I'm doing a code that has to create a PKCS#10. To do that, I have to sign my "Certificate Request Info", but when I do, the application says that the signature is invalid.
I'm using the OpenSSL.exe to verify the P10, and the error was: "ANS1_CHECK_TLEN: wrong tag". I think I'm signing what I shouldn't, so my question is, what's the exact format of "Certificate Request Info" that I have to sign?
I know that it must start with a sequence, but the p10 spec tells:
"The signature process consists of two steps:
I'm not sure if the start must be a SEQUENCE (0x30 0x82 "the length>256"), or A OCTET STRING (0x04 0x82 "the length>256"), acording to ANS.1.
If someone please give me an answer like on this post, i could be the happiest man on the world. Thank very much:
PKCS#10 request for a object key pair from PKCS#11
REgards, David M.
The step #1 of the PKCS#10 standard talks about an octet string as the result of the certificationRequestInfo
element encoding and does not refer to an ASN.1 type. The request signature is computed on this DER-encoding and therefore the to-be-signed object is an ASN.1 SEQUENCE
and not an OCTET STRING
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.