> I was signing a message with the smime tool and following command line
> ...
> and I was unable to verify the signature using the commercial toolkit
>
> OpenSSL:
>
> 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04
> 14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
> 7C 1A 8C D1 14 F9
This looks correct to me:
SEQUENCE ($21) {
SEQUENCE ($09) {
OID ($05)
NULL ($00)
}
OCTETSTRING ($14)
}
>
> PKCS #1:
>
> 30 21 30 1F 06 05 2B 0E 03 02 1A 05 00 04
> 14 14 44 0A B6 53 49 25 48 25 A8 02 A3 5C
> 7C 1A 8C D1 14 F9
This doesn't:
SEQUENCE ($21) {
SEQUENCE ($21) {
OID ($05)
NULL ($00)
OCTETSTRING ($14)
}
}
since AlgorithmIdentifier is defined as
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The OCTETSTRING which probably holds the signature
is not a parameter of the algorithm.
Just my two pence
Robert
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
