search

sfackler / rust-openssl

OpenSSL bindings for Rust
1.4k stars 749 forks source link

How to extract a Cades Pkcs7 file? #2309

Open frederikhors opened 1 month ago

frederikhors commented 1 month ago

Dear people,

I have a CAdES PKCS7 signed file and I need to extract its content.

The below command works very well on my sistem (Windows 10 with OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024)).

openssl smime -verify -noverify -in file_name.pdf.signed -inform DER -out file_name.pdf

How can I convert this command to Rust code?

I'm trying with:

pub fn extract_signed(input: &str) -> Result<String> {
    let pkcs7 = Pkcs7::from_der(input.as_bytes())?;

    let mut out = Vec::new();

    let store = X509StoreBuilder::new()?.build();

    pkcs7.verify(
        &store.all_certificates(),
        &store,
        None,
        Some(&mut out),
        openssl::pkcs7::Pkcs7Flags::NOVERIFY,
    )?;

    let res = String::from_utf8(out)?;

    Ok(res)
}

but I'm getting this error:

error:0680007B:asn1 encoding routines:ASN1_get_object:header too long:crypto\asn1\asn1_lib.c:105:, error:06800066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto\asn1\tasn_dec.c:1184:, error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto\asn1\tasn_dec.c:349:Type=PKCS7

Why?

frederikhors commented 1 month ago

Is there a way to avoid openssl at all for this?