Verify certificate with RSA-PSS

2010-11-03 Thread Alexei Soloview 
Hello!

I have read earlier messages about support of RSA-PSS, but I'm confused.

I'm trying to verify certificate that signed using RSA-PSS. OpenSSL version
is 1.0.0a.


==
X509_STORE_CTX cert_ctx;
X509_STORE *store = fillTrustedCertificateStore(csca);

X509 *certificate = readCertificate(dsc);
if (store  certificate  X509_STORE_CTX_init (cert_ctx, store,
certificate, NULL))
{
int r = X509_verify_cert(cert_ctx);
int e = X509_STORE_CTX_get_error(cert_ctx);

std::cout  r =   r  , e =   e  \n;
}

==

Output: r = 0, e = 7
7 means X509_V_ERR_CERT_SIGNATURE_FAILURE

Sample certificate I got at this page http://www.kaiser.cx/x509Pss.html

What's wrong with this code?

Sincerelly, Alexei.

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Problem with verifying of PKCS7-structure signed with ECDSA-certificate

2010-02-26 Thread Alexei Soloview 
Hello!

 

I try to check signature on PKCS7-structure(see attached file pkcs7.bin). 

The following sequence of commands is performed:

openssl pkcs7 -in pkcs7.bin -inform DER -outform PEM -out pkcs7.PEM

openssl smime -verify -in pkcs7.PEM -inform pem -noverify  1pkcs7.data 

Verification failure

3980:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not
found:.\crypto\pkcs7\pk7_smime.c:378:

 

OpenSSL says that it cannot find signer certificate.  But output of command

openssl asn1parse -inform DER -in pkcs7.bin

shows that certificate is present.

 

What's wrong?

 

Sincerelly, Alexei Soloview.



pkcs7.bin
Description: Binary data