Re: Verify signature of a multipart message
Angus Lee wrote: = Original Message From [EMAIL PROTECTED] = I could use OpenSSL to decrypt this signed and encrypted message. Then when I verify the digital signature, OpenSSL told me that 'content and data present'. Is there anything wrong with my code? Can you send me a copy of the message and/or signature. The signed but decrypted version that is? b4dec.txt is the original signed and encrypted message, while afterdec.txt is what I got after decryption. cityuca.pem is the CA certificate of the signer. What version of Netscape is this BTW? 4.71 (40 bit). Ugh. I checked OpenSSL 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verify signature of a multipart message
Angus Lee wrote: b4dec.txt is the original signed and encrypted message, while afterdec.txt is what I got after decryption. cityuca.pem is the CA certificate of the signer. OK. I've included a work around to the dev version of OpenSSL. It will be in OpenSSL 0.9.6. If you want to fix this yourself just locate the test in the function PKCS7_verify() in crypto/pkcs7/pk7_smime.c and comment it out. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Verify signature of a multipart message
= Original Message From [EMAIL PROTECTED] = Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. In other words, do you mean that I couldn't verify the digital signature of those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for our University. I've asked my colleague to send me a signed message using Outlook Express. He accidentally sent both plain text and HTML format to me. So the message is a multipart message, but I could verify the digital signature without any problem. By the way, my colleague used a digital certificate generated using OpenSSL to sign the e-mail. Did it matter? Angus Lee --- Get Your Free Email at http://www.hknetmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verify signature of a multipart message
Angus Lee wrote: = Original Message From [EMAIL PROTECTED] = Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause is that Netscape isn't properly excluding the content. It is including a zero length content. This is a recent addition to Netscape and is a bug. I'll see if I can develop a work around. In other words, do you mean that I couldn't verify the digital signature of those e-mail come from Netscape. I'm developing a Eudora S/MIME plug-in for our University. I've asked my colleague to send me a signed message using Outlook Express. He accidentally sent both plain text and HTML format to me. So the message is a multipart message, but I could verify the digital signature without any problem. By the way, my colleague used a digital certificate generated using OpenSSL to sign the e-mail. Did it matter? No it doesn't manner: its a Netscape messenger bug. As I said in my other message I've added a work around in OpenSSL now anyway and it verifies your test message (and mine) just fine. Yes I did mean Netscape 4.73 has the problem also. I'm using PSM and it also does that. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Verify signature of a multipart message
= Original Message From [EMAIL PROTECTED] = I could use OpenSSL to decrypt this signed and encrypted message. Then when I verify the digital signature, OpenSSL told me that 'content and data present'. Is there anything wrong with my code? Can you send me a copy of the message and/or signature. The signed but decrypted version that is? b4dec.txt is the original signed and encrypted message, while afterdec.txt is what I got after decryption. cityuca.pem is the CA certificate of the signer. What version of Netscape is this BTW? 4.71 (40 bit). Angus Lee --- Get Your Free Email at http://www.hknetmail.com vfymsg.zip
Verify signature of a multipart message
Hi, I sent an signed and encrypted email to myself using Netscape. The email contains not only the text portion, but also two attachments. I could use OpenSSL to decrypt this signed and encrypted message. Then when I verify the digital signature, OpenSSL told me that 'content and data present'. It astronished me. I opened the decrypted message and found a multipart/signed message. The first part is the original message which is a multipart message having three parts. The second part of the multipart/signed message is the digital signature. So what's wrong? I tried to cut the message body (i.e. exclude the digital signature part) out and use OpenSSL to sign this message with the same private key. After that, I could verify this signed message. However the original one that come from Netscape still couldn't and have the same error always. Is there anything wrong with my code? Angus Lee --- Get Your Free Email at http://www.hknetmail.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]