All, Please let me know if my below mentioned usage of PKCS7_sign()+adding signer info is wrong and how. Really appreciate your response. cheers and regards Srinivas On 1/29/15, Srinivas Rao <srirrao at gmail.com> wrote: > OpenSSL experts, > > Here the intention is to get the signed data (raw signature obtained > by PKCS11 APIs like C_Sign) to be packed in PKCS7 format (attached - > with certificate, content and signer info) using openssl. > > I am using USB token (smart card) for signing. > > Here's the code snippet. > > PKCS7* p7 = PKCS7_new(); > PKCS7_set_type(p7, NID_pkcs7_signed); > //PKCS7_SIGNER_INFO* pSI = PKCS7_SIGNER_INFO_new(); > //PKCS7_SIGNER_INFO_set(pSI, pX509, pX509->cert_info->key->pkey, > EVP_sha256()); > //PKCS7_add_signer(p7, pSI); > PKCS7_SIGNER_INFO* pSI = PKCS7_add_signature(p7, pX509, > pX509->cert_info->key->pkey, EVP_sha256()); // <== core dumps here > : > : > where pX509 is correctly obtained X509* node using d2i_X509() from the > value obtained from PKCS11 funcstions like C_GetAttributeValue() etc. > > I believe the set of the commented lines is the alternate way for this > add signature function - that also dumps core at > PKCS7_SIGNER_INFO_set() function. > > I have no clue as to what am I doing wrong here. > > Appreciate your help. > > regards > Srinivas