Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
5 replies Latest Post - ‏2014-06-18T15:02:38Z by dp_techdev
vardhan128tech
vardhan128tech
9 Posts
ACCEPTED ANSWER

Pinned topic Differnce between X509 sign and Crypto binary PKCS#7 SIign

‏2014-05-31T19:32:34Z |

Hi There,

Trying to find the difference between the method of Signing the document between X509 Sign action and Cryptobin operation PKCS#7 Sign operation.

As X509 for XML's and PKCS#7 is for binary documents, have question below:

 

1) Does PKCS#7 Sign also creates a digest value of binary document and the same can be used Under PKCS#7 verify to compare the digest value?

2) I do not see any RSA/3DES etc alogorithms under PKCS#7 sign action ? so that does means there is no digest value creation and matching logic etc..

3) If both X509 Sign action and Cryptobin PKCS#7 sign does the same thing, for PKCS#7 under debug logs I was not able to see the digest matching logic ?

4) Which algorithm Cryptobin PKCS#7 Sign uses ?

Appreciate your suggestions and inputs for the above questions ?

Updated on 2014-05-31T19:58:00Z at 2014-05-31T19:58:00Z by vardhan128tech
  • Chris.Ortiz
    Chris.Ortiz
    13 Posts
    ACCEPTED ANSWER

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-02T18:42:15Z  in response to vardhan128tech

    The Cryptographic binary actions use the syntax and methodologies that are described in RFC 2311, S/MIME Version 2 Message Specification, dated March 1988, and RFC 2315, PKCS #7: Cryptographic Message Syntax 1.5, dated March 1998.

    The sign cryptographic binary action generates the PKCS #7 signedData type, which is the only PKCS #7 type accepted by the cryptographic binary verify action.

    The algorithm used by the cryptobin action are defined on the advanced tab of the action.  The default is rsa-sha1, and the following are available from the drop down list:


    The signature algorithm used for PKCS#7 signing.
    dsa-sha1 : DSA with SHA-1
    rsa-md5 : RSA with MD5
    rsa-sha1 : RSA with SHA-1
    rsa-sha256 : RSA with SHA-256
    rsa-sha384 : RSA with SHA-384
    rsa-sha512 : RSA with SHA-512
     

    • vardhan128tech
      vardhan128tech
      9 Posts
      ACCEPTED ANSWER

      Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

      ‏2014-06-09T03:18:51Z  in response to Chris.Ortiz

      Hi Chris,Thank you for the reply and clarification.

      Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.

      I was using XI50 firware 6.X.Also when I tried to test , I was not able to see the logs what Datapower is doing while executingPKCS#7 Sign

      like we see the step by step in logs for X509 sign and verify for Soap messages.Are we missing anything here ?

       

      • HermannSW
        HermannSW
        4501 Posts
        ACCEPTED ANSWER

        Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

        ‏2014-06-09T13:23:37Z  in response to vardhan128tech

        > Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.
        >

         

        Hermann.

        • 9XDH_Jatinder_Malik
          9XDH_Jatinder_Malik
          1 Post
          ACCEPTED ANSWER

          Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

          ‏2014-06-18T09:21:12Z  in response to HermannSW

          Hello Hermann,

          Even I do not see the signature algo combo box when I open the crypto binary action :-(

          We are using XI52 appliance with firmware 6002 (Firmware:XI52.6.0.0.2)

          Is there anything special need to be done for the same?

          Thanks,

          - Jitu

          • dp_techdev
            dp_techdev
            44 Posts
            ACCEPTED ANSWER

            Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

            ‏2014-06-18T15:02:38Z  in response to 9XDH_Jatinder_Malik

            Hi 

            I am also facing same issue I am not able to see the that drop down option.XI52 appliance and 6.0.0.2 firm ware version.

            I have another question I am singing the xml document and I am creating detached signature ( I have turned off Include Content Data​in Advanced Properties) .

            I am passing output of sign action to crypto Binary Verify action.but it failing while doing the verification. I am not sure am i following the right procedure for verify the signature. 

            What is the use of URL Location of Detached Data otpion in verify action ? I understand i am missing some thing while doing the verify and i am not able to identify that can any one help me on this.

            Thanks in Advance