Detailed description

PKCS#7 standard signature.

Functions
int AAP_API	DPKCS7Sign (HSESSIONCTX hSession, const char szKeyName, const char szKeyCert, const char szCerts, DWORD dwAttrib, BYTE pbContent, DWORD dwContentLen, DWORD pdwSignatureLen, BYTE *ppbSignature, DWORD dwParam)

Functions

◆ DPKCS7Sign()

int AAP_API DPKCS7Sign	(	HSESSIONCTX	hSession,
		const char *	szKeyName,
		const char *	szKeyCert,
		const char *	szCerts,
		DWORD	dwAttrib,
		BYTE *	pbContent,
		DWORD	dwContentLen,
		DWORD *	pdwSignatureLen,
		BYTE **	ppbSignature,
		DWORD	dwParam )

#include <dinamo.h>

It generates a signature or co-signature following the PKCS#7 standard (Cryptographic Message Syntax Standard).

Parameters

[in] hSession Context acquired through the DOpenSession() function.

[in] szKeyName Name of the key within the HSM that will be used to make the signature.

[in] szKeyCert Name of the certificate (corresponding to the szKeyName key) within the HSM that will be used in the signature.

[in] szCerts Name of the certificate chain (PKCS#7) or X.509 certificate of the Certificate Authority (corresponding to the szKeyName key) within the HSM that will be used in the signature.

[in]

dwAttrib

Flag containing the subscription options.

Value	Meaning
TAC_MOD_CORE_P7_TEXT	Include MIME header text.
TAC_MOD_CORE_P7_NOCERTS	Do not include a signature certificate.
TAC_MOD_CORE_P7_DETACHED	Generate a separate signature.
TAC_MOD_CORE_P7_BINARY	Treat file as binary without MIME type translation.
TAC_MOD_CORE_P7_NOATTR	Do not use authentication attributes.
TAC_MOD_CORE_P7_NOSMIMECAP	Omit S/MIME Capabilities.
TAC_MOD_CORE_P7_COSIGN	Generates a co-signature. This flag should only be used if the content in pbContent is a signed PKCS#7 package (DER format), so a new signature is added.

[in] pbContent Buffer containing the data to be signed. Its size must be specified in dwContentLen.

[in] dwContentLen Buffer size in bytes passed in pbContent.

[out] pdwSignatureLen Pointer to the size in bytes of the ppbSignature buffer.

[out] ppbSignature Pointer to a pointer that will receive the PKCS#7 signature (DER format). This pointer must be freed after use with DFree().

[in] dwParam Reserved for future use (must be 0).

Return: 0 (ZERO) if the function is successful.
See the Return Codes section for other values.

Notes: To generate a PKCS#7 message with co-signature, the caller must submit a signed PKCS#7 message (in DER format) in pbContent. This process must be repeated iteratively as many times as co-signatures are required. When co-signing, the TAC_MOD_CORE_P7_NOATTR flag is automatically disabled.

: The standard adopted is PKCS#7 v. 1.5.

Examples: pkcs7_sign.c.