On Wed, May 25, 2005, Chris Covell wrote: > Victor, > > > > $ openssl smime -verify -inform PEM -in signature.pk7 -CAfile > > > development_cm.pem -content content.txt > > > Yes, CR/LF can be a problem. Many MTA feel free to convert eol from > > CR/LF to LF and vice versa. > > Yeah, but I am not using an MTA, I am signing the data in FireFox > browser and storing the resultant base64 encoded data in a database. > > > Try to play with -text and -crlfeol options of openssl smime. > > Does not seem to make any difference. > > > For us there was more problems with generation of S/MIME messages which pass > > all the mail servers on the way to recipient. > > Yeah, I have seen that too. > > I can't believe other people have not seen this problem before, i.e. > signing on the client browser and verifying on the server using > OpenSSL ! >
Have you tried the -binary option too? I had no problems verifying signatures from the old signText function. If you look at the PKCS#7 structure using: openssl asn1parse -in p7.pem and look for a line with 'messageDigest' and an OCTET STRING following it that will give you the message digest value the content should be. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
