Re: converting PKCS #7 data from BER to DER
The post process would be done by the signer (on his machine with all the credential availables), with the key present. If this can be done inside PKCS_sign, or during the same session. I don't want this re-encoding to be particulary a post-process, just want it to be done anytime, of course ... If I can modify the PKCS7 code to output directly DER it's even better. (but I don't know if it is feasible). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: converting PKCS #7 data from BER to DER
Benjamin Sergeant wrote: I'd like to know how to proceed (is it doable) to convert a PKCS #7 data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;) with several cert (the one from the signer) and a chain of cert, from BER to DER encoding. Is the decryption key present to sign the contents again after they are rearranged by canonical encoding? If not, then many of us are counting on this not being remotely feasible. ;-) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
converting PKCS #7 data from BER to DER
Hi, I'd like to know how to proceed (is it doable) to convert a PKCS #7 data (made with PKCS7_sign, flag = PKCS7_BINARY | PKCS7_DETACHED;) with several cert (the one from the signer) and a chain of cert, from BER to DER encoding. I have another one PKCS #7 data which was made with the same credential, but openssl pkcs7 print the embeded certificates in a different order. Doing a wc -c on the different certificates, what I understand is that with DER the certificates are sorted (lexicographic ?, the smaller one the first, and so on), while with BER (openssl) they are in another order, the signing certificate is always coming first when printing with openssl pkcs7. Is there a way to build a filter to post process my BER to convert it to DER (extracting the ASN.1 datas and sorting them) ? Digging in the code I don't see such hidden features in crypto/pkc7 code ? Or any other method ? Thanks a lot for any help, Benjamin. I am working with version 0.9.8b (latest I think). __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]