PKCS7_verify
when i got a signed smime letter signed by PKCS7_sign suppose the certificate chain is myca -> mycertificate so the PKCS7_verify is ok but if the certificate chain is myca -> myissueca -> mycertificate so the pkcs7_verify will fail even i use openssl smime -verify -certfile my.cer -CAfile myca.cer -in o.eml it will fail too ,and the error messsage is "unable to get local issuer certificate" but if the signed letter is signed by other application ,such as outlook there is no problem i wonder why any help would be great appreciate thanks -- View this message in context: http://www.nabble.com/PKCS7_verify-t1634754.html#a4427414 Sent from the OpenSSL - Dev forum at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_verify
On Wed, May 17, 2006, camino (sent by Nabble.com) wrote: > > when i got a signed smime letter signed by PKCS7_sign > suppose the certificate chain is > myca -> mycertificate > so the PKCS7_verify is ok > > but if the certificate chain is > myca -> myissueca -> mycertificate > so the pkcs7_verify will fail > even i use > openssl smime -verify -certfile my.cer -CAfile myca.cer -in o.eml > it will fail too ,and the error messsage is > "unable to get local issuer certificate" > > but if the signed letter is signed by other application ,such as outlook > there is no problem > i wonder why > > any help would be great appreciate > The signed email should include the intermediate CA (myissueca) in this case in the signed message. The -certfile option does this on the command line. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
howto make included asn1_sequence?
Hi all!
I need to make such stuct:
SEQUENCE{
SEQUENCE{
OCTET STRING
}
OCTET STRING
}
Is it posible to make it with macros like ASN1_SEQUENCE, ASN1_EXP and etc.
And if it posible, then how?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: howto make included asn1_sequence?
On Wed, May 17, 2006, [EMAIL PROTECTED] wrote:
> Hi all!
>
> I need to make such stuct:
>
> SEQUENCE{
> SEQUENCE{
> OCTET STRING
> }
> OCTET STRING
> }
>
> Is it posible to make it with macros like ASN1_SEQUENCE, ASN1_EXP and etc.
> And if it posible, then how?
This should be in openssl-users.
If you just want to make it and not parse it then the mini-ASN1 compiler will
do the trick.
As to how I suggest you look at the existing ASN1 modules: it isn't hard.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
RC5 in openssl FIPS (versin 7j) is disabled?
Hi, I am new to the openssl. I just compiled openssl FIPS version and I found out that other crypto functions are OK, but I couldn't call those RC5 crypto function. Is this due to RC5 disabled in FIPS version or RC5 is not FIPS approved? I highly appreciate for any helps. __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: RC5 in openssl FIPS (versin 7j) is disabled?
Shicai Hu wrote: > Hi, I am new to the openssl. I just compiled openssl FIPS version and I > found out that other crypto functions are OK, but I couldn't call those > RC5 crypto function. Is this due to RC5 disabled in FIPS version or RC5 > is not FIPS approved? I highly appreciate for any helps. Please reference the approved algorithms in section 2.3 of the OpenSSL FIPS 140-2 Security Policy (page 17 & 18): http://csrc.nist.gov/cryptval/140-1/140sp/140sp642.pdf Or question #6 of the FIPS FAQ: http://oss-institute.org/fips-faq.html#a6 -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: PKCS7_verify
i have tried openssl smime -sign -in before.eml -signer 666.pem -inkey 666key.pem -out signed.eml -certfile thmid.cer and then verified it. it works thank you very much! -- View this message in context: http://www.nabble.com/PKCS7_verify-t1634754.html#a4442652 Sent from the OpenSSL - Dev forum at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
how can I get the certificate chain from an end certificate?
i have an end x509 certificate ,and i hope to get the certificate chain do openssl has a function like CertGetCertificateChain in windows api? thanks -- View this message in context: http://www.nabble.com/how-can-I-get-the-certificate-chain-from-an-end-certificate--t1640417.html#a4443193 Sent from the OpenSSL - Dev forum at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
