On Tue, Dec 16, 2008 at 09:32:41PM +0100, Dr. Stephen Henson wrote:
> On Tue, Dec 16, 2008, Mike J wrote:
>
> > Thanks, this seems to work pretty good.
> >
> > I read that with a PKCS7 file, there was the option of having one or more
> > co-signers.
> > So I sign the file, send it to someone else, and they co-sign the file and
> > then send it to a third
> > party who is then able to verify it with the root CA.
> >
> > I can't seem to figure out howto get co-signing to work.
> > The openssl Documentation says there is a "smime -resign" function, but my
> > version doesn't seem
> > to include it ( 0.9.8g is the signer version and 0.9.7f is the verifying
> > version)
> >
> > Is co-signing available in openssl?
> >
>
> It is but only in smime+OpenSSL 0.9.9-dev which is not released.
>
> You can however use the cms utility in 0.9.8 to add a signer. OpenSSL 0.9.7
> does not include cms support but the output is normally compatible with PKCS#7
> unless you use an incompatible option. See the documentation for more details.
This was added in 0.9.8h and the CHANGES file says:
*) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
implemention in the following ways:
Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
hard coded.
Lack of BER streaming support means one pass streaming processing is
only supported if data is detached: setting the streaming flag is
ignored for embedded content.
CMS support is disabled by default and must be explicitly enabled
with the enable-cms configuration option.
[Steve Henson]
Does enabling CMS break binary compatibility with non-CMS versions of
the 0.9.8 library?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
