On Mon, Sep 07, 2009, Keith Hellman wrote:
> I'm unable to verify detached PEM signatures with the -content option
> to 'openssl smime'. I've weaseled what I'm trying to do to a simple
> script (see attached).
>
> The script first uses an smime inline signature ...
>
> openssl smime -sign -in ${FILE} -signer ${CERT} -inkey ${KEY} -out
> ${FILE}.signed
> openssl smime -verify -noverify -in ${FILE}.signed >/dev/null
>
> all this works OK, but when I try using a detached signature:
>
> FORM=PEM
> openssl smime -sign -in ${FILE} -signer ${CERT} -inkey ${KEY} \
> -outform ${FORM} -out ${FILE}.pemsigned
>
> openssl smime -verify -noverify -inform ${FORM} -content ${FILE} \
> -in ${FILE}.pemsigned >/dev/null
>
> I get these errors:
>
> Verification failure
> 20873:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
> failure:pk7_doit.c:948:
> 20873:error:21075069:PKCS7 routines:PKCS7_verify:signature
> failure:pk7_smime.c:312:
>
> Examining the signature of the inline and detached methods show they are
> the same.
>
> Can someone point out my error (or suggest another mailing list where
> this question is more appropriate?).
>
See if the -binary option helps.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
