Menu
  • HOME
  • TAGS

Bouncy Castle: Creating CMS (a.k.a. PKCS7) certificate?

ssl,cryptography,ssl-certificate,bouncycastle,pkcs7

There is no such thing as a CMS certificate or PKCS#12 certificate. CMS is the cryptographic message syntax. It specifies a container format that may contain X5.09 compatible certificates of the signer. PKCS#12 is a container format for cryptographic objects, it is often used to store one or more certificate/private...

SignedData / DigestAlgorithm and SignedData / SignerInfo / DigestAlgorithm: same?

digital-signature,pkcs7

Is this a duplication of the same attribute? If not, what is the meaning of either? In case of RPKI yes. The reason is that this standard does not introduce a specialized new structure but merely a profile of an existing one: The RPKI signed object is a profile...

C# and PHP encryption compatibility - 3DES ECB with PKCS7

c#,php,encryption,pkcs7,3des

PHP code: $key = "6702BC24DD0527E7"; $key = md5($key,TRUE); $key .= substr($key,0,8); The C# code is "ok" as it is. "ok" is a big word here. I would probably use SHA256 and trim it to 24 bytes: C#: SHA256Managed sha256 = new SHA256Managed(); keyArray = sha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); Array.Resize(ref keyArray, 24); //Always release...

Decrypt p7s file on iOS

ios,objective-c,cocoa-touch,nsdata,pkcs7

You can read it into an NSData instnace and use - (NSRange)rangeOfData:(NSData *)dataToFind options:(NSDataSearchOptions)mask range:(NSRange)searchRange to find the beginning and end of the plist. Then use - (NSData *)subdataWithRange:(NSRange)range to optain just the plist data. Finally convert to a NSString with: - (instancetype)initWithData:(NSData *)data encoding:(NSStringEncoding)encoding ...

Clear Text Signing using OpenSSL in C Code

c,openssl,sign,pkcs7,smime

Finally did it. It was just a missing flag. int flgs = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_BINARY ; Added this flag and it started working perfectly. ...

Converting decimal to hexadecimal byte in Java Card

hex,javacard,pkcs7,pkcs#5

It slipped my mind that you could do: if (num < 256) { return (byte) num; } That should have settled it for now considering the num which is the amount to pad is less than 256 for PKCS 5 and 7 padding as per RFC-1423, RFC-2898 and RFC-5652....

C library for CMS/X.509 manipulation

c,openssl,x509,pkcs7

Here's what I managed to get working so far. 1. Building a CSR, signing it with some other engine I mostly followed demos/x509/mqreq.c, with some twists. (NB: error checking, fancy modulus length/label/subject DN generation/handling has been left out for brevity and focus on actual flow). unsigned char* mod = NULL;...

Read PKCS#7 from ASN1 with PasswordRecipientInfo

c#,bouncycastle,pkcs7

Seems some wrapper code is missing from the der-data above: var bs = new MemoryStream(); var constructeddata = new DerSequenceGenerator(bs); constructeddata.AddObject(new DerObjectIdentifier("1.2.840.1.113549.1.7.3")); constructeddata.AddObject(new DerTaggedObject(true, 0, ed)); //constructeddata.AddObject(ed.ToAsn1Object()); constructeddata.Close(); var derdata = bs.ToArray(); var cms = new CmsEnvelopedData(derdata); So what I do is adding a top layer to the data. ed...

Verification of pdf integrity fail

security,pdf,pkcs7

Please be aware that in a SignedData object there are multiple hash values to consider which generally are not equal. Have a look at the definition of the Cryptographic Message Syntax (CMS) objects in RFC 3852. (RFC 3852 is the RFC referenced from the current PDF specification ISO 32000-1; thus,...

Obtaining the hash/digest from a PCKS7 signed PDF file with iText

java,pdf,itext,pkcs7

First of all, there is not necessarily the hash/digest message from the signature, in case of PKCS#7 / CMS signatures usually multiple hashes are involved, cf. this answer to Message digest of pdf in digital signature. Considering that you need the digest to fulfill some legal restrictions, though, I assume...

PHP PKCS7 Padding bug

php,encryption,padding,mcrypt,pkcs7

solved it. the "+" signs in the base64 encoded data is being converted to spaces when transported through http thus resulting into different values. What I did is the client encoded the binary data to base64 and passed it through urlencode() function. The PHP side handled the data by using...