Re: [OpenCA-Devel] Perl interaction

Fri, 25 Feb 2005 07:13:35 -0800 

Johnny Gonzalez wrote:

Error 560
General Error. Signature Object not returned, check
the openca-verify command. Cannot build PKCS#7-object
from extracted signature!
OpenCA::PKCS7 returns errorcode 7911031
(OpenCA::PKCS7->new: Cannot initialize signature
(7912021). OpenCA::PKCS7->initSignature: Cannot parse
signature (7921021). OpenCA::PKCS7->getParsed: The
crypto-backend cannot verify the signature (7742075).
OpenCA::OpenSSL->verify: openca-sv failed. [Error]:
Digest mismatch. Signature is wrong.
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:00
subject:[EMAIL PROTECTED],CN=camanager,OU=Internet,O=certicamara,C=CO
depth:0 serial:03
subject:serialNumber=3,CN=radmin,OU=Internet,O=Certicamara,C=CO
[Info]: Signature is corrupt. Errorcode -1.
signature:error:-1
)..

I cheked the signature by myself using the command:

openca-sv verify -verbose -in 2080Firmada.pem -data
2080.pem -cert ../RACert.pem -keyfile ../RAKey.pem -cf
../cacert.pem

And the result is:

[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:1 serial:00
subject:[EMAIL PROTECTED],CN=certicamara,OU=desarrollo,O=certicamara,C=co
depth:0 serial:2D
subject:serialNumber=45,CN=rad2,OU=Internet,O=CERTICAMARA,C=CO
signature:ok:1

Go to OpenSSL.pm and add some code to sub verify which creates a copy from the data and the signature file (`cp $sigfile /tmp/sig.pem`). After OpenCA failed you can test the verification by yourself with openca-sv. This should fail too. After this you can start checking what's wrong - the signature or the data.

Michael
--
_______________________________________________________________

Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
[EMAIL PROTECTED]   D-10099 Berlin
_______________________________________________________________

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to