pkcs#7

问题 I need to extract the user certificate from a pkcs7 signature file. I can do it via the command line using the following: openssl pkcs7 -in somesign.pks7 -inform PEM -print_certs This will give me the entire certificate chain and I can process the resulting file to extract what I want. Is there any way to do that with the openssl_pkcs7_ commands? I saw that openssl_pkcs7_verify has the $outfilename where the certs would be stored but I don't have the signed message, but it seems the $filename

问题 I'm working on an MDM NodeJS server for iOS. On the Apple docs, the following ruby code is given : p7sign = OpenSSL::PKCS7::PKCS7.new(req.body) store = OpenSSL::X509::Store.new p7sign.verify(nil, store, nil, OpenSSL::PKCS7::NOVERIFY) signers = p7sign.signers What would be the equivalent in NodeJS? The idea is to access p7sign.data that contains an xml plist. Is this possible using either crypto or an external node lib ( ursa , etc)? 回答1: A good option would be to use child_process to invoke

问题 I need to get a detached PKCS #7 signature of some string in Python, using PyOpenSSL. I've got a key in .p12 file. So far, I'm trying to do so: from OpenSSL.crypto import load_pkcs12, sign pkcs12 = load_pkcs12(key_dat, key_pwd) algo = pkcs12.get_certificate().get_signature_algorithm() pkey = pkcs12.get_privatekey() sg = sign(pkey, manifest, algo) But it's not what required. I've searched net, but most examples are related to signing email chunks and use M2Crypto. Is there any way of doing it

问题 I have a pkcs#7 file, which contains signed data. It successfully verifies: $ openssl smime -verify -in data.p7s -CAfile root-certificate.pem Verification successful Signed data But when I extract the signed part, I do not see that it is actually the same as what was signed. I mean the following steps: $ openssl asn1parse -in data.p7s ... 35:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 46:d=4 hl=2 l=inf cons: cont [ 0 ] 48:d=5 hl=2 l=inf cons: OCTET STRING 50:d=6 hl=2 l= 5 prim: OCTET STRING :(my

问题 I have a pkcs#7 file, which contains signed data. It successfully verifies: $ openssl smime -verify -in data.p7s -CAfile root-certificate.pem Verification successful Signed data But when I extract the signed part, I do not see that it is actually the same as what was signed. I mean the following steps: $ openssl asn1parse -in data.p7s ... 35:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data 46:d=4 hl=2 l=inf cons: cont [ 0 ] 48:d=5 hl=2 l=inf cons: OCTET STRING 50:d=6 hl=2 l= 5 prim: OCTET STRING :(my

问题 Is there any openssl api function to convert PKCS7 file to PEM. I am able to convert a PKCS12 file to PEM using PKCS12_parse() function which returns key and certificate given the password. There is no similar function for pkcs7. My pkcs7 input has just the certificate in binary format. I am able to do the conversion using command openssl pkcs7 -inform DER -in input.p7b -printcerts -text How do I do this in a C program? I am able to read it to a PKCS7 structure like this FILE* fp; if (!(fp =

问题 I am developing a web application to encrypt some texts with java 6. The encrypted that I have to do is a AES (Rijndael) in CBC mode with PKCS7 padding and a 128-bit key. I saw an article that explains how to encrypt in the same way I have to do, but with PKCS5 padding. The link of the article is here: https://bit502.wordpress.com/2014/06/27/codigo-java-encriptar-y-desencriptar-texto-usando-el-algoritmo-aes-con-cifrado-por-bloques-cbc-de-128-bits/ I change private final static String cI =

问题 I am getting PKCS7 file (p7b). I want to read the content of the file and extract certificate in X509 structure. How can I access individual Certificate from the PKCS container using openssl library? 回答1: I've used the following program: #include <stdio.h> #include <openssl/pkcs7.h> #include <openssl/x509.h> #include <openssl/bio.h> #include <openssl/pem.h> int main(int argc, char **argv) { PKCS7 *p7 = NULL; BIO *in = BIO_new(BIO_s_file()); BIO *out = BIO_new(BIO_s_file()); int der = 0; /*

问题 I am getting PKCS7 file (p7b). I want to read the content of the file and extract certificate in X509 structure. How can I access individual Certificate from the PKCS container using openssl library? 回答1: I've used the following program: #include <stdio.h> #include <openssl/pkcs7.h> #include <openssl/x509.h> #include <openssl/bio.h> #include <openssl/pem.h> int main(int argc, char **argv) { PKCS7 *p7 = NULL; BIO *in = BIO_new(BIO_s_file()); BIO *out = BIO_new(BIO_s_file()); int der = 0; /*

问题 I have root, intermediate and end entity certificates and, I want to package it in pkcs # 7 format using bouncy castle. How can I do it? 回答1: At the very first, you have to read latest RFC on PKCS#7/CMS. Please click on this RFC Link to read. Now to fulfill your objective, use bouncycastle. You need to generate CMSSignedData data. For that, you need to prepare private key and Certificate chain. Here, I am going to assume, you already have those. Now prepare CMSProcessableByteArray.