New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cades #206
Cades #206
Conversation
The loop source now looks better. Yet SHA-256 isn't the only hash supported for that field if I see the definition in RFC 5126 sections 5.7.3.3 and 5.8.1 for OtherHash correctly. |
thanks Benny, what other algorithms you suggest to include, in addition sha256, sha512 and whirlpool? Antonio |
Hi Antonio, Am 06.01.2015 um 11:46 schrieb opensignature:
While one might argue that any hash function actually could be placed Based on that one could discuss if generally allowing all hashes
|
ok BenBE, I added SHA2-384 and rewrote the code part, now it is not required to change v3_purp.c |
sizeof(cert->sha1_hash))) | ||
#ifndef OPENSSL_NO_SHA256 | ||
|| (cid->hash->length == sizeof(md_sha256) | ||
&& !memcmp(cid->hash->data, md_sha256, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Dont use "!memcmp", please use "memcmp... == 0"
See also https://rt.openssl.org/Ticket/Display.html?id=3131 |
The patches did not hit the release. |
This particular set did not. But the RT and the referenced #2119 PR did. And requested changes were never made, so this was closed. What functionality is still missing? Please open an issue. |
The whole CAdES functionality appears to be missing, beginning with its documentation, in the latest openssl release. https://github.com/openssl/openssl/search?utf8=%E2%9C%93&q=cades&type= |
This PR never had CAdES in it. Nobody has ever provided code to do CAdES. This PR only did different digest mechanisms. |
The code for CadES is 3 years old... |
To repeat myself. That code needed to have changes made. It was never done. So that three year old ticket was closed. The digest work and the signingCertificateV2 work are there. CaDES is not. If there is something you need that is missing, please open a new issue and provide specifics. Ideally, write the code and make a pull request. I don't see the point in further discussion here. |
To repeat myself, the documentation is missing. How do you sign using signingCertificateV2? This is the command I use. The resulting file does not comply with CAdES. openssl smime -sign -md sha256 -binary -in $file -signer $certificate -inkey |
Nobody said we did CAdES signing. We implemented some of the infrastructure. Nobody contributed documentation or code to expose it to the smime app. Please help and do so. |
Hi everybody, |
I'd say this should also be made to work with CMS and not just the older PKCS#7. |
The patch I wrote (and I hope to make a new pull request) was just about to work with CMS: |
Move rb_global_variable call to directly after assignment
No description provided.