I am creating an android app which can perform basic email security operations like encryption, decryption, signing and verification. So far I am able to perform all 4 operations successfully. But one thing I still haven't figured out is how to specify Signing Algorithm at runtime.
I mean I want to have a drop downlist from which the user can select the signing algorithm algorithm.
I know how to do this in case of encryption. But for signing we are not specifying any algorithm in the PKCS7_Sign function call. So how do I mention which signing algorithm I should use while signing the mail.
Thanks in advance!
But for signing we are not specifying any algorithm in the PKCS7_sign function call. So how do I mention which signing algorithm I should use while signing the mail.
Try PKCS7_add_signature
. From <openssl dir>/crypto/pkcs7/pkcs7.h
:
PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
EVP_PKEY *pkey, const EVP_MD *dgst);
The implementation is in pk7_lib.c
, which can be found at <openssl dir>/crypto/pkcs7/pk7_lib.c
. There's not much to the function. It looks like the heavy lifting is done by PKCS7_SIGNER_INFO_set
.
Its used in a few places in the library. There is no demo in apps/
:
$ cd openssl-1.0.1h
$ grep -R PKCS7_add_signature *
crypto/pkcs7/enc.c: if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
crypto/pkcs7/pk7_lib.c:PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
crypto/pkcs7/pk7_smime.c: if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))
crypto/pkcs7/pkcs7.h:PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
crypto/pkcs7/pkcs7err.c:{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"},
crypto/pkcs7/sign.c: si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
crypto/ts/ts_rsp_sign.c: if (!(si = PKCS7_add_signature(p7, ctx->signer_cert,
The openssl cms
command should allow you to work from the command line. See "openssl smime ... [-md digest] ..." seems to be unknown option on the last version openssl. Its a bit old, but it should still hold.