I'm signing data with PKCS7_sign(), and the result has a 0-byte element
for eContent under encapContentInfo. This is a snap from 'openssl cms
-cmsout -print' of the resulting signature:
...
encapContentInfo:
eContentType: pkcs7-data (1.2.840.113549.1.7.1)
eContent:
...
Or, from 'openssl asn1parse' (which clearly shows length=0):
...
43:d=3 hl=2 l= 15 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
56:d=4 hl=2 l= 2 cons: cont [ 0 ]
58:d=5 hl=2 l= 0 prim: OCTET STRING
(next element after the SEQUENCE follows)
...
I would rather expect no 'eContent' block at all, like this:
...
encapContentInfo:
eContentType: pkcs7-data (1.2.840.113549.1.7.1)
eContent: <ABSENT>
...
Or, consequently,
...
43:d=3 hl=2 l= 11 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
(next element after the SEQUENCE follows)
...
Is it possible to make PKCS7_sign() behave in the latter way, i.e. not
create the container with zero-byte content?
Thanks in advance.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
