[openssl-users] Wrong usage of PKCS7_add_signature()??

Srinivas Rao srirrao at gmail.com
Fri Jan 30 13:46:31 UTC 2015


All,

Please let me know if my below mentioned usage of PKCS7_sign()+adding
signer info is wrong and how.

Really appreciate your response.

cheers and regards
Srinivas

On 1/29/15, Srinivas Rao <srirrao at gmail.com> wrote:
> OpenSSL experts,
>
> Here the intention is to get the signed data (raw signature obtained
> by PKCS11 APIs like C_Sign) to be packed in PKCS7 format (attached -
> with certificate, content and signer info) using openssl.
>
> I am using USB token (smart card) for signing.
>
> Here's the code snippet.
>
> 	PKCS7* p7 = PKCS7_new();
> 	PKCS7_set_type(p7, NID_pkcs7_signed);
> 	//PKCS7_SIGNER_INFO* pSI = PKCS7_SIGNER_INFO_new();
> 	//PKCS7_SIGNER_INFO_set(pSI, pX509, pX509->cert_info->key->pkey,
> EVP_sha256());
> 	//PKCS7_add_signer(p7, pSI);
> 	PKCS7_SIGNER_INFO* pSI = PKCS7_add_signature(p7, pX509,
> pX509->cert_info->key->pkey, EVP_sha256());  // <== core dumps here
>         :
>         :
> where pX509 is correctly obtained X509* node using d2i_X509() from the
> value obtained from PKCS11 funcstions like C_GetAttributeValue() etc.
>
> I believe the set of the commented lines is the alternate way for this
> add signature function - that also dumps core at
> PKCS7_SIGNER_INFO_set() function.
>
> I have no clue as to what am I doing wrong here.
>
> Appreciate your help.
>
> regards
> Srinivas


More information about the openssl-users mailing list