I'm having a hard time verifying detached PEM signatures with the -content option (openssl 0.9.8c, 0.9.8k, 0.9.7.a).
I've attached a (bash) script showing what I'm trying to do; perhaps
someone can point out the error of my ways?
Thanks,
--
Keith Hellman #include <disclaimer.h>
khell...@mcprogramming.com from disclaimer import standard
khell...@mines.edu
-*-
public key @ pgp.mit.edu 9FCF40FD
Y!M: mcprogramming AIM/ICQ: 485403897
gtalk (xmpp jabber): mrtu...@jabber.org, jab...@mcprogramming.com
-*-
The purpose of computing is insight, not numbers.
-- Richard W. Hamming, 1962
: ${CERT:=./sign-script.crt}
: ${KEY:=./sign-script.key}
: ${FILE:=./sign-script}
if ! test -r "${CERT}" -a -r "${KEY}" ; then
echo >&2 "Generating key and s/signed cert in ${KEY} ${CERT}..."
echo -n >&2 'Continue? [Yes/*]: '
read line
if ! test ${line} = Yes ; then
exit 1
fi
echo >&2 "Generating '${KEY}'..."
openssl genrsa -out ${KEY} 1024
echo >&2 "Generating self-sign request '${KEY}'..."
openssl req -new -key ${KEY} -out ${KEY}.csr
echo >&2 "Signing self-sign request '${KEY}'..."
openssl x509 -req -days 1 -in ${KEY}.csr -signkey ${KEY} -out ${CERT}
echo >&2 "Removing self-sign request '${KEY}.csr'..."
fi
set -x
openssl smime -sign -in ${FILE} \
-signer ${CERT} -inkey ${KEY} \
-out ${FILE}.signed
openssl smime -verify \
-noverify \
-in ${FILE}.signed >/dev/null
: ${FORM:=PEM}
openssl smime -sign -in ${FILE} \
-signer ${CERT} -inkey ${KEY} \
-outform ${FORM} -out ${FILE}.pemsigned
openssl smime -verify \
-noverify \
-inform ${FORM} \
-content ${FILE} \
-in ${FILE}.pemsigned >/dev/null
set +x
signature.asc
Description: Digital signature
