Questions tagged [pkcs7]
27 questions
1
vote
1 answer
How to convert this .NET cryptography code to openssl command?
how to sign the message with the private key of the signer using openssl command line tool to get the same result as the code below?
using System.Security.Cryptography.Pkcs;
using System.Security.Cryptography.X509Certificates;
using…
User
- 111
- 2
1
vote
1 answer
What exactly is digested in an S/MIME signated-only e-mail?
What exactly is digested in an S/MIME signated-only e-mail?
It's definitely not only a sha256-digest of the original message, which means that
$ openssl dgst -sha256 <<< "Text"
would never create the digest that is created for a S/MIME mail with the…
user1511417
- 617
- 5
- 20
0
votes
1 answer
how to validate PKCS7 signed message signed with a self-signed cert via OpenSSL CLI
openssl cms -in demo.p7m -inform DER -verify verifies the signature on a CMS / PKCS7 encoded message but if the cert that did the signing is self-signed I get a "self signed certificate" error. ie. it doesn't seem to actually verify the CMS / PKCS7…
neubert
- 1,605
- 3
- 18
- 36
0
votes
1 answer
extendedCertificate's in PKCS7 / CMS
In PKCS7 / CMS, for the signed-data content type, there's a CertifcateChoices field in the certicates field in SignedData that is a SET of CertificateChoices. CertificateChoices is defined thusly:
CertificateChoices ::= CHOICE {
certificate…
neubert
- 1,605
- 3
- 18
- 36
0
votes
1 answer
OpenSSL: how to get matching subject_hash from a CMS SignerInfo?
So OpenSSL can calculate a hash value for X509 certificates that uniquely identifies this certificate:
https://www.openssl.org/docs/man1.0.2/man1/x509.html (argument -hash or -subject_hash)
now, if I have a CMS file…
matthias_buehlmann
- 565
- 4
- 12
0
votes
1 answer
What header & footer to use when storing RFC3161 token in PEM format
The RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) specification states
3. Transports
There is no mandatory transport mechanism for TSA messages in this
document. The mechanisms described below are optional; additional
optional mechanisms…
matthias_buehlmann
- 565
- 4
- 12
0
votes
0 answers
How to extract and verify PDF signature (PKCS7) with openssl?
I would like to detect signed PDFs in PHP and verify if the signature is valid. From this document I have written this PHP code below.
What it does is:
Extract the PKCS7 code (it works because I can get the details from Openssl)
Compute the…
nowox
- 347
- 2
- 11
0
votes
1 answer
Why is PKCS used?
Can anybody help me in understanding why PKCS is used? My confusion is that whether PKCS is used to transfer key in between client and server OR it is a standard to encrypt and decrypt the payload.
I know I am asking some basic question But I am new…
Prajeesh K P
- 1
- 3
0
votes
1 answer
Why is PKCS#7 used as a response to PKCS#10?
Why is the certificate that results from a CSR usually contained in a PKCS#7? The signature of the certificate is contained within the certificate itself so there's no need for an external signature anyway and looking at some of the result PKCS#7…
mroman
- 555
- 3
- 9
0
votes
1 answer
Is there an industry-standard data container for asymmetric encryption / signing with secure algorithms?
I want to encrypt a large blob of binary data (let's say, 1GB), using asymmetric encryption (so that only public key is needed to encrypt the data, but private key is needed to decrypt it). As a nice addition, I would like to sign it (and, ideally,…
penartur
- 101
- 1
0
votes
1 answer
What all content PKCS#7 can have and what is the purpose of each?
When signed data is packaged as PKCS#7,
what all content PKCS#7 could be there(Ex. certificates, signature, etc.)?
And what are the purpose of packaging all those contents?
susthan
- 63
- 1
- 5
0
votes
1 answer
Standard digital signature data representation
I am creating digital signatures using various scheme, e.g. RSASSA-PSS.
The result is bytes that represents signed data with private key.
I would like to store signature as a standard data representation that would be understand by third parties…
user1563721
- 1,099
- 11
- 22