Extract all fields of a DER-encoded PKCS7 file?

Plumbing Life's Depths

Calendar

Back September '10
Mo Tu We Th Fr Sa Su
Thu September 2 2010
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      

Quicksearch

Archives

September 2010
August 2010
July 2010
Recent...
Older...

Categories



All categories

Syndicate This Blog

XML RSS 0.91 feed
XML RSS 1.0 feed
XML RSS 2.0 feed
ATOM/XML ATOM 0.3 feed
ATOM/XML ATOM 1.0 feed
XML RSS 2.0 Comments

Blog Administration

Open login screen

Comments

T. Middleton about Replicate live into a throw-away staging/dev db
2010-08-31 12:04
That template db idea is prett y neat. I have to say it's get ting pretty annoying downloadi ng database backups and [...]


Brian Harring about All those little spots where you use strings...
2010-08-23 20:57
Yeah, in a similar boat with t he code I write... upshot, I'v e got some pretty good compat code in snakeoil, just w [...]


Mike C. Fletcher about All those little spots where you use strings...
2010-08-22 08:40
Yeah, that's what I started do ing (the function to convert t o bytes), as I support down to 2.4. Thing is this is [...]


Brian Harring about All those little spots where you use strings...
2010-08-22 06:28
Your blog aparently likes does n't handle the less than char (<) conversion all that wel l.. everything following [...]


Brian Harring about All those little spots where you use strings...
2010-08-22 06:24
The annoying thing about suppo rting both py2k and py3k is th at you wind up having to get r ather explicit about you [...]


Dave Stott about What is the measure of a man? (Pondering while the unit-tests run...)
2010-08-16 00:48
The measure of a man, I have a lways thought, was - that he l oved. And was loved.


Mike C. Fletcher about bzr-svn for those stuck with svn servers...
2010-08-15 21:28
Hmm, hadn't realized that was what dpush was for. I guess I 'll have to make the trunk a b ranch rather than a chec [...]


Jelmer Vernooij about bzr-svn for those stuck with svn servers...
2010-08-15 20:43
For what it's worth, newer ver sions of bzr-svn will not remo ve existing revisions from you r mainline unless you ex [...]


Jelmer Vernooij about bzr-svn for those stuck with svn servers...
2010-08-15 20:40
bzr-svn supports not inserting any unusual revision properti es, it just means that pushing your bzr revisions into [...]


Mike Fletcher about bzr-svn for those stuck with svn servers...
2010-08-15 18:21
Hmm, maybe I missed something there. Do you mean merge supp ort as in being able to pull f rom N branches into your [...]


Brian Harring about bzr-svn for those stuck with svn servers...
2010-08-15 17:45
Lack of merge support kills th e main benefit of bzr-svn over just using svk I'd argue. Personally, I'm *extreme [...]


Dan Villiom Podlaski Christiansen about bzr-svn for those stuck with svn servers...
2010-08-15 11:46
You might want to check out hg subversion :-) The UI should b e even simpler, and we don't i nsert any unusual revi [...]


Jim about GIT is a PITA (Stupid, stupid, stupid source code control...)
2010-07-25 14:02
> and would have no Trac integ ration The trac-bzr plugin[ 1] seems to provide good integ ration between bzr and t [...]


Dr Clue about Curiouser and curiouser with Asterisk manager interface (pyst doesn't seem to realise that there are event-generating queries)
2010-07-13 21:47
I've always been fascinated wi th the Asterisk AMI interface. So much so that I married tha t fascination with the [...]


Mike C. Fletcher about Mocker's hidden gem...
2010-07-03 21:32
Yes, only references in dicti onaries are replaced, so hold ing references in lists, tuple s, etceteras keeps them alive.


Wednesday, April 7. 2010

Extract all fields of a DER-encoded PKCS7 file?

Say you have a PKCS#7 file with an embedded code-image as a field, how would you go about extracting that field's contents?  pyOpenSSL doesn't seem to have mechanisms for extracting/viewing arbitrary fields from PKCS7.  pyasn1 can load the structures, but of course it doesn't have access to the meaning of the fields, and it doesn't seem to see the final blob field as an ASN1 field at all... I can just stop parsing at that point and consider the result "the file", but that's... ahem... a little sub-optimal.

The real question being: what do you use when they want to work with the arbitrary fields of a PKCS7 file?  I'll eventually need to generate such files (with lots of specified fields) as well as "consume" them, so I'm looking more for robust real-world solutions than hacks.

in Snaking at 01:53 | Comments (5)
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as (Linear | Threaded)
Does https://code.launchpad.net/~mmzeeman/pyopenssl/pkcs7-extensions help? It adds some PKCS#7 APIs, but I'm not sure what kind of "fields" you have in mind, and it may still not go far enough. Also, I don't really know all that much about PKCS#7.
#1 Jean-Paul Calderone on 2010-04-07 22:28 (Reply)
Unfortunately, no, as with all the other OpenSSL-based approaches I've tried, it just reports "no data" for these files. That said, it's the API I'd need if it were to work with these files (I really only need the certs and the binary blob, all fields was just the general case).

I'm asking their author how he's created them now (they're proprietary), hopefully that will shed some light on why nothing seems to be able to parse them even as generic ASN.1.
#1.1 Mike Fletcher (Homepage) on 2010-04-07 23:02 (Reply)
And, in fact, it turns out these files are not encoded with the data in the PKCS7 blob/payload, they've just had the data concatenated to the PKCS7 detached signature (sigh).
#1.1.1 Mike Fletcher (Homepage) on 2010-04-08 12:24 (Reply)
(Comment removed)
#2 Christopher Schnarchen (Homepage) on 2010-04-08 10:15
There's 6 links in a box on the left-hand side of the page.

Duh, bloody spammers got me again! Apparently "where is the rss link" is the new "great post, keep posting".
#2.1 Mike Fletcher (Homepage) on 2010-04-08 11:53 (Reply)
Add Comment
Note: If you're here from a DoFollow list, please go elsewhere. This blog is actively monitored and spam removed, and it is now NoFollow rather than DoFollow.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA