On Thu, May 31, 2012, Jonathan Duncan wrote: > Hi, > > I've recently come across a problem verifying detached smime > signatures using openssl 1.0.1b on OSX 10.6 and 1.0.1c on cygwin. > > First I create a DSA key. > > openssl dsaparam -noout -out privatekey.pem -genkey 1024 > > Next I create a self-signed certificate from that key. > > openssl req -new -outform PEM -out certificate.pem -key privatekey.pem > -keyform PEM -sha1 -x509 -days 1000 > > Next i use that certificate and key in order to create a detached > smime signature of a file. > > openssl smime -sign -in file.zip -out file.zip.signature -outform DER > -inkey privatekey.pem -signer certificate.pem > > Finally I immediately try to verify that same file/signature* > > openssl smime -verify -in file.zip.signature -inform DER -content > file.zip -noverify certificate.pem > /dev/null > > But somehow I get a digest failure. > > PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1097: > PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410 > > Nothing seems to be changing the file, manual md5 hashes match before > and after, yet somehow the signature digest is failing. I presume I'm > doing something wrong but I can't see it >
Try the -binary option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
