Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PKCS1->PKCS7

254 views
Skip to first unread message

Alessio

unread,
Apr 4, 2008, 7:15:41 AM4/4/08
to
Hi, I've build a PKCS#1 blob with the cryptoapi function
"CryptSignHash" with the "dwKeySpec" flag setted to "AT_SIGNATURE".
How can I build the analog PKCS#7 blob including SignerInfo?

Thanks in advance.

Alessio

Mitch Gallant

unread,
Apr 4, 2008, 10:49:54 AM4/4/08
to
If you want to create a pkcs#7 signed message, it is best to work with the
high-level capi message function CryptSignMessage which manages the lower
level calls. If you really want to do the details, you could step down to
the CryptMsgOpenToEncode and CryptMsgUpdate etc.

It is not a good idea to manually start with a pkcs1 blob (the encrypted
hash) and construct the pkcs7 (although it is possible). For starters,
CryptSignHash creates the signed hash in REVERSE byte order to that embedded
in the pkcs7 structure. Second, you will often want the signature to cover
other attributes (other than the original base content). This is managed
fairly easily using CryptSignMessage.

Here's a simple view of pkcs7 versus pkcs1:
http://www.jensign.com/JavaScience/sigview

- Mitch Gallant
http://www.jensign.com

"Alessio" <ales...@dataflex.it> wrote in message
news:880b5ae2-6383-4fd2...@t54g2000hsg.googlegroups.com...

Alessio

unread,
Apr 7, 2008, 4:28:12 AM4/7/08
to
Thank you.

I think that I can't use CryptSignMessage becose I only have the hash
of the file that I have to sign.
So I've thought that I can sign the hash using CryptSignHash and then
build a PKCS#7 like a detached signature.
Do you think it's possible?
The only function that I can use is CryptEncodeObject or there is
another way to do that?

Best regards.

Alessio

fanka...@gmail.com

unread,
Apr 21, 2008, 12:20:23 AM4/21/08
to

i have the same question,have you got a solution?

0 new messages