Signing an XML file

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Signing an XML file

Anibal F. Martinez Cortina
Hello everyone, I'm trying to sign an XML file, need to do so with pkcs#7.
Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?
In particular, I'm using Qt as framework, but have also got OpenSSL libs and headers installed.
The target platform is Microsoft Windows (x32)

Kind regards,
Anibal.-

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

Salz, Rich
> Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?

Look at the apps/pkcs7.c file as a starting point.  Get the command line doing what you want, and then work through the code to pull out only the bits you need.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

Anibal F. Martinez Cortina

2016-12-13 22:54 GMT-03:00 Salz, Rich <[hidden email]>:
> Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?

Look at the apps/pkcs7.c file as a starting point.  Get the command line doing what you want, and then work through the code to pull out only the bits you need.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Got it, after some more reading, I've managed to pull:
A Valid X509 structure with the PEM file.
A Valid EVP_PKEY structure with the KEY file.
Created a BIO with BIO_new(BIO_s_mem()) and used BIO_read_filename with it.

Now I get to the part where I need to call PKCS7_sign() right?
If so, I'm missing something, because:
PKCS7_sign(cert,key,NULL,fileBIO,NULL) produces NULL as a result.

Any hints?

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

Dr. Stephen Henson
In reply to this post by Salz, Rich
On Wed, Dec 14, 2016, Salz, Rich wrote:

> > Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?
>
> Look at the apps/pkcs7.c file as a starting point.  Get the command line doing what you want, and then work through the code to pull out only the bits you need.
>

Actually smime.c is the utility you want for PKCS#7. Alternatively cms.c if
you want CMS (the successor to PKCS#7).

Those though are general purpose utilities which do all sorts of things which
most appications don't care about. There are some demos in demos/smime and
demos/cms which are much simpler.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

Thomas J. Hruska
On 12/14/2016 3:28 AM, Dr. Stephen Henson wrote:

> On Wed, Dec 14, 2016, Salz, Rich wrote:
>
>>> Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?
>>
>> Look at the apps/pkcs7.c file as a starting point.  Get the command line doing what you want, and then work through the code to pull out only the bits you need.
>>
>
> Actually smime.c is the utility you want for PKCS#7. Alternatively cms.c if
> you want CMS (the successor to PKCS#7).
>
> Those though are general purpose utilities which do all sorts of things which
> most appications don't care about. There are some demos in demos/smime and
> demos/cms which are much simpler.

PHP is open source software written in C.

A quick lookup in PHP's git repository (it's source code) turns up:

http://git.php.net/?p=php-src.git;a=blob;f=ext/openssl/openssl.c;h=a4b302bd303579d8f3eb62abdd9f312d3fba264d;hb=HEAD#l5148

Now the OP has a model to follow for writing a similar wrapper function
for their project.


I've found that when people mention a specific language (in this case,
PHP), they are infatuated with the language but have never bothered to
crack open that language's source code to dig into how the language
actually works.  To some extent, they view the language as magical.  And
to some other extent, they irrationally fear looking at the source code
of the language.  Now is the perfect opportunity for the OP to start
learning how one of their favorite languages operates behind the scenes
with the goal of porting a single function that they are interested in.
This approach solves multiple core developer problems at the same time.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

Anibal F. Martinez Cortina


2016-12-14 11:17 GMT-03:00 Thomas J. Hruska <[hidden email]>:
On 12/14/2016 3:28 AM, Dr. Stephen Henson wrote:
On Wed, Dec 14, 2016, Salz, Rich wrote:

Is there some equivalent to PHP's openssl_sign_pkcs7 function for C/C++ users?

Look at the apps/pkcs7.c file as a starting point.  Get the command line doing what you want, and then work through the code to pull out only the bits you need.


Actually smime.c is the utility you want for PKCS#7. Alternatively cms.c if
you want CMS (the successor to PKCS#7).

Those though are general purpose utilities which do all sorts of things which
most appications don't care about. There are some demos in demos/smime and
demos/cms which are much simpler.

PHP is open source software written in C.

A quick lookup in PHP's git repository (it's source code) turns up:

http://git.php.net/?p=php-src.git;a=blob;f=ext/openssl/openssl.c;h=a4b302bd303579d8f3eb62abdd9f312d3fba264d;hb=HEAD#l5148

Now the OP has a model to follow for writing a similar wrapper function for their project.


I've found that when people mention a specific language (in this case, PHP), they are infatuated with the language but have never bothered to crack open that language's source code to dig into how the language actually works.  To some extent, they view the language as magical.  And to some other extent, they irrationally fear looking at the source code of the language.  Now is the perfect opportunity for the OP to start learning how one of their favorite languages operates behind the scenes with the goal of porting a single function that they are interested in. This approach solves multiple core developer problems at the same time.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
http://www.slproweb.com/

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

As a matter of facts, you're indeed right. I was daunted by the idea of going through PHP's source myself.. 
Thanks for the pointers, guys.
I'll report back as soon as I get some progress.

Kind regards,
Anibal.-

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Signing an XML file

silvioprog
On Wed, Dec 14, 2016 at 11:47 AM, Anibal F. Martinez Cortina <[hidden email]> wrote:
[...]
As a matter of facts, you're indeed right. I was daunted by the idea of going through PHP's source myself.. 
Thanks for the pointers, guys.
I'll report back as soon as I get some progress.

Kind regards,
Anibal.-

Add xmlsec to your wishlist. :-)


--
Silvio Clécio

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users