On Fri, Sep 06, 2002 at 12:59:02PM +0100, [EMAIL PROTECTED] wrote:
> vf [SMTP:[EMAIL PROTECTED]] wrote:
> > Please consider to post a (short) signed message together with
> > signer's certificate. Private signing key would be great as
> > well, in case it's not used for production.
>
> OK.
>
> I loaded up the stunnel, self-signed certificate (stunnel.pem & .p12)
> into the Windows certificate store and used that with Wincrypt to sign a
> copy of the PEM file (stunnel.pem.sgn). WinCrypt seems to zip the
> file(s) and then add a signature.
>
> (I've tried to keep it small)
"openssl asn1parse" shows structure of this signed data (output attached)
and it could be verified with
"openssl smime -verify -noverify -inform der -in /tmp/stunnel.pem.sgn"
one could also verify signer's certificate by dropping "-noverify"
and specifying CA certificate
hope this helps,
Vadim
0:d=0 hl=4 l=2499 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l=2484 cons: cont [ 0 ]
19:d=2 hl=4 l=2480 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :01
26:d=3 hl=2 l= 14 cons: SET
28:d=4 hl=2 l= 12 cons: SEQUENCE
30:d=5 hl=2 l= 8 prim: OBJECT :md5
40:d=5 hl=2 l= 0 prim: NULL
42:d=3 hl=4 l=1680 cons: SEQUENCE
46:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data
57:d=4 hl=4 l=1665 cons: cont [ 0 ]
61:d=5 hl=4 l=1661 prim: OCTET STRING :-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCxUFMuqJJbI9KnB8VtwSbcvwNOltWBtWyaSmp7yEnqwWel5TFf
cOObCuLZ69sFi1ELi5C91qRaDMow7k5Gj05DZtLDFfICD0W1S+n2Kql2o8f2RSvZ
qD2W9l8i59XbCz1oS4l9S09L+3RTZV9oer/Unby/QmicFLNM0WgrVNiKywIDAQAB
AoGAKX4KeRipZvpzCPMgmBZi6bUpKPLS849o4pIXaO/tnCm1/3QqoZLhMB7UBvrS
PfHj/Tejn0jjHM9xYRHi71AJmAgzI+gcN1XQpHiW6kATNDz1r3yftpjwvLhuOcp9
tAOblojtImV8KrAlVH/21rTYQI+Q0m9qnWKKCoUsX9Yu8UECQQDlbHL38rqBvIMk
zK2wWJAbRvVf4Fs47qUSef9pOo+p7jrrtaTqd99irNbVRe8EWKbSnAod/B04d+cQ
ci8W+nVtAkEAxdqPOnCISW4MeS+qHSVtaGv2kwvfxqfsQw+zkwwHYqa+ueg4wHtG
/9+UgxcXyCXrj0ciYCqURkYhQoPbWP82FwJAWWkjgTgqsYcLQRs3kaNiPg8wb7Yb
NxviX0oGXTdCaAJ9GgGHjQ08lNMxQprnpLT8BtZjJv5rUOeBuKoXagggHQJAaUAF
91GLvnwzWHg5p32UgPsF1V14siX8MgR1Q6EfgKQxS5Y0Mnih4VXfnAi51vgNIk/2
AnBEJkoCQW8BTYueCwJBALvz2JkaUfCJc18E7jCP7qLY4+6qqsq+wr0t18+ogOM9
JIY9r6e1qwNxQ/j1Mud6gn6cRrObpRtEad5z2FtcnwY=
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICDzCCAXigAwIBAgIBADANBgkqhkiG9w0BAQQFADBCMQswCQYDVQQGEwJQTDEf
MB0GA1UEChMWU3R1bm5lbCBEZXZlbG9wZXJzIEx0ZDESMBAGA1UEAxMJbG9jYWxo
b3N0MB4XDTk5MDQwODE1MDkwOFoXDTAwMDQwNzE1MDkwOFowQjELMAkGA1UEBhMC
UEwxHzAdBgNVBAoTFlN0dW5uZWwgRGV2ZWxvcGVycyBMdGQxEjAQBgNVBAMTCWxv
Y2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsVBTLqiSWyPSpwfF
bcEm3L8DTpbVgbVsmkpqe8hJ6sFnpeUxX3Djmwri2evbBYtRC4uQvdakWgzKMO5O
Ro9OQ2bSwxXyAg9FtUvp9iqpdqPH9kUr2ag9lvZfIufV2ws9aEuJfUtPS/t0U2Vf
aHq/1J28v0JonBSzTNFoK1TYissCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgZA
MA0GCSqGSIb3DQEBBAUAA4GBAAhYFTngWc3tuMjVFhS4HbfFF/vlOgTu44/rv2F+
ya1mEB93htfNxx3ofRxcjCdorqONZFwEba6xZ8/UujYfVmIGCBy4X8+aXd83TJ9A
eSjTzV9UayOoGtmg8Dv2aj/5iabNeK1Qf35ouvlcTezVZt2ZeJRhqUHcGaE+apCN
TC9Y
-----END CERTIFICATE-----
1726:d=3 hl=4 l= 531 cons: cont [ 0 ]
