hi, I need to PKCS7 sign and verify a several megabyte buffer. This raises lots of fun issues with streaming and memory management.
From what I've been able to learn so far using a detached PKCS7 structure along with PKCS7_dataInit() and PKCS7_dataFinal() calls to stream the large content buffer is the way to go for calculating the signature. One of the requirements I have is that the detached content and the PKCS7 signatures must both be stored in a single file. This means I'll have my PKCS7 signed structure in DER format trailed by the signed contents. Creating the file is straightforward. Reading it in for verification it is something I'm confused about. Is there a way for to determine the actual length of the PKCS7_SIGNED data so I can find the offset of the contents? What I want is to call d2i_pkcs7_bio() to retreive the PKCS7_SIGNED data, then use its size to skip ahead to the correct offset and start the signature validation. If it helps at all both the PKCS7_SIGNED data and the signed content will already be loaded into memory (however there's not enough memory to allocate space for the ASN1 parsing of both). thanks, brian ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
