Re: form signing and verification

2000-07-20 Thread Dr Stephen Henson 

Vivek Dasgupta wrote:
 
 
 Thanks
 
 The problem was with '\n' characters not taken care of in the signature file.
 
 Now both the following commands work properly.
 
 openssl base64 -d -in $valid \
  | openssl pkcs7 -out $sigtmp -inform DER -outform PEM
 
 Now in the following command
 "verify -in $sigtmp -data $theText -cf $db -verbose"
 actually the syntax is
 "verify $sigtmp -d $theText -cf $db"
 
 it gives following error
 
 depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC 
[EMAIL PROTECTED]
 verify return:1
 depth=0 
[EMAIL PROTECTED]
 verify return:1
 2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest 
failure:pk7_doit.c:786:
 
 Is this problem due to message digest algorithm because
 crypto.signText hashes with SHA and in openssl.cnf default md is md5.
 
 Which cert file is required in $db? I supplied the CA cert file.
 What message will verify give if signature is correct.
 I saw only a printf("done..") in the code.
 

I can't comment about that program other than it may be missing an
OpenSSL_add_all_algorithms() if it doesn't recognise SHA1.

With the latest snapshot you can do:

openssl smime verify -inform DER -in sig.der -content content.txt

which should do the same thing.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.


__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: form signing and verification

2000-07-19 Thread Vivek Dasgupta 

On Wed, 19 July 2000, Yuji Shinozaki wrote:

 
 
 How are you creating foo.b64?  What does it look like?

Thanks

The problem was with '\n' characters not taken care of in the signature file.

Now both the following commands work properly.

openssl base64 -d -in $valid \ 
 | openssl pkcs7 -out $sigtmp -inform DER -outform PEM

Now in the following command
"verify -in $sigtmp -data $theText -cf $db -verbose"  
actually the syntax is 
"verify $sigtmp -d $theText -cf $db"

it gives following error

depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC 
[EMAIL PROTECTED]
verify return:1
depth=0 
[EMAIL PROTECTED]
verify return:1
2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:786:

Is this problem due to message digest algorithm because
crypto.signText hashes with SHA and in openssl.cnf default md is md5. 

Which cert file is required in $db? I supplied the CA cert file. 
What message will verify give if signature is correct.
I saw only a printf("done..") in the code.

Thanks 
vivek


___

$1 million in prizes! 20 daily instant winners. 
AltaVista Rewards: Click here to win! 
http://shopping.altavista.com/e.sdc?e=3

___

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: form signing and verification

2000-07-19 Thread Vivek Dasgupta 

On Wed, 19 July 2000, Yuji Shinozaki wrote:

 
 
 How are you creating foo.b64?  What does it look like?

Thanks

The problem was with '\n' characters not taken care of in the signature file.

Now both the following commands work properly.

openssl base64 -d -in $valid \ 
 | openssl pkcs7 -out $sigtmp -inform DER -outform PEM

Now in the following command
"verify -in $sigtmp -data $theText -cf $db -verbose"  
actually the syntax is 
"verify $sigtmp -d $theText -cf $db"

it gives following error

depth=1 /C=IN/ST=AP/L=City/O=ABC/OU=Secure Machine 172.19.11.11/CN=ABC 
[EMAIL PROTECTED]
verify return:1
depth=0 
[EMAIL PROTECTED]
verify return:1
2161:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:786:

Is this problem due to message digest algorithm because
crypto.signText hashes with SHA and in openssl.cnf default md is md5. 

Which cert file is required in $db? I supplied the CA cert file. 
What message will verify give if signature is correct.
I saw only a printf("done..") in the code.

Thanks 
vivek


___

$1 million in prizes! 20 daily instant winners. 
AltaVista Rewards: Click here to win! 
http://shopping.altavista.com/e.sdc?e=3

___

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: form signing and verification

2000-07-18 Thread Andrey Angelov 

Vivek Dasgupta wrote:
 I have netscape 4.72 with PKCS#11 CRYPTO MODULES
 
 I have also tested javascript method crypto.signText
 at client side to sign form data. It displays communicator window to signing but 
gives internal error after pressing OK.
for me on Netscape 4.73 works OK. Check client certificate.
 
 On server side does openssl have command line utility to verify signature on a given 
text?
try (verify) from OpenCA package (http://www.openca.org)

2y

begin:vcard 
n:Angelov;Andrey
x-mozilla-html:FALSE
org:SG EXPRESSBANK;ITD
adr:;;;Varna;Varna;;BG
version:2.1
email;internet:[EMAIL PROTECTED]
title:programmer
x-mozilla-cpt:;-11008
fn:Andrey Angelov
end:vcard

 S/MIME Cryptographic Signature