You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → WOLFSSL API to extract signer certificate from CMS signature
Hello,
Is there any WOLFSSL API present to exatract signer Certificate from CMS signature without performing verification?
We checked wolfssl code and found this "wolfSSL_X509_STORE_GetCerts" API but it works on store.
Just want to know is there any API in which we can pass cms signature and extract signer certificate using wolfssl?
OPENSSL provide CMS_get1_certs API to extract siner certiicate from CMS signature without performing verification.
Is there any API In wolfssl which provide similar functionality?
Hi Anika,
Let me look into this and I'll get back to you shortly.
Thanks,
Chris
Hi Anika,
wolfCrypt's CMS/PKCS#7 API's do not currently have the ability to extract signer certificates without calling wc_PKCS7_VerifySignedData() first. This API parses the CMS/PKCS#7 bundle ASN.1 and extracts details into our own wolfCrypt structure, in addition to then trying to verify the signature. If you did not care about the verification result, you could call this API, check/ignore the return value of SIG_VERIFY_E, then proceed to get the signer certificates from the pkcs7->certs[] array, using the pkcs7->certSz[] size array for array sizes.
Pseudocode would look something similar to:
ret = wc_PKCS7_VerifySignedData(pkcs7, in, inSz);
if (ret < 0 && ret != SIG_VERIFY_E) {
/* other error, parsing, etc */
}
/* loop over pkcs7->cert[], where pkcs7->certSz[] holds sizes for each cert */
for (i = 0; i < MAX_PKCS7_CERTS; i++) {
if (pkcs7->certSz[i] > 0) {
/* pkcs7->cert[i] holds ith cert from SignedData bundle */
}
}Best Regards,
Chris
Thank you for your repsonse.
It really helps.
In my experience, when working with APIs, especially for integrating with websites or internal corporate systems, it's often beneficial to explore a few different options before settling on one. If the "wolfSSL_X509_STORE_GetCerts" API isn't quite fitting the bill because it operates on a store rather than directly on a signature, you might want to explore third party api integration services. These services often provide a wider range of functionalities and might offer a solution that fits your needs more closely. Sometimes, the perfect solution isn't immediately obvious, but with a bit of experimentation and exploration, you can usually find something that works well for your specific use case.
wolfSSL - Embedded SSL Library → wolfSSL → WOLFSSL API to extract signer certificate from CMS signature
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.018 seconds (90% PHP - 10% DB) with 11 queries