" via RT" writes:

> there are 2 published standard versions: 1.5 and 1.6
> http://www.rsasecurity.com/rsalabs/node.asp?id=2129

Does OpenSSL Support both of them?

> The "1" shows version 1.5 rules apply
> ftp://ftp.rsasecurity.com/pub/pkcs/ps/pkcs-7.ps.gz
> SET of objects here should be DigestAlgorithmIdentifier
> with DigestAlgorithms "include MD2 and MD5" (clause 6.3).
> For S/MIME (draft-ietf-smime-rfc2633bis-08.txt),
> DigestAlgorithmIdentifier "MUST support SHA-1" (clause 2.1).
> See also draft-ietf-smime-rfc3369bis-02.txt clause 10.1.1.
> For a project implementing SET, I was using SHA-1 here
> http://www.unity.net/~vf/naina_r1.tgz
> and that was specified in SET books.
> For the message attached, SignedData start at offset 63
> and objectID in question at offset 74.
> I'd suggest to double-check exactly what specifications
> the other PKI (creating PKCS7 in question) follows

It's Windows. It supposedly is trying to support CMS / S/MIME.
Telling me "windows is broken, go fix it" is unfortunately as helpful
as telling me "the sky is blue, go fix it".

Windows accepts either "sha1" or "sha1WithRSAEncryption" in this
particular slot; It would be nice if openssl did, too, even if it's
not 100% "to the spec". As Jon Postel always said, "be liberal in
what you accept".


Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org