Dear folks,

I created X.509 signed mail by an application then I tried to verify
signature by 'openssl smime -verify ...' command.

It did not work first time.

S/MIME standard RFC 3851 and predecessors show a sample
multipart/signed message in section 3.4.3.3.:

       Content-Type: multipart/signed;
          protocol="application/pkcs7-signature";
          micalg=sha1; boundary=boundary42

       --boundary42
-->    Content-Type: text/plain

       This is a clear-signed message.

       --boundary42
       Content-Type: application/pkcs7-signature; name=smime.p7s
       Content-Transfer-Encoding: base64
       Content-Disposition: attachment; filename=smime.p7s

       ghyHhHUujhJhjH77n8HHGTrfvbnj756tbB9HG4VQpfyF467GhIGfHfYT6
       4VQpfyF467GhIGfHfYT6jH77n8HHGghyHhHUujhJh756tbB9HGTrfvbnj
       n8HHGTrfvhJhjH776tbB9HG4VQbnj7567GhIGfHfYT6ghyHhHUujpfyF4
       7GhIGfHfYT64VQbnj756

       --boundary42--

See the marked MIME sub-header in part2. My application that uses
MIME::Tools PERL library produces similar format:

       Content-Type: multipart/signed;
        protocol="application/pkcs7-signature";
        micalg=sha1;
        boundary="----------=_1215093708-16004-0"
       Content-Transfer-Encoding: binary
       MIME-Version: 1.0
       X-Mailer: MIME-tools 5.420 (Entity 5.420)
       From: [EMAIL PROTECTED]
       To: [EMAIL PROTECTED]
       Subject: Hello, nurse!
       
       This is an S/MIME signed message
       
       ------------=_1215093708-16004-0
-->    Content-Type: text/plain
-->    Content-Disposition: inline
-->    Content-Transfer-Encoding: binary
-->
       This is a message
       
       ------------=_1215093708-16004-0
       Content-Type: application/pkcs7-signature; name="signature-cr.p7s"
       Content-Disposition: attachment; filename="signature-cr.p7s"
       Content-Transfer-Encoding: base64
       
       MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEH
       AQAAoIIFbjCCBWowggRSoAMCAQICAgNWMA0GCSqGSIb3DQEBBQUAMFUxCzAJ
...

I found that 'openssl smime' refuses to verify signature until I
delete the marked lines. Probably it computes hash not only the
cleartext but on header and separator too.

Is this normal?
Why openssl could not figure out where the cleartext begins?

Gabor
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to