On 2010-05-11 23:23 PST, firefox3.user Nate wrote: > I'm trying to use NSS for adding a new signer to a previously computed > CMS signature, but i can't achieve that, and i have found examples > nowhere. > > The first signature is made with the call sequence : > NSS_CMSMessage_Create / NSS_CMSSignedData_Create / > NSS_CMSSignerInfo_Create / NSS_CMSMessage_GetContentInfo / > NSS_CMSSignedData_GetContentInfo / NSS_CMSSignerInfo_Create / > NSS_CMSEncoder_Start / NSS_CMSEncoder_Update / NSS_CMSEncoder_Finish. > > I thought maybe i can decode the first CMS data with NSS_CMSDecoder_* > functions to retrieve a NSSCMSMessage structure, and then create a new > signer info with NSS_CMSSignerInfo_Create, but i don't know what to do > next (and how to trigger the cryptographic operations with the > certificate). > > Maybe somebody has already done something like that... Thanks a lot.
I think you're trying to boldly go where no one has gone before. The code that you'll find that uses NSS_CMS* tries to start from scratch and do everything all at once, in one pass, resulting in the finished product. What you're trying to do is to take a finished product, decompose it into pieces, but not all the way to the beginning, because you're trying to preserve the existing signatures. Then you want to compose some new pieces (new signer info) and then recompose a whole new message from the old and new parts combined. I believe that the encoder engines in NSS can be made to do that, but I don't believe you'll find examples of code that already does it. Sorry. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
