The "numeric code" is the *exit* status of the program. You can
find it in "$?" directly after the execution of the command (in
any POSIX shell).
Got it, thanks! Luckily for me, it’s zero. ;-)
> Is there an equivalent, either in openssl tool itself, or in the email
> clients
> On Apr 6, 2017, at 5:16 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
>> $ openssl cms -verify -verify_retcode -CAfile ~/Certs/Our_Root_CA.pem
>> -inform SMIME -signer $author -in ~/Documents/test-smime-decr.txt
>
> I saw no numeric code – but no error either.
The "numeric code" is the *ex
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
Two problems here, the "Verification successful" message is just a
diagnostic message to "stderr" and should not be considered a
reliable indication of signature validity. You really should
use the "-veri
> On Apr 6, 2017, at 5:00 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> But with your help, and providing the top root in the “-CAfile …” argument, I
> got it!!
>
>
> $ openssl cms -verify -CAfile ~/Certs/Our_Root_CA.pem -inform SMIME -in
> ~/Documents/test-smime-decr.txt
> Content-Type:
You really should peruse the cms(1) manpage, daunting as that might be. :-)
Alas, it is! ;-)
> And if I (failing to validate the certificate chain) want to just check
> whether the decrypted message was tampered with – is there a way to do
> that (without validating the certif
> On Apr 6, 2017, at 3:54 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> Content-Type: multipart/signed;
> ...
> Hoping that it includes the signing certificate of the signer, I tried to
> verify its signature by:
>
> $ openssl cms -verify -inform SMIME -in ~/Documents/test-smime-decr.txt
If the message is signed and then encrypted, you can then check the
signature on the decrypted output.
This is what the decrypted message looks like (it’s first few lines):
$ head ~/Documents/test-smime-decr.txt
Content-Type: multipart/signed;
boundary=Apple-Mail-D1CE77F5-394F-4A
I have no experience with engines and little interest at present in going
there.
(
For CMS decryption without engines:
$ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml
Thank you!! Decryption succeeded (using the signing key – which the sender
should
> On Apr 6, 2017, at 2:47 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> Would you be able to provide me with a command line that would allow me to
> *decrypt* the message? My keys are on a hardware token, so I’ll have to use
> "–engine pkcs11 –keyform ENGINE"
I have no experience with engine
For S/MIME input:
$ openssl cms -in cms.eml -cmsout -print
For DER input:
$ openssl cms -inform DER -in cms.der -cmsout -print
Thank you!!!
The above gave me:
CMS_ContentInfo:
contentType: pkcs7-envelopedData (1.2.840.113549.1.7.3)
. . . . .
ori
> On Apr 6, 2017, at 1:25 PM, Blumenthal, Uri - 0553 - MITLL
> wrote:
>
> I’m trying to debug the case of a (bad) email client sending encrypted S/MIME
> email that the recipient cannot decrypt (we suspect the problem is that the
> sender chooses a wrong public key/certificate to encrypt to).
I’m trying to debug the case of a (bad) email client sending encrypted S/MIME
email that the recipient cannot decrypt (we suspect the problem is that the
sender chooses a wrong public key/certificate to encrypt to).
Unfortunately, recipient email clients do not help figuring this out. All the
Hi,
I'm using RSA, but I need to know if OpenSSL RSA implements PKCS#1 v2.1. I have
the following questions:
1) Does OpenSSL support multi-prime?
2) Does OpenSSL support RSASSA-PSS?
3) If so, how can I use it?
I have checked the code (RSA Struct), and the doc, but I'm not sure if
Mr Victor , it works !!! You have taken me out of a great trouble !!!
I'd image it could be easy but I could not understand how to do.
Thanks a lot
Marina
(Milano , Italy)
Viktor Dukhovni wrote
>> On Apr 5, 2017, at 6:23 AM, Marina <
> Marina.Brusa@
> > wrote:
>>
>> I have been requested t
> On Apr 5, 2017, at 6:23 AM, Marina wrote:
>
> I have been requested to fill a field 344 characters long with a crypted
> string.
Why?
> My program uses a command to produce this string (cf.enc.b64),
> starting from a string 16 char long (cf.inp)
>
>$ openssl rsautl -encrypt -in cf.inp
15 matches
Mail list logo
