Dave, As I know the PKCS7_BINARY flag is used to prevent a binary data from translation to MIME format. It always leads to data corruption. I advise to use this flag when a binary data is to be signed.
2014-05-28 2:39 GMT+04:00 Dave Thompson <dthomp...@prinpay.com>: > The third arg of PKCS7_verify (indata) should only be used for an > ‘external’ or ‘detached’ signature > > where the PKCS#7 does not contain the data. In your case it should be null. > > > > Also note that the _BINARY flag isn’t actually used for “plain” PKCS#7, > only for SMIME. > > And I don’t think it really works right for SMIME. Avoid it. > > > > *From:* owner-openssl-us...@openssl.org [mailto: > owner-openssl-us...@openssl.org] *On Behalf Of *Dikarev Evgeniy > *Sent:* Tuesday, May 27, 2014 03:45 > *To:* openssl-users@openssl.org > *Subject:* PKCS7_sign & PKCS7_verify > > > > Hey, guys. > > I have a small problem when using the PKCS7_sign and PKCS7_verify. Do not > check the signature in the example, but is checked by using the openssl in > command line. What am I doing wrong? > > code is attached. > > -------------------------------------------------------- > > Dikarev Evgeniy >
