On Mon, 30 Jun 2008 16:33:32 +0200, peter.reif@wien.gv.at ("Reif Peter")
wrote:

>How do I write a script in perl that signs a string with a certificate
>(e.g. a SSL server certificate) to get a pkcs7 signature. I want a pkcs7
>signature, because it contains the signing certificate and the ca.
>
>Thanks
>Peter

I'm no expert at this, but can't you just take the older x509 scripts
and replace x509 with pkcs7 ?

This shell outline works, but I don't know if it's correct use.
##################################################
#!/bin/sh

#Step one - create the key and request:
openssl req -new > new.cert.csr

#Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key

#Step three - convert request into signed cert:
openssl pkcs7 -in new.cert.csr -out new.cert.cert -req -signkey
new.cert.key -days 3650
###################################################

Now you can try to get this to run in Perl thru IPC, but it may be 
tough. You may need to run openssl thru expect.

The command examples at 
http://www.mobilefish.com/developer/openssl/openssl_quickguide_command_examples.html
show what is needed.


zentara


-- 
I'm not really a human, but I play one on earth.
http://zentara.net/CandyGram_for_Mongo.html