alexandru matei schrieb: > > I'm having trouble with openca-verify on IE signatures (IE certificate > is 1024 bit RSA). > In openca-verify with no_chain I obtain: > ./openca-verify -in 17924.sig -data 17924.txt -no_chain -verbose > Signature Informations (PKCS#7): > Depth: 0 > Serial Number: 0A > Subject: /SN=0A/CN=alexandru matei/OU=Internet/O=My Org/C=RO > Verify Return: 0 > Signed Attributes: > Segmentation fault
Looks like the IE don't attach the CA-cert to the signature. > ./openca-verify -in 17924.sig -data 17924.txt -cf > /usr/local/openca_mysql_ra/OpenCA/var/crypto/cacerts/cacert.pem > -verbose > Signature Informations (PKCS#7): > Depth: 1 > Serial Number: 00 > Subject: [EMAIL PROTECTED]/CN=PKI/OU=PKI/O=My > Org/C=RO > Verify Return: 1 > Signed Attributes: > Depth: 0 > Serial Number: 0A > Subject: /SN=0A/CN=alexandru matei/OU=Internet/O=My Org/C=RO > Verify Return: 1 > Signed Attributes: > 18330:error:04077068:rsa routines:RSA_verify:bad > signature:rsa_sign.c:217: > 18330:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature > failure:pk7_doit.c:840: Did you have a complete chain-directory? Is cacert.pem a root-CA? Perhaps the verification fails because openca-verify cannot find the next CA-cert. Can you send me the signature and all certificates? Did you removed the carriage returns? Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
