Hi, I've recently come across a problem verifying detached smime signatures using openssl 1.0.1b on OSX 10.6 and 1.0.1c on cygwin.
First I create a DSA key. openssl dsaparam -noout -out privatekey.pem -genkey 1024 Next I create a self-signed certificate from that key. openssl req -new -outform PEM -out certificate.pem -key privatekey.pem -keyform PEM -sha1 -x509 -days 1000 Next i use that certificate and key in order to create a detached smime signature of a file. openssl smime -sign -in file.zip -out file.zip.signature -outform DER -inkey privatekey.pem -signer certificate.pem Finally I immediately try to verify that same file/signature* openssl smime -verify -in file.zip.signature -inform DER -content file.zip -noverify certificate.pem > /dev/null But somehow I get a digest failure. PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1097: PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410 Nothing seems to be changing the file, manual md5 hashes match before and after, yet somehow the signature digest is failing. I presume I'm doing something wrong but I can't see it Does anyone have any clue as to what I'm doing wrong? Thanks, Jonathan Duncan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
