Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

PKCS #7 Signature, kako da otvorim .p7s dokument

[es] :: Security :: Kriptografija i enkripcija :: PKCS #7 Signature, kako da otvorim .p7s dokument

[ Pregleda: 9346 | Odgovora: 2 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

domuz

Član broj: 52018
Poruke: 7
*.pat-pool.bgd.sbb.co.yu.



Profil

icon PKCS #7 Signature, kako da otvorim .p7s dokument15.06.2005. u 14:08 - pre 228 meseci
Da li je neko upoznat sa ovom vrstom dokumenta i kako mogu da otvorim ovaj dokument.
Kada otvorim certificates prozor, nadjem i koji su certifikati ukljuceni ali sta dalje?


domuz
 
Odgovor na temu

zvrba
The Lord of Chaos

Član broj: 31716
Poruke: 105
*.ifi.uio.no.



Profil

icon Re: PKCS #7 Signature, kako da otvorim .p7s dokument16.06.2005. u 07:49 - pre 228 meseci
Najlakse ti je skinut OpenSSL (http://www.openssl.org) i iz komandne linije ekstrahirati dokument. PKCS#7 ti je skup certifikata, originalnog dokumenta i digitalnih potpisa nad dokumentom. Windoze kao takve u tome znaju skuzit samo certifikate.
 
Odgovor na temu

Dragan Dragan
Beograd

Član broj: 66819
Poruke: 26



Profil

icon Re: PKCS #7 Signature, kako da otvorim .p7s dokument12.09.2005. u 11:06 - pre 225 meseci
Zdravo

Najverovatnije si se susreo sa sledecim slucajem: Neko ti je poslao digitalno potpisan mail (cleartext signing), a ti si ga primio sa mail klijentom koji ne podrzava potpisivanje (npr. IncrediMail) ili Web mailom (npr. Yahoo). Umesto digitalnog potpisa i sertifikata, dobio si datoteku smime.p7s, ali si mogao da procitas mail.



Da ti je poslat potpisan mail kao opaque signing, dobio bi datoteku smime.p7m, ali NE bi mogao da procitas mail.


--------------------------------------------------------------
Sta uraditi sa smime.p7s i smime.p7m. Kao sto je prethodno napisano, mozes da upotrebis OpenSSL, ali isklucivo da odstampas sertifikate, nista vise (OpenSSL RESTRICTIONS: There is no option to print out all the fields of a PKCS#7 file). KOmande:

Stampanje sertifikata iz smime.p7s (cleartext signing):

C:\Program Files\OpenSSL\bin>openssl pkcs7 -in smime.p7s -inform der -print_certs -out smime-p7s-certs.txt

C:\Program Files\OpenSSL\bin>

Posto se sertifikati prikazuju u PEM formatu i to objedinjeni, neophodno je iskopirati sadrzaj izmedju BEGIN CERTIFICATE i END CERTIFICATE u Notepad, i snimiti datoteku sa ekstenzijom .cer, da bi mogao da pogledas sertifikat.
--------------------------------------------------------------
Stampanje sertifikata iz smime.p7m (opaque signing):

C:\Program Files\OpenSSL\bin>openssl pkcs7 -in smime.p7m -inform der -print_certs -out smime-p7m-certs.txt

C:\Program Files\OpenSSL\bin>

--------------------------------------------------------------
--------------------------------------------------------------
--------------------------------------------------------------
Evo kraceg objasnjenja iz jedne kljige za S/MIME i PKCS#7:
--------------------------------------------------------------
Secure Multipurpose Internet Mail Extensions

S/MIME is included with Microsoft Outlook and Outlook Express. It uses private-key certificates to secure e-mail messages and files in accordance with the PKCS #7 standard. It supports both encryption and digital signatures. By nesting single S/MIME contents, messages can also be signed and then encrypted, or signed multiple times.
--------------------------------------------------------------
Signed Messages

A PKCS #7 digitally signed message includes the message signature, the signature algorithm, and information about the signer. Optionally, the signer's certificate or certificate chain can be added as well as any CRLs that the verifier might need. Authenticated attributes, which are protected by the digital signature, and unauthenticated attributes can also be added to the PKCS #7 content. The time at which a message is signed is an example of an authenticated attribute.

The content that is signed might or might not be included in the PKCS #7 message. If the content isn't included, the verifier needs both the PKCS #7 content and the original file that was signed to complete the verification. If the original file is easily available, this method saves the overhead of having redundant data.
--------------------------------------------------------------
Encrypted Messages

The current PKCS #7 standard requires the use of two algorithms for message encryption. Since public-key algorithms are slow, the message is first encrypted with a symmetric-key algorithm such as DES. The small symmetric key is then encrypted to the recipient, using a public-key algorithm, such as RSA. In this way, a message can be encrypted to multiple recipients while the actual content has to be encrypted only once.

The PKCS #7 message includes the encrypted content and symmetric key algorithm along with information for each recipient. This information contains the symmetric key encrypted to that specific recipient. Upon receipt, an application searches the list of recipients for one that matches the current user's certificate. It then decrypts the symmetric key with the user's private key and subsequently decrypts the message.
--------------------------------------------------------------
Other Content Types

The degenerate case of the PKCS #7 message allows for the absence of the content and any signature information. This format provides a transport for certificates and CRLs. Table 17-5 shows the typical file extensions for different PKCS #7 files.
--------------------------------------------------------------
Table 17-5. Common PKCS #7 file extensions

Extension Description
.P7S PKCS #7 signature file (signed file without the content)
.P7M PKCS #7 encrypted file or signed file with content added
.P7B PKCS #7 file extension
.P7C PKCS #7 certificate or CRL-only file
--------------------------------------------------------------

[Ovu poruku je menjao Dragan Dragan dana 26.09.2005. u 12:59 GMT+1]
 
Odgovor na temu

[es] :: Security :: Kriptografija i enkripcija :: PKCS #7 Signature, kako da otvorim .p7s dokument

[ Pregleda: 9346 | Odgovora: 2 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.