On Tue, Dec 16, 2003, [EMAIL PROTECTED] wrote: > > Steve, > > thanks for the reply. I agree that I will need to be able to verify the > signer's cert chain. If by signer you mean the CA and trusted root that > signed the end entity cert. However, currently I am unable to parse the P7 > object to be able to see any meaningful information and using the smime > command suggested failed with the following error. > > C:\OpenSSL\bin>OPENSSL smime -verify -inform der -in > "a:\p7-sig-object-ascii.txt" -CAfile "A:\cafile-PEM.CER" > Error reading S/MIME message > 303:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:.\crypto\asn1\tasn_dec.c:939: > 303:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 > error:.\crypto\asn1\tasn_dec.c:304:Type=PKCS7 >
You'll need the binary form of the signature as input to that command. Its filename suggests it's ASCII :-) Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
