[openssl-users] Verifying Authenticode timestamp using openssl apis
Leena Soman
leenanand at yahoo.com
Tue Nov 24 10:44:41 UTC 2015
Hi Matt,Yes I have seen them and am planning on using them. But the timestamp is embedded in the Authenticode signature as a PKCS7 signedData under OID 1.3.6.1.4.1.311.3.3.1. I have reached this oid but need to convert the PKCS7 signedData into a structure after which I will be able to use the ts apis.After some debugging, I found that the version in the PKCS7 structure is 3. So I am now wondering if I need to use d2i_CMS_SignedData instead of d2i_PKCS7.
Thanks,Leena.
From: Matt Caswell <matt at openssl.org>
To: openssl-users at openssl.org
Sent: Tuesday, November 24, 2015 3:00 PM
Subject: Re: [openssl-users] Verifying Authenticode timestamp using openssl apis
On 24/11/15 05:17, Leena Soman wrote:
> Hello,
> I am trying to verify the timestamp in a file signed using Authenticode.
> I have found that this timestamp is in the RFC3161 format.
> Using openssl apis, I have parsed the Authenticode signature and reached
> the oid 1.3.6.1.4.1.311.3.3.1. I have subsequently used the following apis :
Am I right in understanding that you are attempting to use the OpenSSL
ASN.1 APIs to parse an RFC3161 response?
Did you realise that OpenSSL has APIs that support RFC3161 directly? See
opensssl/ts.h as well as the "openssl ts" command line app.
Matt
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151124/9045f052/attachment.html>
More information about the openssl-users
mailing list