[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: How to verify?



Title: SFL: How to verify?
Thank you for your reply.
 
So now I have a CSM_CSInst to use for the verification. But I still don't understand how I should put the public key in it.
 
I assume that my application has to do as follows:
 
1) Instantiate a CSM_Applogin with the sm_free3 NULL login as descibed in your reply.
2) Instantiate a CSM_MsgToVerify with my SMIME message and call PreProc().
3) Extract the signer certificate from the CSM_MsgToVerify
4) Validate the certificate (with CML).
5) Insert the certificate into the CSM_CSInst contained in the CSM_Applogin???
6) Call CSM_MsgToVerify::Verify.
 
Is this correct and how do I perform step 5?
 
Regards, Erik
 
-----Ursprungligt meddelande-----
Från: Colestock, Robert [mailto:Robert.Colestock@xxxxxxxxxxxxxxxx]
Skickat: den 21 mars 2001 17:07
Till: Erik Rissanen
Kopia: imc-sfl@xxxxxxx
Ämne: RE: How to verify?

Erik:
 
There were some problems with NULL logins, depending on your release.  The original intent was that the application would use the same logins (always present) for verification that are used for signing.  Since our original design, our own uses of the library dictate that we many times generate a login only when we need it.  You can use the CSM_CSInst with a private key for verification.
 
As to the NULL logins, it should work fine in the newest version; for DSA verification it is now built-in, you no longer need to use the Free3 CTIL (assuming SHA1 and DSA).  You do not have to link directly, the BuildArgs should be "sm_free3DLL NULL NULL NULL sm_FREE3" (it no longer needs a certificate).  You should be able to copy the init logic from the sm_free3.cpp/h files on your release.  I have included just these source files.  Sorry about the confusion in our APIs, actual usage of the SFL library is very different from our original design intentions causing undue complexity.  Some issues are being corrected (like the NULL login with no certificate, and the newest built-in instance for SHA1, SHA2, AES, and DSA verify).
 
Bob Colestock
VDA.
-----Original Message-----
From: Erik Rissanen [mailto:Erik.Rissanen@xxxxxxx]
Sent: Wednesday, March 21, 2001 10:07 AM
To: 'imc-sfl@xxxxxxx'
Subject: SFL: How to verify?

I am trying to use SFL to verify a signed SMIME message. The message has one signerinfo with a security label and nothing  else. The signers PKC is included in the SignerInfo.

I don't understand how to initialize the sm_free3 CTIL to use for verification. I have successfully used SFL and sm_free3 to sign messages. For signing I initialized a SM_Applogin with the sm_free3 DLL and a PKCS#12 file. The resulting CSM_CSInst is  associated with the private key and signing works fine.

But having each CSM_CSInst instance to represent a private key doesn't make sense for verify, since there is no associated private key for the opperation. So how do I initialize a CSM_CSInst instance in this case? I don't understand the API  documentation on this point.

The approach I have tried is to compile time link with the sm_free3 DLL and do:

CSM_CSInst *pInst = pSMIME->m_pCSInsts->AppendL();
CSM_Free3 *pFree3 = new CSM_Free3();
pFree3->AddLogin(certBuffer, NULL, NULL, "NULL");
pInst->SetTokenInterface(pFree3);

Where certBuffer contains the certificate from the SMIME message SignerInfo.

This causes a crash in the destructor of a CSM_Buffer when CSM_DataToVerify::Verify returns, so I guess I am doing something wrong. Is the code above the correct approach?

Any help would be greatly appreciated.

Regards, Erik Rissanen