[erlang-questions] PKCS-7 signing

Ingela Andin <>
Wed Nov 27 08:57:49 CET 2013


HI!

Actually there is some support for PKCS-7 in public_key, it is not so well
announce as it is consider some what experimental and just tested on a very
basic level.
But public key can decode/encode a basic PKCS-7.pem file.  You should be
able to manipulate a PKCS-7 structure in Erlang resign it with public_key
functions
and be happy.  We recently added support for  SCEP (Simple Certificate
Enrolment Protocol).  PKSCS-7 is a spec that can be extended so you might
need some
additional own ASN-1 handling!

Regards Ingela Erlang/OTP-team Ericsson AB


2013/11/25 Szoboszlay Dániel <>

> Hi,
>
> If it is only a manifest file that (I assume) doesn't change very often I
> would rather use "openssl smime" to create the signature.
>
> I was looking into PKCS-7 signing with Erlang recently, but I could avoid
> doing it after all. My impression was that there is no direct support for
> it in OTP, so you'd either have to call the openssl routines via e.g. a
> port driver or use the existing crypto functions to sign your data and put
> together a SignedData structure according to RFC 2315 using the ASN.1
> application. Yet, I might be wrong.
>
> Daniel
>
>
> On Mon, 25 Nov 2013 20:55:04 -0000, James Wheare <> wrote:
>
>  Hullo,
>>
>> I'm working on implementing Apple's Push Notifications for Websites
>> system and having some trouble signing the "push package"
>>
>> The docs [1] say this:
>>
>> "The signature is a PKCS #7 detached signature of the manifest file.
>> Sign the manifest file with the private key associated with your web
>> push certificate that you obtained while registering with Apple. In
>> PHP, you can do this with the openssl_pkcs7_sign function"
>>
>> So I'm looking for an equivalent to PHP's openssl_pkcs7_sign [2] in
>> erlang.
>>
>> The release notes [3] for the public_key module seem to offer some
>> hope, with "experimental" PKCS-7 support announced in 0.17, but I
>> can't find anything about it in the docs [4]
>>
>> Any advice on solving this?
>>
>> Thanks,
>> - James
>>
>> [1] https://developer.apple.com/library/mac/documentation/
>> NetworkingInternet/Conceptual/NotificationProgrammingGuideFo
>> rWebsites/PushNotifications/PushNotifications.html#//
>> apple_ref/doc/uid/TP40013225-CH3-SW10
>> [2] http://php.net/manual/en/function.openssl-pkcs7-sign.php
>> [3] http://www.erlang.org/doc/apps/public_key/notes.html
>> [4] http://erlang.org/doc/man/public_key.html
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20131127/2de5c82b/attachment.html>


More information about the erlang-questions mailing list