pkcs7

What is the algorithm identifier when using AES in CBC mode with ISO 10126 padding inside of PKCS#7?

I want to use PKCS#7 as a container format for some encrypted, signed content and we need to use AES in CBC mode with ISO 10126 based padding. I can't seem to find a concrete reference to an algorithm identifier to use for this combination. I can invent my own but would then lose interoperability with other tools. ...

How to read Pkcs#7 certificate chain from file/stream in C#?

I have two certificates that I saved to disk. One is a certificate with private key that I exported as a .pfx file, the other one is a certificate that I saved including its certificate chain as a PKCS#7 file ("certchain.p7b"). In C# I can now load the .pfx file with var cert = new X509Certificate2(myPfxFileStream); (myPfxFileStrea...

SignedCms.CheckSignature() with renewed cert -> new serial?????

hi programming folks, i am using SignedCms.CheckSignature(certColl, true) (with only one cert in certColl) to verify the signature of a pkcs-7 message. My problem is that i dont want to change the (public part of the) signers certificate on my server after the signer has renewed his certificate :-( The public key, issuer and subject a...

digital signature - detached Pkcs#7 to XML-DSIG

Hi! I am struggling with the following scenario: an XML-message is created client-side and digitally signed using mozilla's window.crypto.signText. After signing, the message and the signature are transmitted via a webservice (.net) to the server. Everything is fine until this point. on the server, the XML shall be included in another...

Alternatives to Bouncy Castle java library for PKCS7 encryption/signing?

We've always used the BouncyCastle library, I'm being asked if there are other viable alternatives, either open source or not. Or is the BouncyCastle library already the best one to use? ...

Is there any OpenSSL function to convert PKCS7 file to PEM

Hi, Is there any openssl api function to convert PKCS7 file to PEM. I am able to convert a PKCS12 file to PEM using PKCS12_parse() function which returns key and certificate given the password. There is no similar function for pkcs7. My pkcs7 input has just the certificate in binary format. I am able to do the conversion using command ...

How do I create an encrypted PayPal button dynamically in Google App Engine?

So far I have found an example for Django that uses M2Crypto, but because M2Crypto is based on a C library, it cannot be run on GAE. Does anyone have a working code for creating an encrypted PayPal button dynamically in Google App Engine? In a nutshell, I need to translate the following Ruby code into Python. It's taken from PayPal's We...

How to encode a value in PKCS7 with Java?

Hi, I would like to use PKCS7 encryption to encode a value together with Java and Java Servlet. Is there any available library and references to do the encryption? Any sample or tutorial that I could follow? Thank you. ...

PKCS#7 Signed Code Image extracting

Hi, I wanted to extract the Signer Informations from PKCS#7 Signed Code Image using C/CPP. I wanted to know the openssl API's. I am Able to extract Using bouncy castle (CMSSignedData). Please let me know the openssl API's which I can use in C/CPP to extract the each signers and signer informations and verify the Signers. is there any ...

Question about creating digital signature using OpenSSL‏(pkcs7)

I'm using OpenSSL to create digital signature fo my application but I'm getting one problem. BIO *in = NULL, *out = NULL, *tbio = NULL; X509 *scert = NULL; EVP_PKEY *skey = NULL; PKCS7 *p7 = NULL; .......................... .......................... **p7 = PKCS7_sign(scert, skey, NULL, in, flags);** I don't know how can we get digita...

Signature Generation using PKCS#7 Specifications

I want to prepare a digital signature over some content using PKCS#7 specifications(only Signed Data). I am getting signer certificates by accessing SMART card device. I am using BouncyCastle as a provider in Java and using getEncoded method of CMSSignedData class but the output i am getting is not right and its not working. Can anybody ...

Verifying PKCS#7 certificates in Java

Hello everyone. Need some help with crypto routines in Java. Given a PKCS#7 signature, I want to verify all certificates it contains against a trusted store. I assume that all certificates contained in signature are in the correct order to form a valid certificate path (or chain, whatever), so that topmost (#0) is a signing certificat...

Decrypt p7m File Using C#?

I have a .p7m (application/pkcs7-mime) encrypted file on my hard drive, and the associated Private Key it was encrypted with. It is encrypted with AES (128bit) and enveloped with RSA (1024bit). I have successfully imported the key from my key store but I dont know how i would go about using it to decrypt a .p7m file. Any suggestions? ...

BouncyCastle create PKCS 7 Encrypted File? C#

I am trying to use BouncyCastle to encrypt a file using the PKCS 7 file standard. Here is the code I have which outputs a p7m file. When I go to decrypt the file (using Entrust) I am prompted for my key store password, so it knows the file was encrypted for me using AES 128, but it cannot decrypt the body of the file. Something has to be...

C# Create MIME Message?

Is there any built in functionality to MIME a file in C# .Net? What I am looking to do is: Convert a file into a MIME message Sign the MIME Message to a pcks 7 blob MIME that pkcs 7 blob Finally encrypt the entire thing. Any suggestions on how I would go about this (not the encryption or signing part but the MIMEing)? What exactly is...

Should X509 certificate have nonRepudiation bit set to check PKCS7 signature?

X509 certificate has set of keyUsage bits. Two of them are digitalSignature nonRepudiation (recent editions of X.509 have renamed this bit to contentCommitment). I read X509 RFC (http://tools.ietf.org/html/rfc5280) and it talks about general usage of these bit. And I read PKCS7 RFC (http://tools.ietf.org/html/rfc2315) and it talks abou...

Add Signing Time to PKCS7 Signed CMS?

I'm trying to add the signing time attribute to a file that I am signing using SignedCMS. private byte[] signFile(byte[] fileContent, X509Certificate2 verificationCert) { ContentInfo contentInfo = new ContentInfo(fileContent); SignedCms signedCMS = new SignedCms(contentInfo); CmsSigner cmsSigner = new CmsSigner(SubjectIdentif...

C# PKCS signatures

Hi, Im devloping a system that needs to sign files. I already have a function that receive the byte[] of data to sign and the X509 Certificate and computes the signature using System.Security.Cryptography.Pkcs namespace. Its important to note that we need the signature to be dettached, so for verification we use the file, the dettached ...

Add content to PKCS7 detached signature

Hello, I have a content application that stores PKCS7 detached signatures in a database and the original file on the disk. Now I'll have to send an unique file to a customer containing the original document and the signature, as it if were signed attached. Note that the document hasn't been and won't be encrypted. Does someone knows how ...

Signing data with PKCS #7 (opaque) for the web

Abstract: Is there a way, either via Firefox plugin or other means to emulate javascript crypto.signText using an opaque algorithm instead of detached (what it currently does?) to sign arbitrary data. This includes the dialog box and access to the Firefox cert store. Also, the signText documentation doesn't seem to have been updated sinc...