1730:d=4 hl=4 l= 527 cons: SEQUENCE
1734:d=5 hl=4 l= 376 cons: SEQUENCE
1738:d=6 hl=2 l= 3 cons: cont [ 0 ]
1740:d=7 hl=2 l= 1 prim: INTEGER :02
1743:d=6 hl=2 l= 1 prim: INTEGER :00
1746:d=6 hl=2 l= 13 cons: SEQUENCE
1748:d=7 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
1759:d=7 hl=2 l= 0 prim: NULL
1761:d=6 hl=2 l= 66 cons: SEQUENCE
1763:d=7 hl=2 l= 11 cons: SET
1765:d=8 hl=2 l= 9 cons: SEQUENCE
1767:d=9 hl=2 l= 3 prim: OBJECT :countryName
1772:d=9 hl=2 l= 2 prim: PRINTABLESTRING :PL
1776:d=7 hl=2 l= 31 cons: SET
1778:d=8 hl=2 l= 29 cons: SEQUENCE
1780:d=9 hl=2 l= 3 prim: OBJECT :organizationName
1785:d=9 hl=2 l= 22 prim: PRINTABLESTRING :Stunnel Developers Ltd
1809:d=7 hl=2 l= 18 cons: SET
1811:d=8 hl=2 l= 16 cons: SEQUENCE
1813:d=9 hl=2 l= 3 prim: OBJECT :commonName
1818:d=9 hl=2 l= 9 prim: PRINTABLESTRING :localhost
1829:d=6 hl=2 l= 30 cons: SEQUENCE
1831:d=7 hl=2 l= 13 prim: UTCTIME :990408150908Z
1846:d=7 hl=2 l= 13 prim: UTCTIME :000407150908Z
1861:d=6 hl=2 l= 66 cons: SEQUENCE
1863:d=7 hl=2 l= 11 cons: SET
1865:d=8 hl=2 l= 9 cons: SEQUENCE
1867:d=9 hl=2 l= 3 prim: OBJECT :countryName
1872:d=9 hl=2 l= 2 prim: PRINTABLESTRING :PL
1876:d=7 hl=2 l= 31 cons: SET
1878:d=8 hl=2 l= 29 cons: SEQUENCE
1880:d=9 hl=2 l= 3 prim: OBJECT :organizationName
1885:d=9 hl=2 l= 22 prim: PRINTABLESTRING :Stunnel Developers Ltd
1909:d=7 hl=2 l= 18 cons: SET
1911:d=8 hl=2 l= 16 cons: SEQUENCE
1913:d=9 hl=2 l= 3 prim: OBJECT :commonName
1918:d=9 hl=2 l= 9 prim: PRINTABLESTRING :localhost
1929:d=6 hl=3 l= 159 cons: SEQUENCE
1932:d=7 hl=2 l= 13 cons: SEQUENCE
1934:d=8 hl=2 l= 9 prim: OBJECT :rsaEncryption
1945:d=8 hl=2 l= 0 prim: NULL
1947:d=7 hl=3 l= 141 prim: BIT STRING
2091:d=6 hl=2 l= 21 cons: cont [ 3 ]
2093:d=7 hl=2 l= 19 cons: SEQUENCE
2095:d=8 hl=2 l= 17 cons: SEQUENCE
2097:d=9 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
2108:d=9 hl=2 l= 4 prim: OCTET STRING
2114:d=5 hl=2 l= 13 cons: SEQUENCE
2116:d=6 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
2127:d=6 hl=2 l= 0 prim: NULL
2129:d=5 hl=3 l= 129 prim: BIT STRING
2261:d=3 hl=3 l= 239 cons: SET
2264:d=4 hl=3 l= 236 cons: SEQUENCE
2267:d=5 hl=2 l= 1 prim: INTEGER :01
2270:d=5 hl=2 l= 71 cons: SEQUENCE
2272:d=6 hl=2 l= 66 cons: SEQUENCE
2274:d=7 hl=2 l= 11 cons: SET
2276:d=8 hl=2 l= 9 cons: SEQUENCE
2278:d=9 hl=2 l= 3 prim: OBJECT :countryName
2283:d=9 hl=2 l= 2 prim: PRINTABLESTRING :PL
2287:d=7 hl=2 l= 31 cons: SET
2289:d=8 hl=2 l= 29 cons: SEQUENCE
2291:d=9 hl=2 l= 3 prim: OBJECT :organizationName
2296:d=9 hl=2 l= 22 prim: PRINTABLESTRING :Stunnel Developers Ltd
2320:d=7 hl=2 l= 18 cons: SET
2322:d=8 hl=2 l= 16 cons: SEQUENCE
2324:d=9 hl=2 l= 3 prim: OBJECT :commonName
2329:d=9 hl=2 l= 9 prim: PRINTABLESTRING :localhost
2340:d=6 hl=2 l= 1 prim: INTEGER :00
2343:d=5 hl=2 l= 12 cons: SEQUENCE
2345:d=6 hl=2 l= 8 prim: OBJECT :md5
2355:d=6 hl=2 l= 0 prim: NULL
2357:d=5 hl=2 l= 13 cons: SEQUENCE
2359:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
2370:d=6 hl=2 l= 0 prim: NULL
2372:d=5 hl=3 l= 128 prim: OCTET STRING
