Skip to content

A Single file of code, containing a implemented system for working with PKI systems, it has the tools needed to verify any X.509 Cert and CMS signature. And other utilities.

Notifications You must be signed in to change notification settings

medalha01/X509-CMS-Sec

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 

Repository files navigation

Overview

This C++ program leverages OpenSSL to perform cryptographic operations, focusing on verifying digital signatures. It supports CMS (Cryptographic Message Syntax) signature verification, decoding certificates and CRLs (Certificate Revocation Lists) in PEM and DER formats, and validating certificates against trusted ones.

Dependencies

  • OpenSSL: Required for cryptographic functionalities.

Features

  • Signature Verification: Verifies CMS signatures against a certificate chain.
  • Certificate and CRL Decoding: Decodes in both PEM and DER formats.
  • Certificate Validation: Checks against trusted certificates, revocation, and expiration.
  • Dynamic Signature and Certificate Handling: Includes functionalities to add signer certificates to signatures, manage certificate chains, and work with certificate revocation lists effectively.
  • Utility Functions: Provides a suite of utility functions for certificate information retrieval, including issuer and subject details, serial number, validity period, revocation status, and more.

Usage

Compile and run the program as follows:

> g++ -o verify_signatures verify_signatures.cpp -lssl -lcrypto

Run the program by executing the compiled binary, passing the required arguments for the specific operation you wish to perform.

Security Note

This tool is intended for educational and testing purposes. Users should be aware of the security implications of digital signature verification and certificate handling in production environments. Proper understanding and cautious handling of cryptographic materials are advised.

Warnings

  • It works with .pem or .der but the input must be of uint8/unsigned char.
  • There are tools for P7B and P7C decoding a certificate extraction.
  • The code is not memory safe, and should be handled with care.
  • It was originally design to work with a FFI from Dart.

About

A Single file of code, containing a implemented system for working with PKI systems, it has the tools needed to verify any X.509 Cert and CMS signature. And other utilities.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages