Re: form signing and verification
Vivek Dasgupta wrote: Thanks The problem was with '\n' characters not taken care of in the signature file. Now both the following commands work properly. openssl base64 -d -in $valid \ | openssl pkcs7 -out $sigtmp -inform DER -outform PEM Now in the following command "verify -in $sigtmp -data $theText -cf $db -verbose" actually the syntax is "verify $sigtmp -d $theText -cf $db" it gives following error depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC [EMAIL PROTECTED] verify return:1 depth=0 [EMAIL PROTECTED] verify return:1 2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:786: Is this problem due to message digest algorithm because crypto.signText hashes with SHA and in openssl.cnf default md is md5. Which cert file is required in $db? I supplied the CA cert file. What message will verify give if signature is correct. I saw only a printf("done..") in the code. I can't comment about that program other than it may be missing an OpenSSL_add_all_algorithms() if it doesn't recognise SHA1. With the latest snapshot you can do: openssl smime verify -inform DER -in sig.der -content content.txt which should do the same thing. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: form signing and verification
On Wed, 19 July 2000, Yuji Shinozaki wrote: How are you creating foo.b64? What does it look like? Thanks The problem was with '\n' characters not taken care of in the signature file. Now both the following commands work properly. openssl base64 -d -in $valid \ | openssl pkcs7 -out $sigtmp -inform DER -outform PEM Now in the following command "verify -in $sigtmp -data $theText -cf $db -verbose" actually the syntax is "verify $sigtmp -d $theText -cf $db" it gives following error depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC [EMAIL PROTECTED] verify return:1 depth=0 [EMAIL PROTECTED] verify return:1 2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:786: Is this problem due to message digest algorithm because crypto.signText hashes with SHA and in openssl.cnf default md is md5. Which cert file is required in $db? I supplied the CA cert file. What message will verify give if signature is correct. I saw only a printf("done..") in the code. Thanks vivek ___ $1 million in prizes! 20 daily instant winners. AltaVista Rewards: Click here to win! http://shopping.altavista.com/e.sdc?e=3 ___ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: form signing and verification
On Wed, 19 July 2000, Yuji Shinozaki wrote: How are you creating foo.b64? What does it look like? Thanks The problem was with '\n' characters not taken care of in the signature file. Now both the following commands work properly. openssl base64 -d -in $valid \ | openssl pkcs7 -out $sigtmp -inform DER -outform PEM Now in the following command "verify -in $sigtmp -data $theText -cf $db -verbose" actually the syntax is "verify $sigtmp -d $theText -cf $db" it gives following error depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC [EMAIL PROTECTED] verify return:1 depth=0 [EMAIL PROTECTED] verify return:1 2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:786: Is this problem due to message digest algorithm because crypto.signText hashes with SHA and in openssl.cnf default md is md5. Which cert file is required in $db? I supplied the CA cert file. What message will verify give if signature is correct. I saw only a printf("done..") in the code. Thanks vivek ___ $1 million in prizes! 20 daily instant winners. AltaVista Rewards: Click here to win! http://shopping.altavista.com/e.sdc?e=3 ___ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: form signing and verification
Vivek Dasgupta wrote: I have netscape 4.72 with PKCS#11 CRYPTO MODULES I have also tested javascript method crypto.signText at client side to sign form data. It displays communicator window to signing but gives internal error after pressing OK. for me on Netscape 4.73 works OK. Check client certificate. On server side does openssl have command line utility to verify signature on a given text? try (verify) from OpenCA package (http://www.openca.org) 2y begin:vcard n:Angelov;Andrey x-mozilla-html:FALSE org:SG EXPRESSBANK;ITD adr:;;;Varna;Varna;;BG version:2.1 email;internet:[EMAIL PROTECTED] title:programmer x-mozilla-cpt:;-11008 fn:Andrey Angelov end:vcard S/MIME Cryptographic Signature