Hi Jon, What you want to do is not very hard. I posted a sample for extracting a key and signature from certificates (RFC 3280) and verifying the signature here:
http://groups.google.com/group/cryptopp-users/browse_frm/thread/d293122fb782622a/8a5012a2efabc466?lnk=gst&q=RSA&rnum=8#8a5012a2efabc466 If you look at the ASN.1 module in RFC3852 and that code, it should be easy to extend the operation to extract the certificate and signature from a SignedData structure then verify the signature. I'm reasonably sure I use all of the crypto++ functions you would need to do so in my sample; just alter to match the structure you're working with. That said, it's most likely not the right thing for you to do. You should probably be using a higher-level library than crypto++. Most applications that want to do what you describe should also build a certification path back to a trusted authority and verify revocation status of the certificates in that path relative to the signing time prior to trusting the signature. While crypto++ contains the cryptographic primitives you need to do so, the rest of the bits required for this are rightly beyond the scope of crypto++. Chances are you don't want to build this infrastructure yourself and should use PKIF (<--- full disclosure, I work on that one), SFL, OpenSSL, NSS, MS CAPI or a similar library that performs this sort of validation for your application. Note that the above are not all created equal. They have differing crypto support and differ in the level of rigor with which they perform certification path building and validation, check revocation status, etc. Some of these differences may be important to your PKI, some may not. But this functionality is critical to whether you decide to trust that a signature is valid. HTH, Geoff On 5/10/07, Jon <[EMAIL PROTECTED]> wrote: > > I have a signature encoded as a Cryptographic Message Syntax (CMS) > signature (as per RFC3852) that contains a single X.509 certificate > that was used to sign a detached message. The signature is implemented > as a SignedData type (RFC3852). I need to extract this certificate to > get the public key to verify the signature of the message. I am very > new to Crypto++ so sample code will be greatly appreciated! Thanks! > > -Jon > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
