Hi,
I'm asking you because we at the Ruby talk mailling list are stuck
with this problem (http://www.ruby-forum.com/topic/176646)
As Ruby OpenSSL is just a wrapper around the SSL functions I'd like to
get it on with openssl command line interface first.
Maybe I'm understanding a lot of basic things wrong, too. Please
correct me when I'm wrong.
How can I sign a PDF document to get a detached signature in p7s
format which was created by the usage of a private key, a certificate
and SHA512 for hashing?
1. I created a private key and a certificate with OpenSSL
openssl genrsa -out key.pem 1024
openssl req -new -key key.pem -x509 -days 365 -out crt.pem
Now I know that I can sign a hash of file with my private key (I'm
using SHA1 because it seems that SHA512 is not compiled into OpenSSL
on Mac OS X):
openssl dgst -sha1 -sign key.pem -out test.sha512 test.txt
As reading the man pages I found openssl smime... so I gave this a try:
openssl smime -sign -in test.txt -text -out test.signed -signer
crt.pem -inkey key.pem
This actually somehow invokes my desired pkcs7 stuff... so I went on
to investigate on openssl pkcs7
pkcs7 [options] <infile >outfile
where options are
-inform arg input format - DER or PEM
-outform arg output format - DER or PEM
-in arg input file
-out arg output file
-print_certs print any certs or crl in the input
-text print full details of certificates
-noout don't output encoded data
-engine e use engine e, possibly a hardware device.
Where to specify my data, my key and my cert? Or do I need to
somethings else before? I'm quite sure... but as you can see, I'm
stuck. That brings me back to my question:
How can I sign a PDF document to get a detached signature in p7s
format which was created by the usage of a private key, a certificate
and SHA512 for hashing?
And… is this right when I say:
A "p7s" file is a file containing just the detached signature.
A "pkc7s" file is a file containing both the data and the signature.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org