CryptoSys PKI Pro Manual

CMS_MakeSigDataFromSigValue

Creates a CMS object of type SignedData using a pre-computed signature value.

VBA/VB6 Syntax

Public Declare Function CMS_MakeSigDataFromSigValue Lib "diCrPKI.dll" (ByVal strFileOut As String, ByRef lpSigValue As Byte, ByVal nSigLen As Long, ByRef lpData As Byte, ByVal nDataLen As Long, ByVal strCertList As String, ByVal nOptions As Long) As Long

nRet = CMS_MakeSigDataFromSigValue(strFileOut, lpSigValue(0), nSigLen, lpData(0), nDataLen, strCertList, nOptions) As Long ' Note the "(0)" after the byte array parameters

C/C++ Syntax

long __stdcall CMS_MakeSigDataFromSigValue(const char *szFileOut, const unsigned char *lpSigValue, long nSigLen, const unsigned char *lpData, long nDataLen, const char *szCertList, long nOptions);

Parameters

szFileOut
[in] name of output file to be created.
lpSigValue
[in] byte array containing the pre-computed signature.
nSigLen
[in] length of the signature value in bytes.
lpData
[in] byte array containing the data that has been signed (required).
nDataLen
[in] length of the data in bytes.
szCertList
[in] filename of the signer's certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;). Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer's certificate.
nOptions
[in] Option flags. Select one of:
PKI_HASH_SHA1 (0) to use the SHA-1 algorithm (default)
PKI_HASH_SHA224 to use the SHA-224 algorithm
PKI_HASH_SHA256 to use the SHA-256 algorithm
PKI_HASH_SHA384 to use the SHA-384 algorithm
PKI_HASH_SHA512 to use the SHA-512 algorithm
PKI_HASH_MD5 to use the MD5 algorithm
and optionally add
PKI_CMS_EXCLUDE_CERTS to exclude signer's certificate
PKI_CMS_FORMAT_BASE64 to format the output with base64 encoding (default output is binary)
PKI_CMS_NO_OUTER to create a "naked" SignedData object with no outerContentInfo as permitted by PKCS#7 v1.6
PKI_CMS_ALT_ALGID to use alternative signature algorithm identifiers (see Remarks for CMS_MakeSigData())
PKI_CMS_PSEUDOSIG to create a SignedData object from a "pseudo" object (see Remarks).

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a nonzero error code. Further error information may be available by calling PKI_LastError().

VBA Wrapper Syntax

Public Function cmsMakeSigDataFromSigValue (szFileOut As String, lpSigValue() As Byte, lpInput() As Byte, szCertList As String, Optional nOptions As Long = 0) As Long

.NET Equivalent

Cms.MakeSigDataFromSigValue Method
Cms.MakeSigDataFromPseudo Method

C++ (STL) Equivalent

static int dipki::Cms::MakeSigDataFromSigValue (const std::string &outputFile, const dipki::bvec_t &sigValue, const dipki::bvec_t &data, const std::string &certList, SigAlg sigAlg=SigAlg::Default, SigDataOptions opts=SigDataOptions::Default_SigDataOpt, Format format=Format::Default)
static Cms.make_sigdata_from_sigvalue(outputfile, sigvalue, data, certlist, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)
static Cms.make_sigdata_from_pseudo(outputfile, inputfile, sigvalue, opts=SigDataOpts.DEFAULT)
static Cms.make_sigdata_from_pseudo(outputfile, inputfile, sigvalue, opts=SigDataOpts.DEFAULT)

Python Equivalent

static Cms.make_sigdata_from_sigvalue(outputfile, sigvalue, data, certlist, sigalg=SigAlg.DEFAULT, opts=SigDataOpts.DEFAULT)
static Cms.make_sigdata_from_pseudo(outputfile, inputfile, sigvalue, opts=SigDataOpts.DEFAULT)

Remarks

This is a specialized option for a specific case where the RSA v1.5 signature value over the content has been computed separately (say, using a smart card) and the user requires this to be used inside a CMS signed-data object.

