[openssl-users] PKCS7 signature process
Patrice Guérin
guerinp at talasi.fr
Wed May 16 15:19:33 UTC 2018
Hello OpenSSL-users
In the purpose of signing pdf files, I've found a difference of
behaviour that I can't explain between two ways of computing signatures.
The first one leads to an error in the way that Adobe says that the file
was modified after signing, the second does not.
First Method:
BIO* BioMem = BIO_new( BIO_s_mem() );
while ( Data )
BIO_write( BioMem , Data, DataLen );
MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
BIO* BioOut = BIO_new( BIO_s_mem() );
i2d_PKCS7_bio( BioOut , MyPKCS7 );
char* OutBuf = NULL;
int OutLen = BIO_get_mem_data( BioOut , &OutBuf );
Second Method:
BIO* BioMem = BIO_new( BIO_s_mem() );
MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
while ( Data )
BIO_write( BioMem , Data, DataLen );
PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
BIO* BioOut = BIO_new( BIO_s_mem() );
i2d_PKCS7_bio( BioOut , MyPKCS7 );
char* OutBuf = NULL;
int OutLen = BIO_get_mem_data( BioOut , &OutBuf );
It seems that the order between PKCS7_sign et BIO_Write that feeds the
memory BIO has an importance.
Can anybody explains why the first method is incorrect ?
Thank you in advance
Patrice.
More information about the openssl-users
mailing list