PKCS7 signature process

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

PKCS7 signature process

Patrice Guérin-2
Hello OpenSSL-users

In the purpose of signing pdf files, I've found a difference of
behaviour that I can't explain between two ways of computing signatures.
The first one leads to an error in the way that Adobe says that the file
was modified after signing, the second does not.

First Method:
     BIO* BioMem = BIO_new( BIO_s_mem() );
     while ( Data )
BIO_write( BioMem , Data, DataLen );
     MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
     PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
     BIO* BioOut = BIO_new( BIO_s_mem() );
     i2d_PKCS7_bio( BioOut , MyPKCS7 );
     char*    OutBuf = NULL;
     int OutLen = BIO_get_mem_data( BioOut , &OutBuf );

Second Method:
     BIO* BioMem = BIO_new( BIO_s_mem() );
     MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
     while ( Data )
         BIO_write( BioMem , Data, DataLen );
     PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
     BIO* BioOut = BIO_new( BIO_s_mem() );
     i2d_PKCS7_bio( BioOut , MyPKCS7 );
     char*    OutBuf = NULL;
     int OutLen = BIO_get_mem_data( BioOut , &OutBuf );

It seems that the order between PKCS7_sign et BIO_Write that feeds the
memory BIO has an importance.

Can anybody explains why the first method is incorrect ?

Thank you in advance
Patrice.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users