Re: PKCS7 open and extract signature
Tried to find documentation and examples ( which includes searching the forum) for using a PKCS7 standard in context to what I am trying to do for best practices when using a signature to verify a document received. Basically I have a document file (100k) called BackgroundCheck.doc (document_bytes document_length) and an ECDSA signature from this file (used SHA1 from the document using a ECDSA private key) called BackgroundCheck.ecdsa (signature_bytes signature_length) The document and signature is sent to a recipient who has a file called ecdsapublic.x509 to verify the signature from the document using the ECDSA public key. basically the Message Digest is computed from the document received by the recipient to verify the document. unsigned char md[20]; result= SHA1(document_bytes, document_size, md); //compute the message digest from the document Then use the X509 file with public key to verify the signature. X509*x509= PEM_read_bio_pubkey(bio, NULL,0 ,NULL); //read the ecdsapublic.x509 EVP_KEY*evpkey= X509_get_pubkey(x509);//get the public key EC_KEY *pubeckey = EVP_PKEY_get1_EC_KEY(evpkey); ret= EC_KEY_set_group(pubeckey, EC_GROUP_new_by_curve_name(curvetype); //set the curve type which recipient knows. rc = ECDSA_verify(0,md, 20, signature_bytes, signature_length); //now verify the document using the signature file And that works great sending many documents with signatures and the recipient can verify that they are authentic. The issue is the raw signature is simple not best practice (I assume) it could use a PKCS7 but I have no idea how this would apply. Basically a programmatic API could be used p7= PKCS7_new(); int rc= PKCS7_set_type(p7, NID_pkcs7_enveloped); to make a PKCS7 for the signature that could be sent with the document instead of the raw signature. So where are there examples? I have read the O'Reilly OpenSSL book but their context is not mine for the PKCS7 usage and its a thin chapter (well if you want to call it a chapter). Maybe an example can be posted here using the functions. redpath wrote: Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. -- View this message in context: http://old.nabble.com/PKCS7-open-and-extract-signature-tp34542036p34548505.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
On Fri, Oct 12, 2012, redpath wrote: Tried to find documentation and examples ( which includes searching the forum) for using a PKCS7 standard in context to what I am trying to do for best practices when using a signature to verify a document received. Basically I have a document file (100k) called BackgroundCheck.doc (document_bytes document_length) and an ECDSA signature from this file (used SHA1 from the document using a ECDSA private key) called BackgroundCheck.ecdsa (signature_bytes signature_length) The document and signature is sent to a recipient who has a file called ecdsapublic.x509 to verify the signature from the document using the ECDSA public key. basically the Message Digest is computed from the document received by the recipient to verify the document. unsigned char md[20]; result= SHA1(document_bytes, document_size, md); //compute the message digest from the document Then use the X509 file with public key to verify the signature. X509*x509= PEM_read_bio_pubkey(bio, NULL,0 ,NULL); //read the ecdsapublic.x509 EVP_KEY*evpkey= X509_get_pubkey(x509);//get the public key EC_KEY *pubeckey = EVP_PKEY_get1_EC_KEY(evpkey); ret= EC_KEY_set_group(pubeckey, EC_GROUP_new_by_curve_name(curvetype); //set the curve type which recipient knows. rc = ECDSA_verify(0,md, 20, signature_bytes, signature_length); //now verify the document using the signature file And that works great sending many documents with signatures and the recipient can verify that they are authentic. The issue is the raw signature is simple not best practice (I assume) it could use a PKCS7 but I have no idea how this would apply. Basically a programmatic API could be used p7= PKCS7_new(); int rc= PKCS7_set_type(p7, NID_pkcs7_enveloped); to make a PKCS7 for the signature that could be sent with the document instead of the raw signature. So where are there examples? I have read the O'Reilly OpenSSL book but their context is not mine for the PKCS7 usage and its a thin chapter (well if you want to call it a chapter). Maybe an example can be posted here using the functions. Check the manual pages for PCKS7_sign, PKCS7_verify and the demos in demos/pkcs7 and the CMS version CMS_sign, CMS_verify and demos/cms Stedve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
On 10/11/2012 1:59 PM, redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. There are two APIs for this: CMS_verify() and PKCS7_dataVerify() Each with a lot of related sibling functions. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
On Thu, Oct 11, 2012, redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. It is not a good idea to try and verify the PKCS#7 signature manually as the signature is (usually) not the digest of the contents. Instead the content digest is contained in a set of attributes and the signature is performed on the digest of the attributes. PKCS7_verify or CMS_verify will both perform the necessary operations along with the cms and smime command line options. See the manual pages for more details there are also demo programs in demos/smime and demos/cms. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. -- View this message in context: http://old.nabble.com/PKCS7-open-and-extract-signature-tp34542036p34542704.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS7 open and extract signature
