Edward Chan wrote:
Below is code that I got from the "Network Security with OpenSSL" book
to sign a piece of data using a certificate generated and signed by a CA
I created (error checking left out). It seems to work. But I'm curious
about what sort of information goes into the resulting signature. I'm a
little confused at how the verification process seems to work without
requiring the cert that was used to sign the data. How is that
possible? I thought it would require the public key from the cert to
verify the signature to determine if it was signed using the private key
associated with the public key in the cert.
the signer cert is included in the signed pkcs7 object (have a look at
the PKCS7_sign manpage)
Nils
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
