I’m trying to use an ESP-32 to parse some PKCS#7 signatures. This is supported, to some degree, through mbedTLS. There is additionally an option in the ESP32 SDK configuration editor to enable the usage of these signatures. Ultimately, I’d like to be able to receive signed data and an x509 certificate bundled up in the PKCS#7 format, and then cryptographically verify the received data using a public key embedded in the received x509 certificate.
I have attempted to create several dummy PKCS#7 structures via OpenSSL. I then flash these to the ESP32s non-volatile storage. From there, I can use ESP32 functions (e.g., nvs_get_blob) to extract this data for processing. I have been able to do this with x509 certificates (again, I created these certificates with OpenSSL). I could then use mbedTLS x509 functions like mbedtls_x509_crt_parse to interact with them.
My problem is that when I attempt to do this with my PKCS#7 data and associated functions, specifically mbedtls_pkcs7_parse_der, I run into a myriad of errors. Most commonly, MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE and MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO. I have tried with a multitude of “homemade” PKCS#7 signatures, each failing in one way or another.
What I am looking for here is general guidance on how to use the available PKCS#7 functionality as I am clearly misunderstanding something. In attempting to look for some example code I have come up short. As far as I can tell there has not been much user code submitted using this stuff… especially using an ESP32.
Is there some sample PKCS#7 data which I can use; this would inform me on how I should go about creating more signatures moving forward.
Has anyone had any success using these functions?
I understand I have not supplied any sample code or sample data. I suppose I can, however, I don’t feel as if I’m looking for a specific “fix” or the like. Instead, I’m kind of looking for the “Explain It Like I’m 5” version. Also, if you HAVE done what I’m trying to do, or something similar, please give ME sample code/data please.