Hi Alok,
this really helped, thank you very much. The verification of my signature still doen't work but I think that is another problem.
Thanks again, to all of you.
Lars.
Alok schrieb:
Try this:
1. Create a file text.text with some content
2. Do openssl smime -in text.txt -sign -signer cert.pem -inkey prv.pem -nodetach -outform DER > test.test
the -nodetach should do the trick
3. then u get a DER encoded file, pass it via
openssl smime -verify -in test.test -inform DER -out text1.out -noverify
your message should be there in text1.out, same as text.text The -noverify is needed when the cert i not valid
when the file is DER or PEM encoded, and not in SMIME format, you would have the "message" in there but cant see it due to the encoding.
-hth
Lars wrote:
Hi Alok,
thanks for the answer.
Alok schrieb:
Yes, that's was I did. But the original text (content of text.txt) is not included in the output.
PHP's openssl support is lets say kind of limited. So my question is: Is it possible to do all that using the command line interface? (I think) I managed to to create the signature:
openssl smime -in text.txt -sign -signer cert.pem -inkey prv.pem -outform DER > test.test
I think you just signed text.text using the cert cert.pem whose key is prv.pem and got it in test.test in pkcs#7 format DER encoding.
You could take a look at the perl support for the same in cpan (if u have mod_perl in ur server)
I had a look at the CPAN openssl modules. But that one doesn't seem to help me.
PayPals payment encrytion works as follows:
But what is the next step? Just concatinate the message and the signature and encrypt it?
if it is via a web interface what do you mean by "encrypt it" does the receipient have a cert too?
if yes then eitherways your ssl session would use the recepients cert, if not and its one way auth, (only server side cert holder), you could simply send it down the browser /display it and it would anyways be encrypted if the session is https and the user would see it in his browser?
Am i misinterpreting your question?
The merchant (me) creates an HTML form the client submits to paypal. One part of the form (a hidden field) is encrypted data.
This data are some key-value pairs, each in one line.
What I need to do is:
1. Create the data
2. Sign that data and _attach_ the digital signature
3. Encrypt both parts
4. Create PEM code
5. Put the result into the HTML form
I think I already managed to create the signature
(openssl smime -in text.txt -sign -signer cert.pem -inkey prv.pem -outform DER > test.test)
and I think I know what to do to encrypt it. But the command doesn't attach the signature to the data it just returns the signature.
Thanks. Lars.
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
