Hi, For the record, I was able to figure out my original (non-openssl-related) problem. It was that I was getting some extra whitespace or non-visible characters in the message, which was causing the signature verification to fail.
Jim ---- oh...@cox.net wrote: > Hi Kyle, > > I also have the hash (it's in the DigestValue of the assertion). > > I've been having some problem with some code that I've been working on, and > so I was hoping that there was a way to take the signature string and somehow > put it into a file that would "look" like it was a S/MIME message, such that > I could use "openssl smime" to be able to decrypt the signature string so > that I could compare it to the has (which, as I said, I have). > > In other words, I was thinking something along the lines of take the > signature string, paste it into a file that had the appropriate S/MIME > headers, and then run "openssl smime" to see what the unencrypted has looks > like. > > I'd still like to know if this is possible, or not, and if it is possible, > what headers, etc. would I have to put in the file? > > Jim > > > > > ---- Kyle Hamilton <aerow...@gmail.com> wrote: > > A "signature" is a hash (SHA-1, SHA-2, SHA-3, SHA-128, SHA-256, > > SHA-384, SHA-512 as examples -- and deprecated methods including MD2, > > MD4, and MD5) over content, encrypted with the private key which > > belongs to a public key which the verifier obtains through some > > trusted mechanism. > > > > The signature string which you posted is: > > > > 1) The base64 encoding of > > 2) a private-key encrypted blob of > > 3) the hash of the original message as sent by the sender. > > > > SAML is not S/MIME. This is why the smime command is failing. > > OpenSSL does not at this time support SAML. > > > > -Kyle H > > > > On Sat, Feb 21, 2009 at 4:28 PM, <oh...@cox.net> wrote: > > > Hi, > > > > > > I have the signature string from a signed SAML assertion. I also have > > > the private key file and cert file. I'm trying to decrypt the signature > > > string, so that I can try to see how it compares to the digest in the > > > assertion. > > > > > > I think that "openssl smime" should be able to do this, using something > > > like: > > > > > > openssl smime -decrypt -in mysignature.txt -inkey myrsa.key -recip > > > myrsa.pem > > > > > > but I'm not sure what the format of the mysignature.txt file should be? > > > When I run "openssl smime", with just the signature string in the file, I > > > get: > > > > > > Error reading S/MIME message > > > 316:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content > > > type:./crypto/pkcs > > > 7/pk7_mime.c:222: > > > > > > Here's the signature string that I have: > > > > > > b/UeCFZt9u6MR0w3eEJW1yczC/KQLuOG7ZjN+q76VwKxAgzl+CjHlUkT7YMu3yukroGjj2p5gkeE5057CQgQFxzBpdIdTxntWOvlkpg6eXiFhRFh41iqbWSnBOOwDskp0PXAIajYurCEbDfWILDUKu2t23z3JKr7g8dS3hxlmTA= > > > > > > Can anyone tell me: > > > > > > 1) Should it be possible to do this using openssl? > > > > > > 2) What should I do with the signature string above, to put it into a > > > file that I can then use "openssl smime" to decrypt the string? > > > > > > Thanks, > > > Jim > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
