Hello OpenSSL-users
In the purpose of signing pdf files, I've found a difference of
behaviour that I can't explain between two ways of computing signatures.
The first one leads to an error in the way that Adobe says that the file
was modified after signing, the second does not.
First Method:
BIO* BioMem = BIO_new( BIO_s_mem() );
while ( Data )
BIO_write( BioMem , Data, DataLen );
MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
BIO* BioOut = BIO_new( BIO_s_mem() );
i2d_PKCS7_bio( BioOut , MyPKCS7 );
char* OutBuf = NULL;
int OutLen = BIO_get_mem_data( BioOut , &OutBuf );
Second Method:
BIO* BioMem = BIO_new( BIO_s_mem() );
MyPKCS7 = PKCS7_sign( Certificate, PrivateKey,NULL, BioMem ,
PKCS7_DETACHED | PKCS7_BINARY );
while ( Data )
BIO_write( BioMem , Data, DataLen );
PKCS7_final( MyPKCS7, BioMem , PKCS7_DETACHED | PKCS7_BINARY );
BIO* BioOut = BIO_new( BIO_s_mem() );
i2d_PKCS7_bio( BioOut , MyPKCS7 );
char* OutBuf = NULL;
int OutLen = BIO_get_mem_data( BioOut , &OutBuf );
It seems that the order between PKCS7_sign et BIO_Write that feeds the
memory BIO has an importance.
Can anybody explains why the first method is incorrect ?
Thank you in advance
Patrice.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
