Re: How to sign a file with DER format?

Tue, 25 Mar 2014 14:13:31 -0700 

The parameters field in an AlgorithmIdentifier is optional if NULL,

which it is for SHA-1, and SHA-2 and I think all hashes as well as many 

other algorithms. It appears the (older) SMIME_ API and smime utility 

does encode it and the (newer) CMS_ API and cms utility does not. 

A compliant recipient should handle both the same.

 

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Kálmán bácsi
Sent: Tuesday, March 25, 2014 09:55
To: openssl-users@openssl.org
Subject: *** Spam *** Re: How to sign a file with DER format?

 

Dear Dave,

 

thanks, I modified the program and it works.

 

I got another question:

 

I compare the two files, one made by the program with the C API, and the
other made by command line tool.

 

There is one difference: after the sha1 line there is a NULL. I can't
"reproduce" it with the C API.

 

C src: http://pastebin.com/Sq6yiEB2

ASN output: http://pastebin.com/NdRDB4BQ

 

On Fri, Mar 21, 2014 at 11:37 PM, Dave Thompson <dthomp...@prinpay.com>
wrote:

Streaming mode exists to allow unbounded data, whose length is not known and
may not fit in memory.

 

DER requires that the data be available and fit in memory and its length
known.

 

If you want DER don’t use streaming. apps/cms.c has options for both, if you
trace it through.

 

But why do you care? There is no requirement CMS itself be DER, only that
the data is fixed 

(so if detached *and* ASN.1 that means it should be DER) and if auth-attrs
is used (as is usual, 

and default in openssl) the signature is computed over a modified DER
encoding *of the attributes*. 

openssl does do the attributes (and in fact the signerinfos) in DER, since
they are available in memory.

 

 

From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Kálmán bácsi
Sent: Friday, March 21, 2014 03:42
To: openssl-users@openssl.org
Subject: *** Spam *** How to sign a file with DER format?

 

Hello,

I'm new to OpenSSL and got a question,

I try to sign a file with the C library, the base of the program is the
cms_sign.c example, only change is i2d_CMS_bio_stream() instead of
SMIME_write_CMS().

I noticed in the documentation that i2d_CMS_bio_stream outputs BER. Is there
any way to use DER? I googled it but find nothing, maybe used wrong
keywords...

Best regards,

Peter

Reply via email to