Hi?Matt,Yes I have seen them and?am planning on using them. But the timestamp is embedded in the Authenticode signature as?a PKCS7 signedData under OID 1.3.6.1.4.1.311.3.3.1.?I have reached this oid but need to convert the PKCS7 signedData into?a structure?after which I will be able to use the ts apis.After some debugging, I found that the?version in the PKCS7 structure is 3. So I am now wondering if I need to use d2i_CMS_SignedData instead of d2i_PKCS7. Thanks,Leena. ? From: Matt Caswell <matt at openssl.org> To: openssl-users at openssl.org Sent: Tuesday, November 24, 2015 3:00 PM Subject: Re: [openssl-users] Verifying Authenticode timestamp using openssl apis On 24/11/15 05:17, Leena Soman wrote: > Hello, > I am trying to verify the timestamp in a file signed using Authenticode. > I have found that this timestamp is in the RFC3161 format. > Using openssl apis, I have parsed the Authenticode signature and reached > the oid 1.3.6.1.4.1.311.3.3.1. I have subsequently used the following apis : Am I right in understanding that you are attempting to use the OpenSSL ASN.1 APIs to parse an RFC3161 response? Did you realise that OpenSSL has APIs that support RFC3161 directly? See opensssl/ts.h as well as the "openssl ts" command line app. Matt _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151124/9045f052/attachment.html>
