> I tried to verify S/MIME-signatures from commercial Email-Products, but
> failed in computing the same message digest.... some time ago there was
> a message on this list that the message has to be converted to some
> canonical form before further processing it.... is there any tool
> or code out
> there that helps doing this?
I put togther a little script in Perl to do this; it works (I believe..)
with my Netscape. Please contact me if you are interested.
You can do it by yourself; simply rembember this:
Signature (base64 encoded) must be enclosed between ---BEGIN PKCS7--- and
---END PKCS7---. Data lines must be terminated with <crlf>
(carriage return, line feed); for example if you receive an S/MIME
clearSigned mail
--------------msECE3A40C533C4D3650709DF8
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
ciao
ciao
--------------msECE3A40C533C4D3650709DF8
your data file must contain
Content-Type: text/plain; charset=us-ascii<crlf>
Content-Transfer-Encoding: 7bit<crlf>
<crlf>
ciao<crlf>
ciao
The program verify.c is done to verify the signature, but you need to
check your trust into the signing certificate, that is
openssl pkcs7 -in signature -print certs -out outcert
openssl verify -CAfile cacert.pem outcert
See also the very interesting page from Dr Henson, on his
website. You can read my brief and buggy intro at:
http://majestix.ing.unibs.it/docs/smimever/
--
Andrea F. Fogazzi <[EMAIL PROTECTED]>
1024 0x321C9EF3 1997-08-27 ---------- DSS
"2BF8 FC4E 5B36 2C02 35DB 0AAD D29B BA16 321C 9EF3"
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
