OK, I guess this is the only way to go then. Thanks for the help! Regards, Martin
2010/11/9 David Schwartz <dav...@webmaster.com>: > On 11/6/2010 7:44 AM, Martin Boßlet wrote: > >> I just tested, whether the BER-encoding is preserved if I do not alter >> any of the contents. Unfortunately, it seems as if the encoding is not >> preserved. I did the following: >> >> d2i_PKCS7_bio(file,&p7); >> >> and then directly >> >> i2d_PKCS7_bio(file2, p7); >> >> again. "file" was BER-encoded using e.g. an Octet String in >> constructed form with inifinite length, which was DER-encoded in >> primitive form using definite length in the output. >> Is there a way how I can circumvent the reencoding? >> >> Best regards, >> Martin > > Really, the best solution is just not to do that then. If it wants the > signature done on the byte-for-byte form supplied, then do the signature on > the byte-for-byte form supplied. Don't convert it into any other form and > then convert it back because absent DER, it's unreasonable to expect that to > produce the same output. > > Keep both the PKCS7 object and a raw byte version. Compute and check > signatures on the raw byte version. Do other checks on the PKCS7 object. > > DS > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org