Hello, I've been studying how to implement the electronic signature according to the Italian regulations and by using the relative security tokens.
The Italian regulation (CNIPA 45/2009) requires the signed messages to be generated according to CMS Advanced Electronic Signatures (CAdES). I studied the code of openssl and of the smime app, and I discovered that it does not support the signingCertificateV2 attribute. I tried to patch apps/smime.c to add the required element to PKCS7, and I was able to get it working. I attach the patch, but I am asking for some feedback. 1) It's the first version, I don't expect you to merge it as it is, but would you consider adding an option to smime so that it can the signingCertificateV2 to the output message? 2) do you see any big mistake in the patch? 3) the ESSCertIDv2 elements requires an algorithm identifier, which is the one corresponding to sha256 and a certificate hash. Can I get it without having to pre-compute it and pass it as a command line parameter? 4) in the patch, the certificate hash is an empty string. The verification software says that the encoded message is good, but I think it should complain about the missing hash. Do you think it could be a bug in the verification software? I would be really happy to get some feedback from you, because I'd like to be able to sign documents with openssl and not with proprietary software. Thank you Ottavio -- Non c'è più forza nella normalità, c'è solo monotonia
cades.diff
Description: Binary data
