useful for m. Is there something I am missing? The code I modified is shown below which is basically sign.c, get my private key and a x509 sign the data but hey I need the data int there too to extract later. //cc -o sign -Wno-deprecated-declarations sign.c -lcrypto #include <stdio.h> #include <string.h> #include <openssl/bio.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/err.h> int main(argc,argv) int argc; char *argv[]; { X509 *x509; EVP_PKEY *pkey; PKCS7 *p7; PKCS7_SIGNER_INFO *si; BIO *in; BIO *data,*p7bio; char buf[1024*4]; int i; int nodetach=0; #ifndef OPENSSL_NO_MD2 EVP_add_digest(EVP_md2()); #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); #endif #ifndef OPENSSL_NO_SHA1 EVP_add_digest(EVP_sha1()); #endif #ifndef OPENSSL_NO_MDC2 EVP_add_digest(EVP_mdc2()); #endif data=BIO_new(BIO_s_file()); again: if (argc > 1) { if (strcmp(argv[1],"-nd") == 0) { nodetach=1; argv++; argc--; goto again; } if (!BIO_read_filename(data,argv[1])) goto err; } else BIO_set_fp(data,stdin,BIO_NOCLOSE); /** * Get our private key as it will be used from some other PKCS7 function later I assume to sign data? **/ FILE * fp =fopen("rsa.pem.0", "rb"); if (fp==NULL){ printf("NULL fp \n"); return 1; } EVP_PKEY *pevpkey= PEM_read_PrivateKey(fp, NULL, NULL, NULL); if (pevpkey==NULL){ printf("PEM for read private failed\n"); return 1; } else printf("PEM for read private SUCCESS\n"); fclose(fp); if ((in=BIO_new_file("RSApublic.x509.0.cert","r")) == NULL) goto err; if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; //BIO_reset(in); //if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; BIO_free(in); p7=PKCS7_new(); PKCS7_set_type(p7,NID_pkcs7_signed); si=PKCS7_add_signature(p7,x509,pevpkey,EVP_sha1()); if (si == NULL) goto err; /* If you do this then you get signing time automatically added */ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); /* USE THIS TO ADD a X509 if you wish to the PKCS7*/ // PKCS7_add_certificate(p7,x509); /* Set the content of the signed to 'data' */ PKCS7_content_new(p7,NID_pkcs7_data); // if (!nodetach) PKCS7_set_detached(p7,1); if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; for (;;) { i=BIO_read(data,buf,sizeof(buf)); if (i <= 0) break; printf("%d \n",BIO_write(p7bio,buf,i) ); } if (!PKCS7_dataFinal(p7,p7bio)) goto err; BIO_free(p7bio); PEM_write_PKCS7(stdout,p7); PKCS7_free(p7); exit(0); err: ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); exit(1); } -- View this message in context: http://openssl.6102.n7.nabble.com/Data-and-Signature-envelope-tp44885p44901.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org