david wrote: > > Folks > > As part of an exploration, I have used the openssl command line tool in > Redhat 7.1 and successfully: > - created a self-signed ca cert > - created an end-entity cert > - Using openssl smime, I've signed a text message. > - Using openssl smime, I've verified the text message > And that took some doing (the doc's are far from clear). >
In what way aren't the docs clear? There are extensive examples in the smime manual page. > I am unable do to this, however, with a binary file. I tried to append the > word "-binary" to my > openssl smime -sign .... > command, but the verification step always fails with a message digest > error. The exact message that shows up is: > > 5644:error:21071065:PKCS7 > routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:762 > followed by another message about verify failure. > > Is there a way to use the command line tool for signing binary data? > Since you haven't included the complete command line I'm assuming you are using the default cleartext MIME format. This may have problems with binary data. You may have more luck using opaque signing (the -nodetach option) or using DER or PEM format and either distributing the signed content separately or including it with the signature (again the -nodetach option). Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
