|

Computer Security

»

Encryption and Cryptography

»

problem verifing a CMS enveloppe signature when the certificate is'nt included in enveloppe

View: New views

3 Messages — Rating Filter: Alert me

	problem verifing a CMS enveloppe signature when the certificate is'nt included in enveloppe by Aymeric-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, the problem is the keyset returns an error when importing a public key(from certificate). I know it's suppose to have a private key first, but I can't have the private key of my partners, only their certifiates. So what I want is to verify the signature of a cms enveloppe (received from the partner) that didn't included the signing certificate (inclusion is not mandatory according to CMS RFC). CRYPT_CERTIFICATE cert1; /* OK inited previously with cryptImportCert from a PEM file / CRYPT_KEYSET keyset1; cryptKeysetOpen( &keyset1, CRYPT_UNUSED, CRYPT_KEYSET_FILE, "key.p15", CRYPT_KEYOPT_CREATE); / OK it is empty and ready now / cryptAddPublicKey(keyset1, cert1) / ERROR -1 meaning PARAM1 so the keyset1 / / The utlimate goal is to write cr = cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_KEYSET_SIGCHECK, keyset1); */ I don't want to use database connection, I work only with files. Is Cryptlib providing a solution for verifying signatures without database? if not is there a simple example for database use? Help appreciated . _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.
	Re: problem verifing a CMS enveloppe signature when the certificate is'nt included in enveloppe by Alvaro Livraghi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, > I don't want to use database connection, I work only with files. Is Cryptlib > providing a solution for verifying signatures without database? > if not is there a simple example for database use? You could import the appropriate certificate file (in PEM or DER format) using the cryptImportCert function. Then you will have to set the CRYPT_ENVINFO_SIGNATURE attribute of your envelope with the CRYPT_CERTIFICATE handle returned from previous call using cryptSetAttribute. Regards Alvaro _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.
	Re: problem verifing a CMS enveloppe signature when the certificate is'nt included in enveloppe by Peter Gutmann :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message "Aymeric" <aymeric.plane@...> writes: >I don't want to use database connection, I work only with files. Is Cryptlib >providing a solution for verifying signatures without database? If you've only got one or two certificates and you don't want to use a certificate store, just write the certificate to disk as a file. You can then use cryptImportCert() to turn it back into a certificate object. Peter. _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.