On Mon, Dec 15, 2008 at 12:40:39PM -0500, Victor Duchovni wrote:
> On Mon, Dec 15, 2008 at 11:37:04AM -0600, Mike J wrote:
>
> > It looks like the smime utility is what I'm looking for, however I'm running
> > into issues with it.
> > I'm working with binary files here, some that could potentially be 50MB.
> >
> > I create the signed file with:
> > openssl smime -sign -in file.bin -binary -signer cert.crt -inkey
> > ./private.pem -out file.bin.signed
>
> You forgot "-outform DER" or "-outform PEM" (whichever is required by
> the consuming application).
You'll also need "-nodetach", if you want the PKCS#7 file to include
the content, rather than just contain a detached signature. If your
certificate is signed by an intermediate CA, you'll also need -certfile,
which should contain the intermediate CA certs, and optionally the root
CA cert.
> > Seems to work. I then try to verify it with:
> > openssl smime -verify -in file.bin.signed -out file.bin.orig
>
> Don't forget "-inform DER" or "-inform PEM".
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
