Highest Voted 'pkcs7' Questions - IT Security Stack Exchange

7

votes

1 answer

Sign GnuPG master key with own X.509 certificate?

Can I use a trusted X.509 digital certificate to facilitate the expansion of my personal web of trust? To be more specific: Can I use my X.509 certificate to sign my personal GnuPG master key? Will recipients be able to use the CA's certificates to…

asked Dec 14 '15 at 22:54

Matheus Moreira

321
3
16

6

votes

1 answer

How do you get the PE file hash of a signed file?

I have a PE binary with a digital signature. I want to get the original PE hash (not the hash of the whole file). I can't figure out how to read it from the file. The Authenticode spec suggests the PKCS#7 signature block (e.g. the Attribute…

digital-signature pkcs7

asked Feb 08 '18 at 01:00

dockd

61
2

6

votes

1 answer

Why is it called micalg?

RFC3851 says: The multipart/signed Content type has two required parameters: the protocol parameter and the micalg parameter. and The micalg parameter allows for one-pass processing when the signature is being verified. I haven't found…

digital-signature terminology pkcs7

asked Dec 26 '17 at 15:36

user1511417

617
5
20

4

votes

0 answers

What is the difference between PKCS#7 and CADES, PADES and XADES?

I am newbie in PKI. For signing a pdf documents we are free to consider each pkcs#7 format or PADES format. If I have some misunderstandings, please turn it on for me.

digital-signature pdf pkcs7 eidas

asked Apr 20 '19 at 06:25

rashid

41
3

3

votes

0 answers

Verify PKCS#7 (CMS) detached signature with timestamp with OpenSSL

I have a PKCS#7 (i.e., CMS) detached signature of a file that is signed by my signing certificate and then timestamp signed by a TSA that is all generated by an application we wrote. I would like to give a third party the original data file and the…

openssl digital-signature timestamp pkcs7

asked Mar 16 '19 at 20:43

Hmmmmm

235
2
7

3

votes

4 answers

Common format to send encrypted data + IV?

I have an app that receive data from third parties using various protocols: MQTT, HTTP, AMQP, ... Some clients cannot use TLS (iot devices without TLS support), so we need to find some compact and easy way to receive encrypted data. My idea is to…

encryption aes salt pkcs7

asked Jul 28 '18 at 09:16

Davide Icardi

33
8

2

votes

1 answer

Why is the digest algorithm specified in two places in CMS / PKCS7?

In RFC5652, Cryptographic Message Syntax (CMS), section 5.3. SignerInfo Type, there's a digestAlgorithm field that has values like id-sha256, id-sha1, etc. In that same RFC, section 5.1. SignedData Type there's a digestAlgorithms field that in my…

asn1 pkcs7

asked Aug 18 '15 at 04:14

neubert

1,605
3
18
36

2

votes

2 answers

Key Exchange using RSA public key without a certificate

I want to share AES key using RSA. What is the recommended/widely used format for encrypting the AES key and its attributes with the public key? I know that PKCS#7/CMS enveloped-data allows encrypting any key with its attributes using a certificate.…

cryptography aes rsa key-exchange pkcs7

asked Feb 01 '21 at 03:20

Amir

21
1

2

votes

1 answer

Distinguish the end-entity cert in a PKCS#7 (P7B) cert chain

Is there a standard/definitive way to distinguish the end-entity cert in a PKCS#7 (P7B) cert chain? I believe the PKCS#7 standard doesn't not specify sequence when ordering the certs in the chain, but most tools do sequence them in (either bkw or…

certificates pkcs7

asked Mar 11 '19 at 19:28

galaxis

135
5

2

votes

1 answer

How does actually countersignature work in authenticode?

I'm trying to understand the timestamp processing in the authenticode verification mechanism and it looks pretty simple, but I really do not understand how signature can be valid while both certificates (code and timestamp) are not in validity…

windows digital-signature pkcs7

asked Mar 13 '17 at 12:30

Sergey Perfilev

31
3

2

votes

0 answers

CMS signed data OpenSSL verification error

I have a CMS signed data that is successfully verified through Java BouncyCastle library. When trying to verify through OpenSSL, I am getting the following error: >openssl smime -verify -inform der -in cmssigneddata -CAfile cert.pem 6111…

openssl digital-signature rsa pkcs7 pkcs1

asked Dec 10 '15 at 11:55

user1563721

1,099
11
22

1

vote

1 answer

How do I get the subject public key from a PKCS7 message?

Quoting RFC4562, Cryptographic Message Syntax (CMS), section 5.6. Signature Verification Process: The recipient MAY obtain the correct public key for the signer by any means, but the preferred method is from a certificate obtained from the…

asn1 pkcs7

asked Aug 15 '15 at 19:59

neubert

1,605
3
18
36

1

vote

1 answer

Parse VBA Macro Digital Signature

When I open up my macro-enabled office files (i.e., .docm, .xlsm, .pptm) that contain signed macros as a Zip file, I see the following three files which I assume contain the digital signatures for the…

digital-signature pkcs7 macro

asked Oct 19 '21 at 07:18

Hmmmmm

235
2
7

1

vote

1 answer

What is the PKCS#7 detached signature format?

This website claims that (emphasis added): In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external…

standards pkcs7

asked May 22 '21 at 21:29

JamesTheAwesomeDude

581
4
15

1

vote

1 answer

Is it important that every TLS1.2 encrypted message have padding?

what if data we are sending is such that size(data) + size(mac) =multiple of block size If this case if possible how the receiver will determine that no padding is present ???

tls pkcs7

asked Jul 31 '20 at 09:28

shefaligups11 Gups

11
1

Questions tagged [pkcs7]