PKCS7 signature process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello OpenSSL-users

In the purpose of signing pdf files, I've found a difference of behaviour that I can't explain between two ways of computing signatures. The first one leads to an error in the way that Adobe says that the file was modified after signing, the second does not.

First Method:
    BIO* BioMem = BIO_new( BIO_s_mem() );
    while ( Data )
BIO_write( BioMem , Data, DataLen );
    MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
    PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
    BIO* BioOut = BIO_new( BIO_s_mem() );
    i2d_PKCS7_bio( BioOut , MyPKCS7 );
    char*    OutBuf = NULL;
    int OutLen = BIO_get_mem_data( BioOut , &OutBuf );

Second Method:
    BIO* BioMem = BIO_new( BIO_s_mem() );
    MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
    while ( Data )
        BIO_write( BioMem , Data, DataLen );
    PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
    BIO* BioOut = BIO_new( BIO_s_mem() );
    i2d_PKCS7_bio( BioOut , MyPKCS7 );
    char*    OutBuf = NULL;
    int OutLen = BIO_get_mem_data( BioOut , &OutBuf );

It seems that the order between PKCS7_sign et BIO_Write that feeds the memory BIO has an importance.

Can anybody explains why the first method is incorrect ?

Thank you in advance
Patrice.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux