Signed data in CMS format

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Signed data in CMS format

madhu sudhan reddy-2

Hello Experts,

 

            I am facing a big problem. In our project we have requirement to output signed data in CMS (Cryptographic Message Syntax, RFC 2630) format.

 

It is in my head to develop it. My doubt is, Can I use OpenSSL version “0.9.7d” to build sign data in CMS format?  It is only for the data type “Signed and Enveloped”.

 

            I am new to OpenSSL.  I need your support.

 

            Early comments are greatly appreciated.

 

Thanks,

Madhu

 

           

#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################
Reply | Threaded
Open this post in threaded view
|

Signed data in CMS format

madhu sudhan reddy-2

Hello All,

 

            I have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in PKCS#7 format.

 

After creating signed data, I am passing the data to the function “Verify_CMS()” (This function is not listed below, part of JAVA script) to verify. But this function is returning “Incorrect CMS” error.

 

            Is there any mistake in the following piece of code in creating signed data in PKCS#7 format?

 

            Any comment on this will help me greatly. Thanking you…

 

 

 

            PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate, unsigned int uiByteArraytoAuthenticate_len, 

                                                                                      int ioptions, char* pcCertName)

{

            unsigned char* pcTempAuthData = NULL;

            unsigned short usDataLength = 0;

            X509 *pSignerCert = NULL;        

            EVP_PKEY *pkey = NULL;

            BIO *InputData = NULL;

 

            if (pbByteArraytoAuthenticate == NULL)

                        return 0;

           

            /* check options parameters and validate the platform support */

            if ( (ioptions & 1) && (bSupportingOpaqueSignatures == false) )

            {

                        g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES;

                        return 0;

            }

            if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures == false) )

            {

                        g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE;

                        return 0;

            }          

            if ( (ioptions & 2) && (bStoringCertificate == false) )

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

            pSignerCert = GetCertifcateByCertName(pcCertName); // get certificate from Cert store

            if(!pSignerCert)

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

 

            pkey = GetRSAPrivateKeyByCertName(pcCertName);  // gets corresponding private key

            if(!pkey)

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate, uiByteArraytoAuthenticate_len);  // converts array of data to bio, since PKCS7_sign takes data in

                                                                                                                                                //bio format

            if(!InputData)

            {

                        g_pkiReasonCode = CMS_FAILURE;

                        return 0;

            }

 

            EVP_add_digest(EVP_sha1());

            EVP_add_digest_alias(SN_sha1,"ssl3-sha1");

            EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);

            EVP_add_digest(EVP_dss1());

            EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);

            EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");

            EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");

 

            pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, options);  // here options = 0

           

 

            usDataLength = ASN1_item_i2d(pkcs7, &pcTempAuthData,ASN1_ITEM_rptr(PKCS7));

 

            if (!usDataLength)

            {

                        g_pkiReasonCode = CMS_FAILURE;

                        return 0;

            }

 

            Return pcTempAuthData;

             

}

 

 

Thanks,

Madhu

#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################
Reply | Threaded
Open this post in threaded view
|

Signed data in CMS format

madhu sudhan reddy-2
In reply to this post by madhu sudhan reddy-2

 

 

Hello All,

 

            I have the requirement to sign the data in CMS format. I used PKCS7_sign function , which outputs data in PKCS#7 format.

 

After creating signed data, I am passing the data to the function “Verify_CMS()” (This function is not listed below, part of JAVA script) to verify. But this function is returning “Incorrect CMS” error.

 

            Is there any mistake in the following piece of code in creating signed data in PKCS#7 format?

 

            Any comment on this will help me greatly. Thanking you…

 

 

 

            PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate, unsigned int uiByteArraytoAuthenticate_len, 

                                                                                      int ioptions, char* pcCertName)

{

            unsigned char* pcTempAuthData = NULL;

            unsigned short usDataLength = 0;

            X509 *pSignerCert = NULL;        

            EVP_PKEY *pkey = NULL;

            BIO *InputData = NULL;

 

            if (pbByteArraytoAuthenticate == NULL)

                        return 0;

           

            /* check options parameters and validate the platform support */

            if ( (ioptions & 1) && (bSupportingOpaqueSignatures == false) )

            {

                        g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES;

                        return 0;

            }

            if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures == false) )

            {

                        g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE;

                        return 0;

            }          

            if ( (ioptions & 2) && (bStoringCertificate == false) )

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

            pSignerCert = GetCertifcateByCertName(pcCertName); // get certificate from Cert store

            if(!pSignerCert)

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

 

            pkey = GetRSAPrivateKeyByCertName(pcCertName);  // gets corresponding private key

            if(!pkey)

            {

                        g_pkiReasonCode = CMS_NO_CERTIFICATE;

                        return 0;

            }

InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate, uiByteArraytoAuthenticate_len);  // converts array of data to bio, since PKCS7_sign takes data in

                                                                                                                                                //bio format

            if(!InputData)

            {

                        g_pkiReasonCode = CMS_FAILURE;

                        return 0;

            }

 

