Re: support for Netscape Form Signing?

Thu, 17 Jun 1999 00:21:37 -0700 



Ben Laurie wrote:
> 
> Michael Stroeder wrote:
> >
> > Song wrote:
> > >
> > > Can Openssl be used to support Netscape Form Signing?
> >
> > IMHO you have to verify the signature of signed PKCS#7 objects (similar
> > to verify signatures of S/MIME mails) which was not possible in
> > SSLeay/OpenSSL up to now.
> > Maybe with the new rudimental S/MIME support in 0.9.3?
> > How is the roadmap for S/MIME support?
> 
> I have vague plans to look at it, and I was particularly planning to
> take a glance at form signing. However, all reports of success, failure
> and patches are welcome.
> 
> It was my vague impressions that crypto/pkcs7/verify should do the job
> (if it works).
> 
Yes, it works. Below is my result:

%cd crypto/pkcs7
%make verify
% ./verify ~/public_html/cgi-bin/signature -d ~/public_html/cgi-bin/data
depth=2 /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification
Authority
verify return:1
depth=1 /O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=www.verisign.com/repository/RPA Incorp. 
By Ref.,LIAB.LTD(c)98/CN=VeriSign Class 1 CA Individual
Subscriber-Persona Not Validated
verify return:1
depth=0 /O=VeriSign, Inc./OU=VeriSign Trust
Network/OU=www.verisign.com/repository/RPA Incorp. 
by Ref.,LIAB.LTD(c)98/OU=Persona Not Validated/OU=Digital ID Class 1 -
Netscape/CN=Bo Run [EMAIL PROTECTED]
verify return:1
signer info
Signed time:Jun 16 02:58:05 1999 GMT
done
%

where files "data" and "signature" were generated by Netscape example
scripts "signedForm.pl"
except that "signature" has to be modified to add BEGIN and END lines.

Thanks

> Cheers,
> 
> Ben.
> 
> --
> http://www.apache-ssl.org/ben.html
> 
> "My grandfather once told me that there are two kinds of people: those
> who work and those who take the credit. He told me to try to be in the
> first group; there was less competition there."
>      - Indira Gandhi
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to