EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Question about signing files PKCS#7

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#2750
Posted: 04/17/2007 16:38:05
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Hi,

I thought that while signing files, the certificates should contain the private key; but I can sign a file using a certificate with a private key and two more certificates without private key for example; and while verifying it, i can see that both certificates with only public key seems to have signed the file.

In the knowledgebase: "When you sign the data, you need to have the certificates with corresponding private keys"

Why can a certificate without private key can sign a file?

Regards
#2751
Posted: 04/18/2007 01:28:15
by Eugene Mayevski (EldoS Corp.)

Those other certificates are not used for signing. They are included as a reference ones (for example, when they make a certificate chain).


Sincerely yours
Eugene Mayevski
#2754
Posted: 04/18/2007 03:31:27
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

But during verification stage, How can i know then wich were the certificates that really signed the message (with private key). As we get the certificates contained in the message we have all of them and all seems to have signed the message.

Wich is the RFC and the lines that make it possible to include it to my help?

Thanks
#2761
Posted: 04/18/2007 12:52:55
by Ken Ivanov (EldoS Corp.)

With TElMessageVerifier class, please use CertIDs[]/CertIDCount properties to get information about certificates that were used for signing. Each signer is identified by Issuer and SerialNumber fields of the corresponding certificate, i.e. you should use these values to find the signing certificate in the storage specified by TElMessageVerifier.Certificates property (please note, that the signing certificate might be absent from the signed message, so your application should be prepared for this situation and handle it correctly).

Quote
Wich is the RFC and the lines that make it possible to include it to my help?

All TElMessageXXX classes are implemented according to PKCS#7 (RFC2315) and CMS (RFC3852) specifications.
#2764
Posted: 04/18/2007 14:34:53
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

I missed checking the CertIDs with the certificates that the file may contain.

Many thanks for the info...
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 2053 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!