Here's what the openssl asn1parse shows for the pkcs7 packet created
on windows using the win32 crypto api. The pkcs7 packet generated by
Openssl has "sha1" at position 30 instead of sha1WithRSAEncryption.
Windows verifies both versions, openssl only verifies the version
generated by itself (with "sha1"):

el-seed # openssl asn1parse -i -dump -inform DER -in win32.pkcs7
0:d=0 hl=4 l=1436 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT kcs7-signedData
15:d=1 hl=4 l=1421 cons: cont [ 0 ]
19:d=2 hl=4 l=1417 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 15 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE
30:d=5 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
41:d=5 hl=2 l= 0 prim: NULL
43:d=3 hl=2 l= 11 cons: SEQUENCE
45:d=4 hl=2 l= 9 prim: OBJECT kcs7-data
56:d=3 hl=4 l= 920 cons: cont [ 0 ]
60:d=4 hl=4 l= 916 cons: SEQUENCE
64:d=5 hl=4 l= 636 cons: SEQUENCE
68:d=6 hl=2 l= 2 prim: INTEGER :FF
72:d=6 hl=2 l= 13 cons: SEQUENCE
74:d=7 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption


Derek Atkins 617-623-3745
Computer and Internet Security Consultant

__________________________________________________ ____________________
OpenSSL Project
Development Mailing List
Automated List Manager