Vivek Dasgupta wrote:
>
>
> Thanks
>
> The problem was with '\n' characters not taken care of in the signature file.
>
> Now both the following commands work properly.
>
> openssl base64 -d -in $valid \
> | openssl pkcs7 -out $sigtmp -inform DER -outform PEM
>
> Now in the following command
> "verify -in $sigtmp -data $theText -cf $db -verbose"
> actually the syntax is
> "verify $sigtmp -d $theText -cf $db"
>
> it gives following error
>
> depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC
>[EMAIL PROTECTED]
> verify return:1
> depth=0
>[EMAIL PROTECTED]
> verify return:1
> 2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
>failure:pk7_doit.c:786:
>
> Is this problem due to message digest algorithm because
> crypto.signText hashes with SHA and in openssl.cnf default md is md5.
>
> Which cert file is required in $db? I supplied the CA cert file.
> What message will verify give if signature is correct.
> I saw only a <printf("done..")> in the code.
>
I can't comment about that program other than it may be missing an
OpenSSL_add_all_algorithms() if it doesn't recognise SHA1.
With the latest snapshot you can do:
openssl smime verify -inform DER -in sig.der -content content.txt
which should do the same thing.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]