On 21 Aug 2012, at 2:39 PM, Bart W Jenkins wrote: > Given: > > openssl smime -binary -sign -passin "pass:SomePassword" -signer cert.pem > -inkey key.pem -in Document.txt -out Document.txt.sig -outform DER > > What *exactly* is done to the s/mime text to create a "binary" file?
Are you asking about the "-binary" flag to "openssl smime" or about the encoding of the encrypted/signed file? I think the only difference "-binary" makes is whether the plaintext's line-endings are converted to/from the local convention vs. the network-standard CRLF. Glancing at the source code, the only things that flag affects are the mode argument of fopen() and an internal function that canonicalizes line endings (rather, if "-binary" is given, it does not canonicalize line endings). > I'm trying to do the equivalent in Java using BouncyCastle and just can't get > from a text based PEM file to a binary/DER file. That's controlled by the "-outform DER" flag to openssl, not "-binary". PEM is simply base64-encoded DER with header and footer lines added; it has nothing to do with whether the data inside the crypto blob is "binary" or not. I'm not familiar with the BouncyCastle APIs, but I'm guessing they generate DER internally and then convert that to PEM. If you want DER, just remove or disable that last conversion. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
