It looks like the smime utility is what I'm looking for, however I'm running into issues with it. I'm working with binary files here, some that could potentially be 50MB.
I create the signed file with: openssl smime -sign -in file.bin -binary -signer cert.crt -inkey ./private.pem -out file.bin.signed Seems to work. I then try to verify it with: openssl smime -verify -in file.bin.signed -out file.bin.orig And I get the following error message: 25997:error:2107A088:PKCS7 routines:SMIME_read_PKCS7:no multipart body failure:pk7_mime.c:313: Return code is 3. Is openssl not suited to handle binary files like this? Or am I doing something wrong here? Thanks. On Mon, Dec 15, 2008 at 9:47 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Mon, Dec 15, 2008, Victor Duchovni wrote: > > > On Mon, Dec 15, 2008 at 09:02:34AM -0600, Mike J wrote: > > > > > I have a binary file that needs to be digitally signed in a PKCS7 > format. > > > > > > I've looked at some of the openssl documentation and I see commands > that can > > > be used to look at PKCS7 formated files > > > but not ways of creating them. > > > > > > Does openssl have a program that will do this for me? I want to hand > openssl > > > the file, private key, and maybe a certificate > > > and I want openssl to calculate the signature and attach it to the file > such > > > that it's in a PKCS7 format. > > > > > > Any suggestions? > > > > CMS <http://tools.ietf.org/html/rfc3852> support is in the OpenSSL 0.9.9 > > dev snapshots, but is not in 0.9.8. Perhaps this will do what you need. > > > > The "smime" utility is in all but ancient versions of OpenSSL... that > handles > PKCS#7. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