A SignedData CMS object with a single SignerInfo is created with the message data included in the eContent. Signed attributes cannot be added. Unsigned attributes and attribute certificates are not supported. The content must be included in the input using the lpData and nDataLen parameters. Only RSASSA-PKCS-v1_5 signature schemes are supported by this function. Only one message digest algorithm is used in each object. SHA-1 is used by default. Alternative hash algorithms can be used instead by adding the appropriate PKI_HASH_ option flag (this must match the digest algorithm used to compute the signature). The content and the signature are checked before the output file is created. If the signature data is not valid, or the data is not the data signed, or the certificate specified is not that of the signer, then it will return SIGNATURE_ERROR (-22).

[New in v12.2] A PKCS#7 certificate chain file (.p7c/.p7b) may be specified as an argument for szCertList. The signer's certificate can now exist anywhere in the certificate list (previously it had to be the first).

[New in v20.2] Use the PKI_CMS_PSEUDOSIG option to create a SignedData object from a "pseudo" object, created using CMS_MakeSigData with the PKI_CMS_PSEUDOSIG option.

Example

This example creates an identical SignedData file to example 4.2 from [SMIME-EX]. In this case, the signature value has been generated separately, perhaps by a smart card with Alice's private key details in it. The resulting file should be identical to the file 4.2.bin. 

Dim strDataHex As String
Dim strSigHex As String
Dim abData() As Byte
Dim abSigValue() As Byte
Dim nSigLen As Long
Dim nDataLen As Long
Dim strCertFile As String
Dim strCmsFile As String
Dim nRet As Long

' Data to be signed in hex format:
strDataHex = "54:68:69:73:20:69:73:20:73:6f:6d:65:20:73:61:6d" & _
    "70:6c:65:20:63:6f:6e:74:65:6e:74:2e"
' The signature (generated by the smart card) is:
strSigHex = "2F:23:82:D2:F3:09:5F:B8:0C:58:EB:4E:9D:BF:89:9A" & _
    "81:E5:75:C4:91:3D:D3:D0:D5:7B:B6:D5:FE:94:A1:8A" & _
    "AC:E3:C4:84:F5:CD:60:4E:27:95:F6:CF:00:86:76:75" & _
    "3F:2B:F0:E7:D4:02:67:A7:F5:C7:8D:16:04:A5:B3:B5" & _
    "E7:D9:32:F0:24:EF:E7:20:44:D5:9F:07:C5:53:24:FA" & _
    "CE:01:1D:0F:17:13:A7:2A:95:9D:2B:E4:03:95:14:0B" & _
    "E9:39:0D:BA:CE:6E:9C:9E:0C:E8:98:E6:55:13:D4:68" & _
    "6F:D0:07:D7:A2:B1:62:4C:E3:8F:AF:FD:E0:D5:5D:C7"
strCertFile = "AliceRSASignByCarl.cer"
strCmsFile = "BasicSignByAliceExternal.bin"

' Convert the hex strings into byte arrays (non-hex chars are stripped)
abData = cnvBytesFromHexStr(strDataHex)
abSigValue = cnvBytesFromHexStr(strSigHex)
' Compute lengths
nDataLen = UBound(abData) - LBound(abData) + 1
nSigLen = UBound(abSigValue) - LBound(abSigValue) + 1

' Create the signed-data file
nRet = CMS_MakeSigDataFromSigValue(strCmsFile, abSigValue(0), _
    nSigLen, abData(0), nDataLen, strCertFile, 0)
Debug.Print "CMS_MakeSigDataFromSigValue returns " & nRet

To compare the output file to the reference file, use the Windows FC command:

C:> FC BasicSignByAliceExternal.bin 4.2.bin

Comparing files BasicSignByAliceExternal.bin and 4.2.BIN
FC: no differences encountered

See Also

CMS_MakeSigData CMS_MakeDetachedSig

[Contents] [Index]

[PREV: CMS_MakeSigData...]   [Contents]   [Index]   
   [NEXT: CMS_MakeSigDataFromBytes...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.