[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: "Verifying" an encrypted PKCS#7
From:       Dr S N Henson <drh () celocom ! com>
Date:       2001-11-30 19:32:08
[Download RAW message or body]

"Hellan,Kim KHE" wrote:
> 
> Hi
> 
> If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then
> be sure of the integrity of the data?
> With a signed PKCS#7 you can verify the signature, but what if there is no
> signature. Does the PKCS#7 format itself make it impossible to tamper with
> such an encrypted "blob" or is there some OpenSSL function that can verify
> the integrity (like PKCS7_verify)?
> 

PKCS#7 encrypted data can be produced by anyone with access to the
recipient(s) certificates which will normally be publically available.
Unless the sender has signed the content before encryption there is no
way to be sure of its integrity.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: shenson@drh-consultancy.demon.co.uk 
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: drh@celocom.com PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]