I think we-re getting in some problems with IE signatures (or my IE is not configured corectly). I will attach some files. Here are some explanations: 18570.sig - signature with IE 18570.1.sig - signature with openca-sign s11- binary from 18570.sig s22- binary from 18570.1.sig cacert.pem, key - CA files alex.p12 - test cert All files with password - the password is "password" If you taka a look you can see that s22 and s11 differ consistently. I presume that IE is signing a text in wich the letters are formatted differently???. But anyhow, I don't know the way out of this. I'll test the new OpenCA::PKCS7 a bit later.
Alex Michael Bell wrote: > alexandru matei schrieb: > > > > I'm having trouble with openca-verify on IE signatures (IE certificate > > is 1024 bit RSA). > > In openca-verify with no_chain I obtain: > > ./openca-verify -in 17924.sig -data 17924.txt -no_chain -verbose > > Signature Informations (PKCS#7): > > Depth: 0 > > Serial Number: 0A > > Subject: /SN=0A/CN=alexandru matei/OU=Internet/O=My Org/C=RO > > Verify Return: 0 > > Signed Attributes: > > Segmentation fault > > Looks like the IE don't attach the CA-cert to the signature. > > > ./openca-verify -in 17924.sig -data 17924.txt -cf > > /usr/local/openca_mysql_ra/OpenCA/var/crypto/cacerts/cacert.pem > > -verbose > > Signature Informations (PKCS#7): > > Depth: 1 > > Serial Number: 00 > > Subject: [EMAIL PROTECTED]/CN=PKI/OU=PKI/O=My > > Org/C=RO > > Verify Return: 1 > > Signed Attributes: > > Depth: 0 > > Serial Number: 0A > > Subject: /SN=0A/CN=alexandru matei/OU=Internet/O=My Org/C=RO > > Verify Return: 1 > > Signed Attributes: > > 18330:error:04077068:rsa routines:RSA_verify:bad > > signature:rsa_sign.c:217: > > 18330:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature > > failure:pk7_doit.c:840: > > Did you have a complete chain-directory? Is cacert.pem a root-CA? > Perhaps the verification fails because openca-verify cannot find the > next CA-cert. Can you send me the signature and all certificates? > > Did you removed the carriage returns? > > Michael > -- > ------------------------------------------------------------------- > Michael Bell Email (private): [EMAIL PROTECTED] > Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] > Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 > Unter den Linden 6 Fax: +49 (0)30-2093 2959 > 10099 Berlin > Germany http://www.openca.org > > _______________________________________________ > OpenCA-Devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-devel
s22
Description: Binary data
18570.sig
Description: application/unknown-content-type-pgp
You are going to sign this simple text. Be sure Javascript is enabled and your certificate gets correctly verified in your browser.
s11
Description: Binary data
18570.1.sig
Description: application/unknown-content-type-pgp
