I am implementing a two-party messages exchange system based on CMS for Liberté Linux (http://dee.su/liberte).
The command-line argument "-md" to "openssl cms -sign_receipt" is apparently ignored, and the default digest algorithm (SHA-1 in my tests) is used instead. In addition, the "-noattr" argument has the same effect as "-nosmimecap", apparently leaving some unnecessary attributes (like signing time) - contrary to the manual. Also, the last option marker "-" for "openssl verify" doesn't work, contrary to the man page (perhaps the manual should be fixed). The version is OpenSSL 1.0.0a on Gentoo Linux. The script I use can be seen here: https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/cable . Incidentally, I will be glad for some critical peer-review. * ${certdir} contains user's certificates, and ${msgdir} contains untrusted certificates fetched from the other end * The principle is described briefly in the first section at at http://dee.su/liberte-security * The initial communication protocol description is at https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/doc/cable.txt * Certificates generation is performed in https://liberte.svn.sourceforge.net/svnroot/liberte/trunk/liberte/src/home/anon/bin/gen-anon-username . Thanks, Maxim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
