Hi Kyle, I also have the hash (it's in the DigestValue of the assertion).
I've been having some problem with some code that I've been working on, and so I was hoping that there was a way to take the signature string and somehow put it into a file that would "look" like it was a S/MIME message, such that I could use "openssl smime" to be able to decrypt the signature string so that I could compare it to the has (which, as I said, I have). In other words, I was thinking something along the lines of take the signature string, paste it into a file that had the appropriate S/MIME headers, and then run "openssl smime" to see what the unencrypted has looks like. I'd still like to know if this is possible, or not, and if it is possible, what headers, etc. would I have to put in the file? Jim ---- Kyle Hamilton <aerow...@gmail.com> wrote: > A "signature" is a hash (SHA-1, SHA-2, SHA-3, SHA-128, SHA-256, > SHA-384, SHA-512 as examples -- and deprecated methods including MD2, > MD4, and MD5) over content, encrypted with the private key which > belongs to a public key which the verifier obtains through some > trusted mechanism. > > The signature string which you posted is: > > 1) The base64 encoding of > 2) a private-key encrypted blob of > 3) the hash of the original message as sent by the sender. > > SAML is not S/MIME. This is why the smime command is failing. > OpenSSL does not at this time support SAML. > > -Kyle H > > On Sat, Feb 21, 2009 at 4:28 PM, <oh...@cox.net> wrote: > > Hi, > > > > I have the signature string from a signed SAML assertion. I also have the > > private key file and cert file. I'm trying to decrypt the signature > > string, so that I can try to see how it compares to the digest in the > > assertion. > > > > I think that "openssl smime" should be able to do this, using something > > like: > > > > openssl smime -decrypt -in mysignature.txt -inkey myrsa.key -recip myrsa.pem > > > > but I'm not sure what the format of the mysignature.txt file should be? > > When I run "openssl smime", with just the signature string in the file, I > > get: > > > > Error reading S/MIME message > > 316:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content > > type:./crypto/pkcs > > 7/pk7_mime.c:222: > > > > Here's the signature string that I have: > > > > b/UeCFZt9u6MR0w3eEJW1yczC/KQLuOG7ZjN+q76VwKxAgzl+CjHlUkT7YMu3yukroGjj2p5gkeE5057CQgQFxzBpdIdTxntWOvlkpg6eXiFhRFh41iqbWSnBOOwDskp0PXAIajYurCEbDfWILDUKu2t23z3JKr7g8dS3hxlmTA= > > > > Can anyone tell me: > > > > 1) Should it be possible to do this using openssl? > > > > 2) What should I do with the signature string above, to put it into a file > > that I can then use "openssl smime" to decrypt the string? > > > > Thanks, > > Jim > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
