On Mon, Aug 27, 2012, GWu wrote: > Hello, > > I'm trying to verify an email signature using openssl. > > I've saved the complete mail to a file named mail.eml, then I'm using > openssl to verify: > > openssl smime -inform SMIME -CAfile all.pem -verify -in mail.eml > > which gives an error: > > 2674688:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:1319: > 2674688:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested > asn1 error:tasn_dec.c:381:Type=X509_SIG > 2674688:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature > failure:pk7_doit.c:1120: > 2674688:error:21075069:PKCS7 routines:PKCS7_verify:signature > failure:pk7_smime.c:410: > > Now I've also saved the base64 encoded signature only from the mime > part into a separate file named mail_sig.txt to analyse further: > > openssl asn1parse -i -in mail_sig.txt > > which runs ok (at least there is no error shown) and prints out a nice > tree, which at least to me does not show any errors (I'm a novice in > this...). > > I'm using OpenSSL Version 1.0.1 14 Mar 2012 > > Any advice what may be wrong with the signature or how verify it in > openssl? If needed, I can upload the e-mail or complete asn1parse > output to pastebin or similar. >
It sounds like the signature is malformed. That wouldn't cause problems with asn1parse but would when OpenSSL tried to verify it. I'd need to see the email to be sure though. > > PS: I have to note that the complete story is longer: the email > signature verifies fine in MS Outlook, but not in Thunderbird, so I > tried to analyse this behavior and stumbled over the fact that openssl > also has troubles verifying it. And Thunderbird most probably uses > openssl libraries internally, so I've ended up here. Thunderbird doesn't use OpenSSL it uses its own cryptographic library called NSS. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
