"Khassaia, Amir" wrote:
>
> Hi,
> I've encountered the following problem:
> I generate PKCS#7 detached & signed data using CryptSignMessage() in
> CryptoAPI and try to verify it using OpenSSL but I get an OpenSSL Error:
> {error:2107106C:PKCS7 routines:PKCS7_signatureVerify:unable to fi
> nd message digest}.
>
> I tried using PKCS7_dataVerify() and PKCS7_signatureVerify() invoked for
> each signer certificate in the PKCS#7 object. PKCS7_DataVerify() finds the
> certifcate status valid before invoking PKCS7_signatureVerify() and failing
> as stated above...
> CryptoAPI manages to verify its own PKCS#7 data however, is this due to the
> byte ordering of signatures which some other people have been refering to
> over the past or did I miss something fundamental ?
>
No, you wouldn't get that error for a byte ordering problem. In any case
byte ordering issues shouldn't occur with PKCS#7.
You could try the 'smime' application (which uses PKCS7_verify) instead
but I suspect you'll get the same error.
It may be a CryptoAPI problem, you normally have to set lots of things
if you want to use authenticated attributes. Why don't you post a sample
CryptoAPI PKCS#7 so it can be analyased further.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
