Hi Stephen, What exactly does it mean? Does it mean that the wrong digest was signed? If so what is with the correct digest that is also present in the pkcs7 file?
Dr. Stephen Henson wrote: > > That particular failure is caused by the digest contained explicitly in the > PKCS #7 structure not matching the calculated value. > > If you do: > > openssl sha1 content > > then > > openssl asn1parse -inform DER -in sig > > You should see something like: > > 730:d=7 hl=2 l= 9 prim: OBJECT :messageDigest > 741:d=7 hl=2 l= 22 cons: SET > 743:d=8 hl=2 l= 20 prim: OCTET STRING [HEX > DUMP]:7AA2461C5ED26B8A3B7CADF3435D8A068A2C2758 > > The actual offsets at the start don't matter it's the OCTET STRING after > messageDigest which is of interest. That is the explicit message digest of the > content. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
