>From: owner-openssl-us...@openssl.org On Behalf Of Bart W Jenkins >Sent: Monday, 20 August, 2012 09:15
>I've created a prototype, in Java that creates an s/mime file, >and now I need to convert that to the equivalent of what the >"binary" switch does when using openssl. The command in openssl is: >openssl smime -binary -sign -passin "pass:MyPassword" -signer cert.pem >-inkey key.pem -in DocumentToSign.txt -out SignedDocument.der -outform DER >What I have now in Java produces a PEM formatted s/mime file. <snip> I very much doubt it's PEM formatted, since that would violate the RFC. Both SMIME and PEM use base64 encoding, so part of the message may be the same, but the headers are different. >What I want to do is encode the WHOLE s/mime set of bytes into binary >the way the "binary" switch does on the "openssl smime binary" invocation does. Your question makes no sense. smime -binary does not affect the format of the output, it affects only canonicalization of the signed data. smime -outform DER is what made the output binary -- binary PKCS7/CMS, which is NOT SMIME but could be converted into SMIME by adding headers (and trailer) using null transfer-encoding, which is only useful if the partner(s) support that. OpenSSL commandline apparently doesn't support it, and I'm not sure if library does directly. I don't know what Bouncy provides here, but if you want bare PKCS7/CMS, in binary or otherwise, it may be under one of those names and not SMIME. Also note that OpenSSL smime -sign by default produces a 'detached' signature, also called 'clearsigning'. To transmit this signature with the associated data in SMIME you must use multipart/signed. The signature part might be in binary (although base64 is conventional) and the data part can be whatever you want, but the MIME headers including the multipart headers will always be restricted text. I don't know which way Bouncy defaults, but I'd expect it can do both detached and embedded aka opaque. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
