Hello,
I have the raw signature data of a elliptic curve DSA operation from a
smart card. In addition I will have a certificate for the public key of
the elliptic curve algorithm. I want to store the results as a p7s file.
How can this be done?
I haven't found any documentation, only the in the pkcs7/sign.c file I
found something maybe interesting:
p7=PKCS7_new();
PKCS7_set_type(p7,NID_pkcs7_signed);
What's this? Is this content necessary?
si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
if (si == NULL) goto err;
/* If you do this then you get signing time automatically added */
What does this mean?
PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
OBJ_nid2obj(NID_pkcs7_data));
/* we may want to add more */
PKCS7_add_certificate(p7,x509);
/* Set the content of the signed to 'data' */
PKCS7_content_new(p7,NID_pkcs7_data);
if (!nodetach)
PKCS7_set_detached(p7,1);
Now the what is read in? The raw signature data?
if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
for (;;)
{
i=BIO_read(data,buf,sizeof(buf));
if (i <= 0) break;
BIO_write(p7bio,buf,i);
}
if (!PKCS7_dataFinal(p7,p7bio)) goto err;
BIO_free(p7bio);
PEM_write_PKCS7(stdout,p7);
PKCS7_free(p7);
Apart from this: Must the data to be signed in DER to be valid with PKCS#7?
Thanks, Karsten
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
