"Hellan,Kim KHE" wrote: > > Hi > > If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then > be sure of the integrity of the data? > With a signed PKCS#7 you can verify the signature, but what if there is no > signature. Does the PKCS#7 format itself make it impossible to tamper with > such an encrypted "blob" or is there some OpenSSL function that can verify > the integrity (like PKCS7_verify)? >
PKCS#7 encrypted data can be produced by anyone with access to the recipient(s) certificates which will normally be publically available. Unless the sender has signed the content before encryption there is no way to be sure of its integrity. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]