-----BEGIN CERTIFICATE----- MIIFeDCCBGCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBrMSkwJwYJKoZIhvcNAQkB FhphbGV4QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjEMMAoGA1UEAxMDUEtJMQwwCgYD VQQLEwNQS0kxFTATBgNVBAoTDFFiaXQgU3lzdGVtczELMAkGA1UEBhMCUk8wHhcN MDIwNDAxMDY1NzIzWhcNMDQwMzMxMDY1NzIzWjBrMSkwJwYJKoZIhvcNAQkBFhph bGV4QGxvY2FsaG9zdC5sb2NhbGRvbWFpbjEMMAoGA1UEAxMDUEtJMQwwCgYDVQQL EwNQS0kxFTATBgNVBAoTDFFiaXQgU3lzdGVtczELMAkGA1UEBhMCUk8wggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIh/JriBogZlLo36vkHh8qRhLxhj7q 9MXWXJj+y801o8IUknQM7uG7kLXl2iVloMEzr8xrfYt728/x52V/E9b6lgABLpAR WDeSbr2QwU8SahuiCoB3xP0NgWvZjQr5Msa3wGTDYdRdwEVQSYwfH/IlF3C77p1+ EbWcAYQptXZofFGwnEO+GNJafxRwiJdNFDhPcB4Bi57FYanwTn6hvVG8HBTouMsd 22GrjHfHW2AuFzxL6cGv206RO0AMk6UYynb0r2paKZc+MswoWr9VfsBjQZDBFmmN bxjA9ul0nJT6oYeFBxheGowgERQLUzaRsrsadtIl4/VG23/UzqOoDHSRAgMBAAGj ggIlMIICITAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRIORQhaZSyjXCAcQom mkGbFSafPDCBlQYDVR0jBIGNMIGKgBRIORQhaZSyjXCAcQommkGbFSafPKFvpG0w azEpMCcGCSqGSIb3DQEJARYaYWxleEBsb2NhbGhvc3QubG9jYWxkb21haW4xDDAK BgNVBAMTA1BLSTEMMAoGA1UECxMDUEtJMRUwEwYDVQQKEwxRYml0IFN5c3RlbXMx CzAJBgNVBAYTAlJPggEAMAsGA1UdDwQEAwIBxjAlBgNVHREEHjAcgRphbGV4QGxv Y2FsaG9zdC5sb2NhbGRvbWFpbjAlBgNVHRIEHjAcgRphbGV4QGxvY2FsaG9zdC5s b2NhbGRvbWFpbjARBglghkgBhvhCAQEEBAMCAAcwPwYJYIZIAYb4QgENBDIWMFFi aXQgU3lzdGVtcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBDZXJ0aWZpY2F0ZTA4 BgNVHR8EMTAvMC2gK6AphidodHRwczovL25ldHNlcnZlci9jZ2ktYmluL2NybC9j YWNybC5jcmwwNgYJYIZIAYb4QgEEBCkWJ2h0dHBzOi8vbmV0c2VydmVyL2NnaS1i aW4vY3JsL2NhY3JsLmNybDA2BglghkgBhvhCAQMEKRYnaHR0cHM6Ly9uZXRzZXJ2 ZXIvY2dpLWJpbi9jcmwvY2FjcmwuY3JsMA0GCSqGSIb3DQEBBAUAA4IBAQBM5Aj/ VWeCghmy5JndsB4VlmskqfjJ75fBnpEp51VGWQQAM6UBrzb/HSjF7670PETnbr8w spZ3Qd19x9BgByX786nl4UB8W5CQY2QHNG4j1hFsI/JQDOn9WLmyTilJjBzP/SBR daonwCZB//cMiCqBsv0b04tzz05mKw0mhboxfhAShksT88OQyiRR0oxILopEMItF DdLsOTVzXnQ8I6C1/iiV/JJkWKmomb12GkyCy6KX8Mq8zKIGXv3c5NuQg2QNqlQm bZYDVWQ/K3AP6LlmmTQGDIziCQOSy1D8BOA5emivmQaNWGJV/cgE7AGjb1lTdAIZ OdDh1pOFglOWXMPn -----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,4D3708F4E2F51110 bzlaRklWdiRd/ubEhSL6YRnkb22Q3TonLd6oBjlO6MrpecEcqk7O/uu0T69uJGZy 7jGhd9IUvzu9WKrYgMgn+76d8HCHyXs+7IJNrTZUYbQegxqLOPzrQEAQ/Z8MtfZc qQiA+NuvR9D2H5elFn4yIGjjaYYBcRl8KEWXxL+TpSSYPbDnxHi1cMKf33szq/tA /zH2SQNsl1XVTKIdxFsUpvTgnGDfxCZRCTiuqNihA5AIMPvDd9GYeIZNUCS/1BaX Jtgp1ZhZQQa7puF5UIqSpvsJx9TbqVE9RXcDd0u+IgKX55tZNqYNC40H19bx7L0E 3q759qvW8q+pPXCv6TTImPZuXKymmYiQTf+IG1433srNFoDmnMYX2c+hsFG5Ztd1 QrFV1ekCKZdGJXoPSfIjyaY1lG+ifXWg4L5soxDvgd3OhzGWeCks0xjDeChIozTK rAStLuKzhIiH31TTk6v/z0WxYWNAS+mnBb1dxjn+Nse61Kwf0p7dsOG89ekkPKHL PP6nHfdhYxbCYmIkaCPTKn/6U1mx8vqTG/aX9/Dy8NiVByPi8hiC53OJuHaV6lLG Tdc+jVO55PmhctYyD73EMQ0yvwQlf3qxv6IUemyXJtNCeTavUWQqJqLqtxG8fFDS tH/8SsRcTFS3cWlu8CEzm1I9mpvwafgpbKH/y/98KxSmHLsASIKKPt7Ln07t8zkT syWtUBq/DuM83aGotrMrLXCSi4/QMeXI1ciZxmZHJFbipfBPNMfFwwQuG4M0FgcA xqrgIn9dzHY6VZZ2D0GTqpBz27E3piRADMiHMvs6M2TcLVAVrLg0gQwz0K0p1knl Fp+BzDNdYX1EeRUOB6IrJz6NiEDC7WiXeXFcSKoh4F4k4+DiJYzpoESk5BoUkR2d XC1trZ5cceJGzh8m9ZwEwHUk+775Egzxf91w9oLiE1NWqHUJKpnlja/PsyuOO1Ie 275fUgQ6OhIo41yIGZ8w2uqXGV8fQHnX8RdyotWB9vRaiH8y4+x5hdO2EhAk5mSb oQTMrKrCoii7iwXd+xBG5d9raJGL8SbMt8+xIvA0wFid5NUPLYuJIhOUWuofjuuw FzeBLwGUa9nSt2dP6D/wz6JaU1cjVQe/tfCvgJNm8xHmKBzMTWSpy7ABg+Sn+F0p 3/nl1go26Cpy+AGfxSFNbtacMvxdZWnZQM8Mt+x3t98UwF+WYct58yPeUpdtUudn V4LL++r0XTbmbUft6TdAKbiv+Qb79BnXjuxZMBftNjuWqN0VUA3CiHHr5EjdZjBF GihLdF8uepu3qk3dGROZWtGDbu11zAAp0x6NP4GcNAclcw/e2+Qu9gnxobFG7E1C bGd79nH3C2MgkR8HnRu8Lz3gzS8ANwMNHQlSQslZEAvM+dgyj31xi19tDI99bkKE OP5jfd/dVB59CmvYnqTpMyt6VFPwtNUyoD+Ub3A74uX1JxbI/Soz6IFULQeoK4h1 5VPaVE2xnzTm9QqGbMKZKq5W5xEZlM8sBdiY06dzDVB+vJPTrp+8fMAMUUviJr2C 8ySaoN4EH2FjbyKYBSR7Nbkwioso9Ch0dtgF2gTCb6NTYLvMj+OsNQ== -----END RSA PRIVATE KEY-----
alex.p12
Description: application/pkcs12
