I belive the smime and pkcs7 command line tools are badly broken for binary files, which has hurt some of my projects too.
On 5/31/2012 9:13 PM, Jonathan Duncan wrote:
Hi, I've recently come across a problem verifying detached smime signatures using openssl 1.0.1b on OSX 10.6 and 1.0.1c on cygwin. First I create a DSA key. openssl dsaparam -noout -out privatekey.pem -genkey 1024 Next I create a self-signed certificate from that key. openssl req -new -outform PEM -out certificate.pem -key privatekey.pem -keyform PEM -sha1 -x509 -days 1000 Next i use that certificate and key in order to create a detached smime signature of a file. openssl smime -sign -in file.zip -out file.zip.signature -outform DER -inkey privatekey.pem -signer certificate.pem Finally I immediately try to verify that same file/signature* openssl smime -verify -in file.zip.signature -inform DER -content file.zip -noverify certificate.pem> /dev/null But somehow I get a digest failure. PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1097: PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410 Nothing seems to be changing the file, manual md5 hashes match before and after, yet somehow the signature digest is failing. I presume I'm doing something wrong but I can't see it Does anyone have any clue as to what I'm doing wrong?
Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
