Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: digital signatures

Paul,

I'm doing the digest exactly like you are.  The CSSM_DATA structure I get back from CSSM_SignData is 128 bytes.  This seems to imply that it's simply the encrypted hash of the data signed with a 1024 bit key.  This is not a valid PKCS #7 signature.  One of my issues is that I don't know exactly what's coming back from CSSM_DATA.  How is it encoded, etc, etc...

I've got to be able to do various other things with my PKCS7 signature as well.  Such as including the data, signer cert, issuer cert, etc. in the P7 signature.  I could use the OpenSSL PKCS7_sign function, but I have to be able to use smart cards.  I run into the problem of making a CSSM_KEY look like an EVP_PKEY.  I don't even know if such a thing is possible.


On 5/22/06, Paul Nelson <email@hidden> wrote:
I believe I use the signature directly from CSSM_SignData as a PKCS7
signature.  I do a bunch of signing in my PKINIT implementation of the
Kerberos PKINIT draft standard.

How are you using the digest mode?  I'm having CSSM_SignData return a signed
digest by using CSSM_ALGID_SHA1WithRSA for the algorithm, and
CSSM_ALGID_NONE for the digest algorithm.

Paul Nelson
Thursby Software Systems, Inc.


> From: Cole Barnes < email@hidden>
> Date: Mon, 22 May 2006 16:56:57 -0500
> To: Apple CDSA <email@hidden>
> Subject: Re: digital signatures
>
> Thanks tons for the help...
>
> I've got 'signatures' now from CSSM_SignData(), but now I've got to
> get to a PKCS7 signature.  Not exactly sure how to go about that at
> this point.
>
> I guess I'm either going to need to encode it and build the PKCS7
> structure by hand or go with third-party APIs.  I can't really find
> anything of use in Apple security framework that is going to help me
> from this point.  Can anyone confirm or deny?
>
> Thanks...
>  _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Apple-cdsa mailing list      ( email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/apple-cdsa/email@hidden
>
> This email sent to email@hidden
>



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >Re: digital signatures (From: "Cole Barnes" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.