Hi again In the "other end" I normally use PKCS7_verify() in order to verify the signature and get the signed text. This function also fails since there is no signer certificate in the PKCS#7.
Do you know how to handle signature verification and text retrieval in the receiver end ? Any help much appreciated! /Kim -----Oprindelig meddelelse----- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] vegne af Hellan.Kim KHE Sendt: 3. september 2004 12:42 Til: [EMAIL PROTECTED]; Marco Roeland Emne: SV: Signed PKCS#7 without a certificate included ? Disregard the last mail. You, of course, must still supply a signer certificate, it's just not included in the PKCS#7. Sorry! /Kim -----Oprindelig meddelelse----- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] vegne af Hellan.Kim KHE Sendt: 3. september 2004 12:35 Til: Marco Roeland; [EMAIL PROTECTED] Emne: SV: Signed PKCS#7 without a certificate included ? Hi, If I use the PKCS7_NOCERTS flag and use NULL in the "signcert" argument, I still get access violations. The problem is in x509_cmp.c file in the X509_check_private_key() function. The lines say: int X509_check_private_key(X509 *x, EVP_PKEY *k) { EVP_PKEY *xk=NULL; int ok=0; xk=X509_get_pubkey(x); if (xk->type != k->type) since x is NULL, then xk is also NULL, so the "if" line crashes the application. Any other ideas ? Thanks, Kim -----Oprindelig meddelelse----- Fra: Marco Roeland [mailto:[EMAIL PROTECTED] vegne af Marco Roeland Sendt: 3. september 2004 11:16 Til: [EMAIL PROTECTED] Cc: Hellan.Kim KHE Emne: Re: Signed PKCS#7 without a certificate included ? On Friday September 3rd 2004 Hellan.Kim KHE wrote: > I'm trying to make a signed and encrypted PKCS#7 message with a > footprint as small as possible. So my (probably dumb) question is: Is > it possible not to include signers certificate in the PKCS#7 ? The > PKCS7_Sign() function does not seem to allow it. PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags); Use PKCS7_NOCERTS in the 'flags' argument. > When the receiver wants to verify the signature, he then of course has > to supply signers certificate himself somehow, in order to perform the > verification. Yes. -- Marco Roeland ___________________________________________________________________ www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den. KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne. If you received this e-mail by mistake, please notify me and delete it. Thank you. Our mission is to enhance the efficiency of the public sector and improve its service of the general public. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ___________________________________________________________________ www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den. KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne. If you received this e-mail by mistake, please notify me and delete it. Thank you. Our mission is to enhance the efficiency of the public sector and improve its service of the general public. ___________________________________________________________________ www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den. KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne. If you received this e-mail by mistake, please notify me and delete it. Thank you. Our mission is to enhance the efficiency of the public sector and improve its service of the general public. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ___________________________________________________________________ www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den. KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne. If you received this e-mail by mistake, please notify me and delete it. Thank you. Our mission is to enhance the efficiency of the public sector and improve its service of the general public. ___________________________________________________________________ www.kmd.dk www.kundenet.kmd.dk www.eboks.dk www.civitas.dk www.netborger.dk Hvis du har modtaget denne mail ved en fejl vil jeg gerne, at du informerer mig og sletter den. KMD skaber it-services, der fremmer effektivitet hos det offentlige, erhvervslivet og borgerne. If you received this e-mail by mistake, please notify me and delete it. Thank you. Our mission is to enhance the efficiency of the public sector and improve its service of the general public. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
