PKCS7 signature verification fails

Jean-Claude Repetto Wed, 07 Feb 2007 06:09:34 -0800

Hi,

I am trying to use openssl to sign documents and store detached
signatures in PKCS7 format.
First, I sign the document :
     openssl smime -sign -in document.txt -out document.txt.sign -signer
certs/jcr.crt -certfile certs/ca.crt -inkey private/jcr.key


When I check the signature, it is OK :
     openssl smime -verify -CAfile certs/ca.crt -in document.txt.sign
>/dev/null
         Verification successful

Then I create a PKCS7 structure :
     openssl smime -pk7out -in document.txt.sign -out document.txt.pkcs7

But the verification fails :
     openssl smime -verify -CAfile certs/ca.crt -inform PEM -content
document.txt -in document.txt.pkcs7 >/dev/null
        Verification failure
        30871:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:928:
        30871:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:299:

Somebody has an idea of what is wrong ?

Thanks,
Jean-Claude
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

PKCS7 signature verification fails

Reply via email to