On Tue, Apr 18, 2006, Mahmoud TOUNSI wrote: > I have a signed message created by openssl (openssl smime -sign ....). I > would like to verify the signature in the signed file step by step. (i > know that i can do verification process by the command openssl smime > -verify ..) > > -first, i have do openssl asn1pase ... to take more information. > > - second, i have compared the the octet string of the message digest, > which is seen when doing the first step, with the hash of the file, is > the same hash. > > - third, i have taken the octet string of the signature and have > verified it by "openssl rsautl -verify " using the public key of the > signer. The latter command output is the identifier of the hash > algorithm and the message digest. This message digest is not the hash of > the file which is signed. > > So, how can i deal with this problem.
The signed hash is not from the signed file. It is the hash of the encoding of the authenticated attributes in the PKCS#7 structure. You need to extract those, change the initial tag and then work out the hash. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
