[OpenCA-Devel] Verifying PKCS#7 SignedData via OpenCA::OpenSSL::verify()

Thu, 28 Jul 2005 05:20:20 -0700 

Hi,

I am trying to verify a PKCS#7 SignedData object using
OpenCA::OpenSSL::verify().
My proglem is that the method requires the specification of DATA or
DATA_FILE and that it does not seem to support PKCS#7 that also
contain the data to be signed.

So from the current semantics I'd like to call the method this way:

my $ret = $cryptoShell->verify(SIGNATURE_FILE => $data,
  CA_CERT => $cacert);

Is there a way to do this (without modifying ::verify(), of course)?

Using the command line tool openca-sv works properly (this is similar to
the command line I'd like to see being generated from ::verify()):

(Note: p7_file was taken from a SCEP request, chain contains the
necessary CA certs)

openca:~ # /usr/local/bin/openca-sv verify -in p7_file -verbose -cf chain
[Info]: Input file intialized.
[Info]: Signaturefile initialized.
[Info]: Reading Certificate file.
[Info]: PKCS#7 object loaded.
[Info]: Data is ready for verification.
[Info]: Signature Informations (PKCS#7):
depth:0 serial:33 subject:CN=test15.example.xxx.com,O=XXXXX,DC=XXX,DC=com
        error:26:unsupported certificate purpose
depth:2 serial:00 subject:CN=XXXXX DEVELOPMENT TEST CA 4,OU=PKI,O=XXXXX,C=DE
depth:1 serial:01 subject:CN=XXXXX DEVELOPMENT TEST TLS CA
2,OU=PKI,O=XXXXX,C=DE
depth:0 serial:33 subject:CN=test15.example.xxx.com,O=XXXXX,DC=XXX,DC=com
signature:ok:1

Background information: I am working on fully automatic cert renewal
for client systems. I already have extended sscep to support request
authentication using the previously existing certificate/key according
to the latest SCEP draft 11.
The functionality I am implementing automatically approves SCEP requests
if they are signed by an already existing certificate.

Martin



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO September
19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to