[openssl-users] Can't replicate subcommand openssl smime -sign using pkcs7 functions

Tue Aug 22 11:48:11 UTC 2017

Hi! I’m a hobbiest developer. I’m trying to execute this command using C functions in objective C. The output using this subcommand and its functions are very different. I’d been reading the open source smime.c file but I don’t understand where is my mistake. Nevertheless I don’t know where I can get a detailed documentation of the flags. Below I paste my code and a stack overflow question I had asked. Thanks for your time.

openssl smime -sign -signer *certificate.cer* -inkey *myKey* -outoutFile.xml.cms -in *infile.xml -outform PEM -nodetach

I do try to do this in Objective-C, but the length of the string which I end up is very different.

SSL_library_init();

OPENSSL_add_all_algorithms_noconf();

OpenSSL_add_all_digests();
//Load the private key
NSString *privateKeyPath = [[NSBundle mainBundle]pathForResource:@"nameOfPrivateKeyFile" ofType:@"”];

BIO* bio = BIO_new_file([privateKeyPath cStringUsingEncoding:NSUTF8StringEncoding], "rb");
if (!bio) {
	NSLog(@"Error %s (%d)",strerror(errno), errno);
}

EVP_PKEY* pkey = NULL;

PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL);

if (!pkey) {    
	NSLog(@"problem");
}

BIO_free_all(bio);

// Load the certificate

X509* certificate = NULL;
NSString *certificatePath = [[NSBundle mainBundle]pathForResource:@"certificateFilePath" ofType:@"cer"];

bio = BIO_new_file([certificatePath cStringUsingEncoding:NSUTF8StringEncoding], "rb");

certificate = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);

BIO_free_all(bio);

//Sign the binary..

PKCS7* pkcs7 = PKCS7_sign(NULL, NULL, NULL, NULL, PKCS7_PARTIAL);

PKCS7_sign_add_signer(pkcs7, certificate, pkey, NULL, PKCS7_PARTIAL);

PKCS7_final(pkcs7, NULL, PKCS7_PARTIAL);

if (!pkcs7) {    
	NSLog(@“Problem in PKCS7");
}

BIO_free_all(bio);

//Load file to sign..
NSString *fileToWritePath = [[NSBundle mainBundle]pathForResource:@"fileToEncrypt" ofType:@"xml"];

bio = BIO_new_file([fileToWritePath cStringUsingEncoding:NSUTF8StringEncoding], "rb");
NSString *fileToSignPath = [[NSBundle mainBundle]pathForResource:@"fileToSign" ofType:@"xml"];

BIO* bioIn = BIO_new_file([secondTicketPath cStringUsingEncoding:NSUTF8StringEncoding], "rb");
if (!bioIn) {
    NSLog(@"Error %s (%d)",strerror(errno), errno);
}

int rv = PEM_write_bio_PKCS7_stream(bio, pkcs7, bioIn, PKCS7_F_PKCS7_FINAL);

if (rv == 0){    
	NSLog(@"Error writting file ");
}

NSString *result = [NSString stringWithContentsOfFile:dalaiPath encoding:NSUTF8StringEncoding error:NULL];

The expected result is this file in printed in text format

-----BEGIN PKCS7-----

MIIG7QYJKoZIhvcNAQcCoIIG3jCCBtoCAQExCzAJBgUrDgMCGgUAMIIBWAYJKoZI
…….
qz5dxSDJ4rYBoio1ZncTIwUnpHAWwe2OTWt9wSEu3d5elPFXQ
mw
==
-----END PKCS7——

but I obtain, the length of the string is completely different (short) I cannot get the -----END PKCS7------ part of the message. Now the first part of the message seems right. But not the last.

-----BEGIN PKCS7-----

MIIF3QYJKoZIhvcNAQcCoIIFzjCCBcoCAQExDzANBglghkgBZQMEAgEFADAPBgkq
…….
aPdcT7Wg5StNrGYsmmRzxaY=

Can anyone please give a clue of what I may be doing wrong?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170822/5c2b0f6d/attachment-0001.html>