Hello again, I had the following problem: >> I produced a text mail + attachment (file) and signed this file using >> openssl smime sign command. Verifying this output using Outlook produced an >> invalid signature with the error message: message has been tampered with. >> Verifying using openssl (linux) produced a valid result. >> Does anybody know which reason that might have? >> >> I could verify a simple text mail without attachment in Outlook with a valid >> result. Strange ... >>
and Stephen Henson answered: >I've looked at this and it seems like an Outlook issue. If the file being >signed has two end of line sequences (that is LF or CR+LF) at the end the >signature comes out invalid. If it just has one then it is OK. >So I suggest you check the message with attachment to see if it has two >EOLs >at the end, delete one of them, then try signing it again. >Steve. Unfortunately that did not change the outcome of an invalid signature in that case. Now I found out if I produced the beginning mail+attachment with mutt, signed it with OpenSSL and verified this outcoming mail with Outlook then the signature came out valid. Do you have any suggestions, Steve? Would be great because this is really a mystery for me. I don't know where the difference between these two mails might be. I attached the two cases with the complete original header as *.eml. Maybe the transfer-encoding of the attachment in Outlook is not okay?? Thanks a lot Helga
Invalid_Outlook_produced.eml
Description: Binary data
Valid_Mutt_produced.eml
Description: Binary data