            EVP_add_digest(EVP_sha1());

            EVP_add_digest_alias(SN_sha1,"ssl3-sha1");

            EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);

            EVP_add_digest(EVP_dss1());

            EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);

            EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");

            EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");

 

            pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, options);  // here options = 0

           

 

            usDataLength = ASN1_item_i2d(pkcs7, &pcTempAuthData,ASN1_ITEM_rptr(PKCS7));

 

            if (!usDataLength)

            {

                        g_pkiReasonCode = CMS_FAILURE;

                        return 0;

            }

 

            Return pcTempAuthData;

             

}

 

 

Thanks,

Madhu

#####################################################################
This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
LG Soft India will not be responisible for any viruses or defects or
any forwarded attachements emanating either from within
LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
recipient, please contact the sender by reply email and destroy all
copies of the original message.
#####################################################################
Reply | Threaded
Open this post in threaded view
|

Re: Signed data in CMS format

Terrell
Why is this message 38K?




On Tue, Jun 14, 2005 at 04:55:01PM +0530, Madhu Sudhan Reddy wrote:

>  
>
>  
>
> Hello All,
>
>  
>
>             I have the requirement to sign the data in CMS format. I
> used PKCS7_sign function , which outputs data in PKCS#7 format.
>
>  
>
> After creating signed data, I am passing the data to the function
> "Verify_CMS()" (This function is not listed below, part of JAVA script)
> to verify. But this function is returning "Incorrect CMS" error.
>
>  
>
>             Is there any mistake in the following piece of code in
> creating signed data in PKCS#7 format?
>
>  
>
>             Any comment on this will help me greatly. Thanking you...
>
>  
>
>  
>
>  
>
>             PBYTE PKI_SignData (PBYTE pbByteArraytoAuthenticate,
> unsigned int uiByteArraytoAuthenticate_len,  
>
>  
> int ioptions, char* pcCertName)
>
> {
>
>             unsigned char* pcTempAuthData = NULL;
>
>             unsigned short usDataLength = 0;
>
>             X509 *pSignerCert = NULL;        
>
>             EVP_PKEY *pkey = NULL;
>
>             BIO *InputData = NULL;
>
>  
>
>             if (pbByteArraytoAuthenticate == NULL)
>
>                         return 0;
>
>            
>
>             /* check options parameters and validate the platform
> support */
>
>             if ( (ioptions & 1) && (bSupportingOpaqueSignatures ==
> false) )
>
>             {
>
>                         g_pkiReasonCode = CMS_NO_OPAQUE_SIGNATURES;
>
>                         return 0;
>
>             }
>
>             if ( (!(ioptions & 1)) && (bSupportingDitachedSignatures ==
> false) )
>
>             {
>
>                         g_pkiReasonCode = CMS_NO_DETACH_SIGNATURE;
>
>                         return 0;
>
>             }          
>
>             if ( (ioptions & 2) && (bStoringCertificate == false) )
>
>             {
>
>                         g_pkiReasonCode = CMS_NO_CERTIFICATE;
>
>                         return 0;
>
>             }
>
>             pSignerCert = GetCertifcateByCertName(pcCertName); // get
> certificate from Cert store
>
>             if(!pSignerCert)
>
>             {
>
>                         g_pkiReasonCode = CMS_NO_CERTIFICATE;
>
>                         return 0;
>
>             }
>
>  
>
>             pkey = GetRSAPrivateKeyByCertName(pcCertName);  // gets
> corresponding private key
>
>             if(!pkey)
>
>             {
>
>                         g_pkiReasonCode = CMS_NO_CERTIFICATE;
>
>                         return 0;
>
>             }
>
> InputData = GetBIOBydata((char*)pbByteArraytoAuthenticate,
> uiByteArraytoAuthenticate_len);  // converts array of data to bio, since
> PKCS7_sign takes data in
>
>  
> //bio format
>
>             if(!InputData)
>
>             {
>
>                         g_pkiReasonCode = CMS_FAILURE;
>
>                         return 0;
>
>             }
>
>  
>
>             EVP_add_digest(EVP_sha1());
>
>             EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
>
>  
> EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
>
>             EVP_add_digest(EVP_dss1());
>
>             EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
>
>             EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
>
>             EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
>
>  
>
>             pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData,
> options);  // here options = 0
>
>            
>
>  
>
>             usDataLength = ASN1_item_i2d(pkcs7,
> &pcTempAuthData,ASN1_ITEM_rptr(PKCS7));
>
>  
>
>             if (!usDataLength)
>
>             {
>
>                         g_pkiReasonCode = CMS_FAILURE;
>
>                         return 0;
>
>             }
>
>  
>
>             Return pcTempAuthData;
>
>              
>
> }
>
>  
>
>  
>
> Thanks,
>
> Madhu
>
> #####################################################################
> This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information.
> LG Soft India will not be responisible for any viruses or defects or
> any forwarded attachements emanating either from within
> LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded
> recipient, please contact the sender by reply email and destroy all
> copies of the original message.
> #####################################################################
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]