Martin Lohner wrote:
> 
> Hi,
> 
> I used CA.pl to generate a CA and signed a certificate for myself.
> (Default openssl.cnf; OpenSSL 0.9.5 28 Feb 2000)
> After importing the cert to netcape I send a signed message to myself
> using the mutt email client.
> 
> First question - maybe this one is for the mutt-list:
> 
> Can mutt handle pkcs-7-conforming mails?
> 
> Well, my mutt installation can't. I received the message in two
> parts, the message and the signature. I saved the signature part
> and tryed to verifiy the signature with
> 
> openssl smime -verify -in smime.p7s
> 
> resulting in
> 
> Error reading S/MIME message
> 2108:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215:
> 
> Merging the content of the mail and the signature in one file and trying
> to verify it resulted in
> 
> openssl smime -verify -in dummy
> Error reading S/MIME message
> 2112:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content type:pk7_mime.c:215:
> 
> The man page of openssl/smime states, that there might be parsing errors
> when reading S/MIME v3 structure. Is this the reason for this problem??
> 
> Thanks for any hints,
> 

With OpenSSL 0.9.5a you need to be able to have the message as a single
multipart/signed entity. The errors you are seeing are because OpenSSL
cannot see any MIME Content-type: header.

For the latest dev version you may be able to do:

openssl smime -verify -inform DER -in smime.p7s -content message

However the message MUST be available verbatim, that is without any
MIME headers being stripped or translated otherwise you'll get a
signature failure. This can cause problems because mail readers
typically strip off MIME headers and interpret the content
appropriately. These must be available to the smime program because they
are part of the signed content.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to