Rory Vieira wrote:
Hi,Thanks to Ted I have created a very safe backup system that uses des3 encryption, and certificate encryption of the des3 key.
See below for the "very safe" part... ;)
Hmm, it looks like signing and encryption in one go is not supported with the smime application. Obviously this command only signs the data and does base64 output! I usually use two commands, first "smime -sign" then "smime -encrypt". This way mailers show the message correctly. In your setting it would probably be better to first encrypt and then sign.I was testing out the OpenSSL suite, and was trying to add a signature to the encrypted key file (to make sure it encrypting it). I am using the following command to encrypt/sign: openssl smime -encrypt -des3 -sign -nodetach -signer filename.pem filename.crt <infile >outfile
Where filename.pem is the pem file of the signer (containing both private and public key) and filename.crt is the public key of the recipient. I am trying to verify the signature with: openssl smime -verify -CAfile filename.pem <infile >outfile Where filename.pem contains the complete public certificate chain of the signer. Now the last command looks good, and it claims verification is succesfull, but it outputs the decrypted message too. How is this possible? I didn't have ANY private key available to the last command... I hope someone can elaborate on this... Cheers, Rory
Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