On 10/11/2012 4:16 PM, redpath wrote: Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. This sounds like you want a detached PKCS#7 signature, where the PKCS#7 structure itself contains some meta-information about the file (such as what hash algorithm to use and what date the signature was made), but not the actual file contents. Detached PKCS#7 signatures are very common, this is how PKCS#7 is used with signed (but not encrypted) e-mails, Microsoft Authenticode signatures and many other uses. The function families suggested to you also contain functions that can generate and validate detached PKCS7 signatures. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. It is currently considered best practice to provide the public key in the form of an X.509 certificate issued by someone the challenger probably trusts with the ability to independently verify that you are who you say you are. This will be provided to the challenger in two places (that must agree): 1. Inside the PKCS#7 structure (there is a field specifically for that). 2. Separately over a trusted delivery mechanism (so the challenger has another reason to be certain he has the proper public key to trust with signing the file contents). redpath wrote: I have a PKCS7 file with signature in the envelope. What API function can I use to open the PKCS7 to extract the signature data and length and then verify the message digest? The verify is shown below assuming I got the signature data and length. int rc = ECDSA_verify(0, md, 20, signaturedata, signaturelength, pubeckey); Kinda hard to find the right functions which seems to be a pretty common thing. I did search the forum for this. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: PKCS7 open and extract signature
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm Sent: Thursday, 11 October, 2012 10:45 On 10/11/2012 4:16 PM, redpath wrote: Well the situation is I have a file which has been signed for its contents. This signature is used to verify the authentication of the file. The signature works great but I want to use best practices to package the signature. A PKCS7 was suggested. So I assume I can extract this signature from the PKCS7 to verify the file contents which I create the message digest SHA2 from. This sounds like you want a detached PKCS#7 signature, where the PKCS#7 structure itself contains some meta-information about the file (such as what hash algorithm to use and what date the signature was made), but not the actual file contents. Detached PKCS#7 signatures are very common, this is how PKCS#7 is used with signed (but not encrypted) e-mails, Microsoft Authenticode signatures and many other uses. The function families suggested to you also contain functions that can generate and validate detached PKCS7 signatures. Yes. PKCS#7 is now officially Cryptographic Message Syntax (CMS), much like SSL is now officially Transport Level Security (TLS). We often still use the old names loosely to mean both, but when implementing you may need to be more precise. Is there something I am missing here. Just want to use best practices. The challenger has the file and the PKCS7 (signature) to verify the contents. The challenger has the public key. It is currently considered best practice to provide the public key in the form of an X.509 certificate issued by someone the challenger probably trusts with the ability to independently verify that you are who you say you are. This will be provided to the challenger in two places (that must agree): That someone is called a Certificate Authority or CA. The cert should be from a CA the challenger (this is usually called verifier or relier) *does* trust; the issue is whether the signer knows, at signing time, who the reliers are or will be and what CAs they do or will trust. If you do know, use that; otherwise you must guess. With PKCS7/CMS signed-data you can generate and include multiple signatures on the same data; these could be signatures using 2 (or 5 or 42) different certs that different reliers do or are expected or hoped to trust. 1. Inside the PKCS#7 structure (there is a field specifically for that). The PKCS7/CMS SignerInfo always includes a field to *identify* the signing key, usually by issuer+serial of the signer's cert. Signed-data *may* also include copies of any or all certs the relier(s) may need, starting with the signer's cert and going up the chain as necessary or desired. 2. Separately over a trusted delivery mechanism (so the challenger has another reason to be certain he has the proper public key to trust with signing the file contents). Not (normally) the signer's cert. A main feature of certs is they are signed and thus tamperprotected and authenticable, and so can be transmitted and/or stored without authentication or integrity protection. What does need to be passed to the relier(s) in a trusted way is the CA *root*, or other trust anchor, for the signer's cert. For public CAs like Verisign, this is usually done by the relier application or system installing a vendor-chosen set of public roots, which may be manually adjusted if necessary. E.g. Windows does this, and Firefox, and Java. Windows occasionally pushes updates as well, if you use Windows autoupdate (or one of Microsoft's enterprise updaters), which you pretty much must to handle the stream of security fixes in Windows. snip rest __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org