On Sat, Feb 21, 2009, Jan F. Schnellbaecher wrote: > Hi, > > I try to verify a signature made by time.certum.pl. This is what I did: I > obtain > a pkcs7 signature using wget. When I look into the binary data that will be > returned I can find the given sha1 checksum, but the verification fails. > > 1) What did I miss? > 2) How can I extract the signed attributes from the pkcs7 data? > > $ openssl sha1 openssl-0.9.8h.tar.gz > SHA1(openssl-0.9.8h.tar.gz)= ced4f2da24a202e01ea22bef30ebc8aee274de86 > > $ wget http://time.certum.pl/?sha1=ced4f2da24a202e01ea22bef30ebc8aee274de86 > => `index.h...@sha1=ced4f2da24a202e01ea22bef30ebc8aee274de86' > > $ mv index.ht...@sha1\=ced4f2da24a202e01ea22bef30ebc8aee274de86 sig > > $ openssl.exe smime -verify -inform DER -in sig -content openssl-0.9.8h.tar.gz > -noverify -out c.tar.gz > Verification failure > 3776:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest > failure:pk7_doit > .c:948: > 3776:error:21075069:PKCS7 routines:PKCS7_verify:signature > failure:pk7_smime.c:31 > 2: >
Try including the -binary switch. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
