Bouncy Castle: Creating CMS (a.k.a. PKCS7) certificate?
ssl,cryptography,ssl-certificate,bouncycastle,pkcs7
There is no such thing as a CMS certificate or PKCS#12 certificate. CMS is the cryptographic message syntax. It specifies a container format that may contain X5.09 compatible certificates of the signer. PKCS#12 is a container format for cryptographic objects, it is often used to store one or more certificate/private...
SignedData / DigestAlgorithm and SignedData / SignerInfo / DigestAlgorithm: same?
Is this a duplication of the same attribute? If not, what is the meaning of either? In case of RPKI yes. The reason is that this standard does not introduce a specialized new structure but merely a profile of an existing one: The RPKI signed object is a profile...
C# and PHP encryption compatibility - 3DES ECB with PKCS7
PHP code: $key = "6702BC24DD0527E7"; $key = md5($key,TRUE); $key .= substr($key,0,8); The C# code is "ok" as it is. "ok" is a big word here. I would probably use SHA256 and trim it to 24 bytes: C#: SHA256Managed sha256 = new SHA256Managed(); keyArray = sha256.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); Array.Resize(ref keyArray, 24); //Always release...
Decrypt p7s file on iOS
ios,objective-c,cocoa-touch,nsdata,pkcs7
You can read it into an NSData instnace and use - (NSRange)rangeOfData:(NSData *)dataToFind options:(NSDataSearchOptions)mask range:(NSRange)searchRange to find the beginning and end of the plist. Then use - (NSData *)subdataWithRange:(NSRange)range to optain just the plist data. Finally convert to a NSString with: - (instancetype)initWithData:(NSData *)data encoding:(NSStringEncoding)encoding ...
Converting decimal to hexadecimal byte in Java Card
It slipped my mind that you could do: if (num < 256) { return (byte) num; } That should have settled it for now considering the num which is the amount to pad is less than 256 for PKCS 5 and 7 padding as per RFC-1423, RFC-2898 and RFC-5652....
C library for CMS/X.509 manipulation
Here's what I managed to get working so far. 1. Building a CSR, signing it with some other engine I mostly followed demos/x509/mqreq.c, with some twists. (NB: error checking, fancy modulus length/label/subject DN generation/handling has been left out for brevity and focus on actual flow). unsigned char* mod = NULL;...
Read PKCS#7 from ASN1 with PasswordRecipientInfo
Seems some wrapper code is missing from the der-data above: var bs = new MemoryStream(); var constructeddata = new DerSequenceGenerator(bs); constructeddata.AddObject(new DerObjectIdentifier("1.2.840.1.113549.1.7.3")); constructeddata.AddObject(new DerTaggedObject(true, 0, ed)); //constructeddata.AddObject(ed.ToAsn1Object()); constructeddata.Close(); var derdata = bs.ToArray(); var cms = new CmsEnvelopedData(derdata); So what I do is adding a top layer to the data. ed...
Verification of pdf integrity fail
Please be aware that in a SignedData object there are multiple hash values to consider which generally are not equal. Have a look at the definition of the Cryptographic Message Syntax (CMS) objects in RFC 3852. (RFC 3852 is the RFC referenced from the current PDF specification ISO 32000-1; thus,...
Obtaining the hash/digest from a PCKS7 signed PDF file with iText
First of all, there is not necessarily the hash/digest message from the signature, in case of PKCS#7 / CMS signatures usually multiple hashes are involved, cf. this answer to Message digest of pdf in digital signature. Considering that you need the digest to fulfill some legal restrictions, though, I assume...
PHP PKCS7 Padding bug
php,encryption,padding,mcrypt,pkcs7
solved it. the "+" signs in the base64 encoded data is being converted to spaces when transported through http thus resulting into different values. What I did is the client encoded the binary data to base64 and passed it through urlencode() function. The PHP side handled the data by using...