Re: Best format for enveloped signed content
Jeremy R. wrote: ... I'd like to be able to use the openssl command-line utility to generate messages manually during development. Hello Jeremy You can see my code at http://sourceforge.net/projects/as2openssl/files/ and all is done using the command line openssl. I found quite ok since the time of the database library for mysql from within perl. It was way more coding using the library than mere qx// to the command line mysql program. The command line openssl smime does it very easy and there are few thing to watch inside non windows environments, which could be (1) the canonicalization, or ending every line as in windows (\r\n). I personally prefer the base64 enconding made by openssl smime (PEM). It also produces binary (DER). Hope it helps -- View this message in context: http://www.nabble.com/Best-format-for-enveloped---signed-content-tp24544306p24560144.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Best format for enveloped signed content
I'm writing an application which will receive messages which must be both enveloped and signed, and I'm looking for the best way to do this. Obviously, I can simply use EVP_Open* and EVP_Verify* in either order to do this, but I'm wondering if there's a good way to do this – ideally, I'd like to be able to use the openssl command-line utility to generate messages manually during development. I can't, however, seem to find any access to the EVP_Seal* methods in the openssl command-line utility, though signature is available through openssl dgst. Beyond that, I'm aware that PKCS#7 is used in S/MIME, and I've been told that using it is a good idea, but I can't seem to figure out why I should use it over simply doing the cryptographic operations – my code will not need to interoperate with anything else. If possible, I'd like control of the algorithms used, but I'd be willing to settle for default choices if they are reasonably secure. If I do have to do it manually, is there any convention as to which operation (signing or enveloping) should be done first? Is there a performance benefit to one approach? I apologize if this is a newbie question (I'm sure it is); I just didn't want to get started on this project in one format only to discover that I've made a dreadful mistake. Cheers, -- Jeremy R. NovaWave Solutions__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Best format for enveloped signed content
I'm writing an application which will receive messages which must be both enveloped and signed, and I'm looking for the best way to do this. Obviously, I can simply use EVP_Open* and EVP_Verify* in either order to do this, but I'm wondering if there's a good way to do this – ideally, I'd like to be able to use the openssl command-line utility to generate messages manually during development. I can't, however, seem to find any access to the EVP_Seal* methods in the openssl command-line utility, though signature is available through openssl dgst. Beyond that, I'm aware that PKCS#7 is used in S/MIME, and I've been told that using it is a good idea, but I can't seem to figure out why I should use it over simply doing the cryptographic operations – my code will not need to interoperate with anything else. If possible, I'd like control of the algorithms used, but I'd be willing to settle for default choices if they are reasonably secure. If I do have to do it manually, is there any convention as to which operation (signing or enveloping) should be done first? Is there a performance benefit to one approach? I apologize if this is a newbie question (I'm sure it is); I just didn't want to get started on this project in one format only to discover that I've made a dreadful mistake. Cheers, -- Jeremy R. NovaWave Solutions__ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
