On Wed, Apr 13, 2005, Glenn Bullock wrote: > Gentlemen (et al ;), > > I am trying to verify a pkcs7 based signature generated by the Crypto win32 > libraries and am having limited success. Limited, I write, since I am able > to successfully call d2i_PKCS7, PKCS7_type_is_signed (yes), and > PKCS7_type_is_enveloped (no) on the signature. > > The problem (I believe) I'm facing is that the existing interface to the > product with which I am attempting to integrate supplies me with a public > key, and not an entire certificate. When I attempt to verify it I get errors > such as the following: > > SSL Error (67567722): "error:0407006A:rsa > routines:RSA_padding_check_PKCS1_type_1:block type is not 01" occurred in > filename: rsa_pk1.c, linenum 100. > SSL Error (67530866): "error:04067072:rsa > routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed" occurred in filename: > rsa_eay.c, linenum 541. > SSL Error (554111081): "error:21071069:PKCS7 > routines:PKCS7_signatureVerify:signature failure" occurred in filename: > pk7_doit.c, linenum 834. > SSL Error (554127465): "error:21075069:PKCS7 routines:PKCS7_verify:signature > failure" occurred in filename: pk7_smime.c, linenum 265. > > ... which, if I'm not mistaken, say: "It doesn't verify." > > Here is the code I using to setup the cert store / stack in order to call > PKCS7_verify. Please could you take a gander to see if there's anything > obvious I am doing wrong, or should one occur, suggest a more reasonable, > intelligent approach to verifying with a public key. > > Thank you very much. > [stuff deleted]
You should try PKCS7_verify(). You can try this on the command line first with: openssl smime -verify -inform DER -in p7file.der Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
