[openssl-users] Verifying Authenticode timestamp using openssl apis

Tue Nov 24 10:46:36 UTC 2015

Hi Matt,Here is an excerpt of openssl asn1parse ------------------------------------------------------------------------------------------------3588:d=5  hl=4 l=4940 cons: cont [ 1 ]
 3592:d=6  hl=4 l=4936 cons: SEQUENCE
 3596:d=7  hl=2 l=  10 prim: OBJECT            :1.3.6.1.4.1.311.3.3.1
 3608:d=7  hl=4 l=4920 cons: SET
 3612:d=8  hl=4 l=4916 cons: SEQUENCE
 3616:d=9  hl=2 l=   9 prim: OBJECT            :pkcs7-signedData
 3627:d=9  hl=4 l=4901 cons: cont [ 0 ]
 3631:d=10 hl=4 l=4897 cons: SEQUENCE
 3635:d=11 hl=2 l=   1 prim: INTEGER           :03
 3638:d=11 hl=2 l=  15 cons: SET
 3640:d=12 hl=2 l=  13 cons: SEQUENCE
 3642:d=13 hl=2 l=   9 prim: OBJECT            :sha256
 3653:d=13 hl=2 l=   0 prim: NULL
 3655:d=11 hl=4 l= 316 cons: SEQUENCE
 3659:d=12 hl=2 l=  11 prim: OBJECT            :id-smime-ct-TSTInfo
 3672:d=12 hl=4 l= 299 cons: cont [ 0 ]
 3676:d=13 hl=4 l= 295 prim: OCTET STRING      [HEX DUMP]:30820123020101060A2B0601040184590A03013031300D060960864801650304020105000420817580D34E29FAD72349E478B6EA0B6354F926FD5CB8719E230D0672BFC5E9C102065593CB94E2BC181232303135303731303035303331352E37315A3007020101800201F4A081B9A481B63081B3310B3009060355040613025553311330110603550408130A57617368696E67746F6E3110300E060355040713075265646D6F6E64311E301C060355040A13154D6963726F736F667420436F72706F726174696F6E310D300B060355040B13044D4F505231273025060355040B131E6E436970686572204453452045534E3A433046342D333038362D44454638312530230603550403131C4D6963726F736F66742054696D652D5374616D702053657276696365
 3975:d=11 hl=4 l=3792 cons: cont [ 0 ]
 3979:d=12 hl=4 l=1649 cons: SEQUENCE
 3983:d=13 hl=4 l=1113 cons: SEQUENCE
 3987:d=14 hl=2 l=   3 cons: cont [ 0 ]
 3989:d=15 hl=2 l=   1 prim: INTEGER           :02
 3992:d=14 hl=2 l=  10 prim: INTEGER           :6109812A000000000002
 4004:d=14 hl=2 l=  13 cons: SEQUENCE
 4006:d=15 hl=2 l=   9 prim: OBJECT            :sha256WithRSAEncryption
 4017:d=15 hl=2 l=   0 prim: NULL
 4019:d=14 hl=3 l= 136 cons: SEQUENCE
 4022:d=15 hl=2 l=  11 cons: SET
 4024:d=16 hl=2 l=   9 cons: SEQUENCE
 4026:d=17 hl=2 l=   3 prim: OBJECT            :countryName
 4031:d=17 hl=2 l=   2 prim: PRINTABLESTRING   :US-------------------------------------------------------------------------------------------------
Thanks,Leena.
       From: Matt Caswell <matt at openssl.org>
 To: openssl-users at openssl.org 
 Sent: Tuesday, November 24, 2015 3:00 PM
 Subject: Re: [openssl-users] Verifying Authenticode timestamp using openssl apis

On 24/11/15 05:17, Leena Soman wrote:
> Hello,
> I am trying to verify the timestamp in a file signed using Authenticode.
> I have found that this timestamp is in the RFC3161 format.
> Using openssl apis, I have parsed the Authenticode signature and reached
> the oid 1.3.6.1.4.1.311.3.3.1. I have subsequently used the following apis :

Am I right in understanding that you are attempting to use the OpenSSL
ASN.1 APIs to parse an RFC3161 response?

Did you realise that OpenSSL has APIs that support RFC3161 directly? See
opensssl/ts.h as well as the "openssl ts" command line app.

Matt
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151124/81d67a5a/attachment-0001.html>