On 11/6/2010 7:44 AM, Martin Boßlet wrote:
I just tested, whether the BER-encoding is preserved if I do not alter
any of the contents. Unfortunately, it seems as if the encoding is not
preserved. I did the following:
d2i_PKCS7_bio(file,&p7);
and then directly
i2d_PKCS7_bio(file2, p7);
again. "file" was BER-encoded using e.g. an Octet String in
constructed form with inifinite length, which was DER-encoded in
primitive form using definite length in the output.
Is there a way how I can circumvent the reencoding?
Best regards,
Martin
Really, the best solution is just not to do that then. If it wants the
signature done on the byte-for-byte form supplied, then do the signature
on the byte-for-byte form supplied. Don't convert it into any other form
and then convert it back because absent DER, it's unreasonable to expect
that to produce the same output.
Keep both the PKCS7 object and a raw byte version. Compute and check
signatures on the raw byte version. Do other checks on the PKCS7 object.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
