On Tue, Dec 07, 2010, Maxim Kammerer wrote: > > The command-line argument "-md" to "openssl cms -sign_receipt" is > > apparently ignored, and the default digest algorithm (SHA-1 in my > > tests) is used instead. In addition, the "-noattr" argument has the > > same effect as "-nosmimecap", apparently leaving some unnecessary > > attributes (like signing time) - contrary to the manual. > > Maybe it wasn't clear from my post, but this issue is a bug, not a > missing feature. The CMS structure for -sign_receipt is very similar > to one for -sign, and both have a field for the selected message > digest algorithm (visible with openssl cms -cmsout -noout -print -in > receipt.sig). Not so sure about -noattr/-nosmimecap, though. >
At present this is a limitation of the API: there is no option to specify an alternative digest. I'll have to see if there is an easy way to fix this without a new API. It would be relatively easy to use the same digest as the original content instead of using the default public key algorithm digest. The -noattr option isn't a bug: you can't omit all attributes with signed receipts and the use of any means that the standard mandatory attributes are included. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org