[openssl-users] How to produce a nested CMS / PKCS#7 structure?
wiml at omnigroup.com
Mon Nov 28 21:33:51 UTC 2016
On Nov 25, 2016, at 12:43 PM, Dr. Stephen Henson <steve at openssl.org> wrote:
> Something like that did happen for PKCS#7 but the OCTET STRING encapsulation
> is correct for CMS.
Aha, and this difference is called out in RFC5652 [5.2.1]. Thanks, that clarifies things for me a little. So typically it's only the outermost ContentInfo that directly embeds a CMS object without an intervening OCTET STRING, and other structures use EncapsulatedContentInfo instead of ContentInfo.
However, I think the other half of my problem remains: if I'm putting another CMS object into a SignedData, AuthEnvelopedData, or other kind of wrapper, the OCTET STRING should contain the encoding of that object's structure (e.g. a BER-encoded AuthEnvelopedData, SignedData, ContentWithAttributes, etc. structure), not a ContentInfo *containing* that structure, right? How do I get OpenSSL to give me that encoded object without an enclosing ContentInfo?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users