On Mon, Feb 23, 2009, Jan F. Schnellbaecher wrote: > Hi Stephen, > > What exactly does it mean? Does it mean that the wrong digest was signed? If > so > what is with the correct digest that is also present in the pkcs7 file? >
No it means that the service is an RFC3161 time stamp which OpenSSL doesn't currently support. You can perform limited verification of these using the smime command line utility for example... openssl smime -verify -inform DER -out ts.der -in timstamp -noverify will verify the integrity of the timestamp though you could avoid -noverify and include the correct CA. The "ts.der" file will contain details of the object being timestamped. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
