S/MIME attributes

Tue, 23 Aug 2011 07:18:59 -0700 

I'm trying to create a pkcs#7 detached signature with openssl.
When using this command:
openssl smime -signer signer.cer -inkey key.pem  -sign -in file

I get a signature, which is slightly different from what I expect.

I analysed the signature with the signature created by other tool, and only one 
part is different when created by openssl.

I get
  785:d=5  hl=3 l= 177 cons: cont [ 0 ]
  788:d=6  hl=2 l=  24 cons: SEQUENCE
  790:d=7  hl=2 l=   9 prim: OBJECT            :contentType
  801:d=7  hl=2 l=  11 cons: SET
  803:d=8  hl=2 l=   9 prim: OBJECT            :pkcs7-data
  814:d=6  hl=2 l=  28 cons: SEQUENCE
  816:d=7  hl=2 l=   9 prim: OBJECT            :signingTime
  827:d=7  hl=2 l=  15 cons: SET
  829:d=8  hl=2 l=  13 prim: UTCTIME           :110823132456Z
  844:d=6  hl=2 l=  35 cons: SEQUENCE
  846:d=7  hl=2 l=   9 prim: OBJECT            :messageDigest
  857:d=7  hl=2 l=  22 cons: SET
  859:d=8  hl=2 l=  20 prim: OCTET STRING      [HEX 
DUMP]:356A192B7913B04C54574D18C28D46E6395428AB
  881:d=6  hl=2 l=  82 cons: SEQUENCE
  883:d=7  hl=2 l=   9 prim: OBJECT            :S/MIME Capabilities
  894:d=7  hl=2 l=  69 cons: SET
  896:d=8  hl=2 l=  67 cons: SEQUENCE
  898:d=9  hl=2 l=  10 cons: SEQUENCE
  900:d=10 hl=2 l=   8 prim: OBJECT            :des-ede3-cbc
  910:d=9  hl=2 l=  14 cons: SEQUENCE
  912:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  922:d=10 hl=2 l=   2 prim: INTEGER           :80
  926:d=9  hl=2 l=  13 cons: SEQUENCE
  928:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  938:d=10 hl=2 l=   1 prim: INTEGER           :40
  941:d=9  hl=2 l=   7 cons: SEQUENCE
  943:d=10 hl=2 l=   5 prim: OBJECT            :des-cbc
  950:d=9  hl=2 l=  13 cons: SEQUENCE
  952:d=10 hl=2 l=   8 prim: OBJECT            :rc2-cbc
  962:d=10 hl=2 l=   1 prim: INTEGER           :28

While I need:

  785:d=5  hl=2 l= 108 cons:      cont [ 0 ]        
  787:d=6  hl=2 l=  24 cons:       SEQUENCE          
  789:d=7  hl=2 l=   9 prim:        OBJECT            :contentType
  800:d=7  hl=2 l=  11 cons:        SET               
  802:d=8  hl=2 l=   9 prim:         OBJECT            :pkcs7-data
  813:d=6  hl=2 l=  35 cons:       SEQUENCE          
  815:d=7  hl=2 l=   9 prim:        OBJECT            :messageDigest
  826:d=7  hl=2 l=  22 cons:        SET               
  828:d=8  hl=2 l=  20 prim:         OCTET STRING      [HEX 
DUMP]:E91FE173F59B063D620A934CE1A010F2B114C1F3
  850:d=6  hl=2 l=  43 cons:       SEQUENCE          
  852:d=7  hl=2 l=  11 prim:        OBJECT            
:id-smime-aa-signingCertificate
  865:d=7  hl=2 l=  28 cons:        SET               
  867:d=8  hl=2 l=  26 cons:         SEQUENCE          
  869:d=9  hl=2 l=  24 cons:          SEQUENCE          
  871:d=10 hl=2 l=  22 cons:           SEQUENCE          
  873:d=11 hl=2 l=  20 prim:            OCTET STRING      [HEX 
DUMP]:6888388117BAE26642AEB2F13044144902C5F28B


It looks like I need to add "id-smime-aa-signingCertificate" attribute instead 
of "S/MIME Capabilities" and "signingTime" which I get.
Is there any way to add attributes in openssl smime command?
Or in some other way?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to