On 2005.05.24 at 14:33:29 +0100, Chris Covell wrote: > I am now using this command: > > $ openssl smime -verify -inform PEM -in signature.pk7 -CAfile > development_cm.pem -content content.txt > > And I get this output: > > content > Verification failure > 2788:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest > failure:pk7_doit.c:804: > 2788:error:21075069:PKCS7 routines:PKCS7_verify:signature > failure:pk7_smime.c:265: > > It looks like it is all working, just that it is failing verification. > But the content is so simple, that i can't believe that is the problem > ! Is the problem CR/LF ? I am signing using FireFox on Windows to sign > but using OpenSSL on Linux to verify. >
Yes, CR/LF can be a problem. Many MTA feel free to convert eol from CR/LF to LF and vice versa. Try to play with -text and -crlfeol options of openssl smime. For us there was more problems with generation of S/MIME messages which pass all the mail servers on the way to recipient. Other problem may be with Content-Transfer-Encoding. Typically S/MIME computes digest of message after applying content- encoding (such as Quoted-Printable or Base64) and including some mail headers. If you receive such a message it is better to verify it as SMIME format message passing it to openssl with all mail headers. If you've extracted content you might forget to extract those headers which was included in digest computation. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]