Well, for the moment all succeeded in practical terms, by just parsing the ASN1 structure and getting what is read there as "messageDigest". That is what the trading partner expects to "see", but I'm not so happy not knowing how this message digest is obtained
So I did another test that I would like you guys to do, to illustrate us mortals on what's going on. Take any text: "This is a test for checksums or messagedigests" included the quotes and no endofline or carriagereturn. It has the SHA1 = [b33490ef86874904c7fc38bb92122665540fd7ce] or [szSQ74aHSQTH/Di7khImZVQP184=] same SHA1 in base64 Now put that quoted text in a textfile and sign it with your cert and private key Then you get a multipart smime output to a file say signedmsg.txt Get the PKCS#7 structure of the signature with openssl smime -in signedmsg.txt -pk7out -out p7struc.pem Now get the ASN1 structure out of p7struc.pem with openssl asn1parse -in p7struc.pem ...and there you go, check under the line identified as ":messageDigest". (your version of openssl should not be too old or this field will show empty, I use OpenSSL 0.9.8h 28 May 2008) Notice it's not the checksum we calculated first. Ok perhaps it should not be because this message digest shown in PKCS7 might include the values of the certificate involved. Does that value come perhaps from the message digest on the binary pkcs7 structure? openssl pkcs7 -in p7struc.pem -outform der -out p7struc.der Try sha1 on p7struc.der and nothing....it doesn't match the digest from the ASN1 structure Any idea on what is the base data on which a SHA1 produces the messagedigest in the ASN1 structure? -- View this message in context: http://www.nabble.com/RFC-4130-checksum-in-SHA1-tp18034577p18115897.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
