Bryan Parker wrote:
>
> I am writing a block of code to generate a PKCS7 signature (data detached)
> using OpenSSL. I've been using the crypto\pkcs7\sign.c as an example. My
> question: Is it possible to generate a PKCS7 signature by specifying the
> signature, rather than using OpenSSL routines to digest and encrypt? I have
> a separate crypto library that generated the signature, and I want to use
> OpenSSL to package it in PKCS7.
>
crypto/pkcs7/sign.c is obsoleted by the new PKCS#7 API which you can see
in apps/smime.c but no other documentation yet.
If you want to use alternative digest code then you can write your own
EVP_MD digest structure which should be similar to the SHA1 code except
it sends the data to your external library.
Similarly the public key code can be handled by writing your own
RSA_METHOD (and maybe ENGINE).
If you've got a signature precomputed then you can just fill in the
PKCS7 structure with the relevant fields. There are two forms of PKCS#7
signature. The simplest (and not much used now) is just the signed
digest of the data. The most common is the signature of the digest the
DER encoding of a set of attributes which themselves include the digest
of the message and additional data like the signing time and supported
encryption algorithms.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
