First, as to my previous question: Thanks to Dr Hanson for figuring out my sender
sent a file with an extra data(really a second message) stuck on the end.
I'll cut to the chase: I need to come up with a set of openssl commands that will
decrypt and verify an incoming SMIME message and just end up with the data payload.
The message is a two part, signed, encrypted message. I can decrypt but can't seem to
verify. I apologize for being so ignorant but this is only my second project with
Openssl SMIME and the first was canceled (-;
In short, I think I am approaching this wrong - I don't think there is anything wrong
with the signature itself. But I digress: First, I could have sworn you could
decrypt and verify in one step but it didn't work. Here is the command I used to
decrypt and verify
openssl -decrypt -verify -in {filename} -recip {mycert} -signer {theircert} -inkey
{mykey.pem}
This doesn't work and throws a content-type" error. I suspect verify is looking at
the message Content-type" and not the signature part content-type. So I decide to
decrypt first and then verify. When I decrypt I get the following output:
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1;
boundary="=_IPNet_20040405135357409_44"
Content-Disposition: attachment
--=_IPNet_20040405135357409_44
Content-Type: APPLICATION/EDI-X12
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="01006203210P-000000002.edi"
...snip one data part ...
--=_IPNet_20040405135357409_44^M
Content-Type: application/pkcs7-signature; name=smime.p7s^M
Content-Transfer-Encoding: binary^M
Content-Disposition: attachment; filename=smime.p7s^M
^M
...snip signature
and then push this through "openssl smime -verify -signer {theircert.pem}", I get the
following
Error reading S/MIME message
9970:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_
lib.c:140:
9970:error:21078082:PKCS7 routines:B64_READ_PKCS7:decode error:pk7_mime.c:142:
9970:error:2107A08C:PKCS7 routines:SMIME_read_PKCS7:pkcs7 sig parse error:pk7_mi
me.c:289:
I suspected because it wasn't a fully compliant email message (ie no headers). But if
I pipe to formail first to get some headers, I get the same message.
Any idea as to why I am not able to verify and just end up with the data part? Can
anyone help this newbie?
Thanks in advance to everyone for your help and time,
Spencer
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
