Hi, I'm working on a C-library for Elster/COALA, the german interface for the electronic tax form submission.
I need to use PKCS#7 encryption for a given standalone cerificate, i.e. a self-signed certificate without a chain of trust. I also need to use the same bulk key for several pieces of PKCS#7 enveloped data and for PKCS#7 encrypted parts of the reply. I'm currently trying to use the older PKCS#7 functions, which let me preset the bulk key, but balk at the certificate. I get the error SEC_ERROR_CA_CERT_INVALID -8156 Issuer certificate is invalid. I think it is the call to CERT_VerifyCert in SEC_PKCS7CreateEnvelopedData that throws this error. Is there a way to force a certificate to be trusted? I also tried to use the newer CMS API, which works fine with the certificate. However, it doesn't let me preset the bulk key for enveloped data, it creates a new one for every encryption. Any suggestions what I should do? JÃrgen -- NO to software patents -- stop the European patents directive JÃrgen Stuber <[EMAIL PROTECTED]> http://www.jstuber.net/ gnupg key fingerprint = 2767 CA3C 5680 58BA 9A91 23D9 BED6 9A7A AF9E 68B4 _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
