On Tue, Aug 28, 2012, GWu wrote: > On Mon, Aug 27, 2012 at 10:50 PM, Dr. Stephen Henson wrote: > > On Mon, Aug 27, 2012, GWu wrote: > >> The email is available at > >> http://www.buergerkarte.at/mvnforum/mvnforum/viewthread_thread,272#1180 > >> (German language forum, but the email - or it's significant parts > >> respectively - is easily visble). > >> > > > > Well I'm not surprised Thunderbird and OpenSSL has problems with that. The > > signature is malformed. It should contain the digest enclosed in an ASN1 > > structure called DigestInfo but it isn't: it just contains the raw digest. > > Can you give me a hint where to find DigestInfo or the offending raw > digest in the result of asn1parse? I can spot messageDigest, which is > shown as: > > 3957:d=7 hl=2 l= 9 prim: OBJECT :messageDigest > 3968:d=7 hl=2 l= 22 cons: SET > 3970:d=8 hl=2 l= 20 prim: OCTET STRING [HEX > DUMP]:38BA6AE720F09EFFB46BC8859293743DD13EDBF0 > > But this looks very similar in a message which verifies successfully. > The asn1parse output of another, successfully verified signature also > does not contain "DigestInfo". > > Is DigestInfo a structure inside messageDigest in asn1parse output? If > yes, is there a way to display it in structured/readable form? Or did > you mean that the content inside of messageDigest is not encoded > properly? > > Thanks for any advice and please excuse my beginner's questions, I'm > trying to get a grip on these things ...
Firsty you need to extract the signer certificate. You can use the smime utility for this by turning off all verification: openssl smime -verify -in message -noverify -nosigs -signer s.pem Then extract the final signature in binary form: in the asn1parse output look for the final OCTET STRING and note its offset (number before the :). Then do: openssl asn1parse -in message -strparse 4440 -noout -out sig.der Where you change 4440 for the right value if you use a different message. Then you do: openssl rsautl -verify -certin -inkey s.pem -in sig.der -hexdump The result should look like this: 0000 - ba 80 69 57 62 78 03 d4-57 3c 93 83 b9 86 f1 5a ..iWbx..W<.....Z 0010 - 35 23 58 3d This isn't a proper DigestInfo structure at all it's just presumably the raw SHA1 hash (as you can see from its length: 20 bytes). A proper DigestInfo would have the initial byte 0x30 (SEQUENCE tag). You could use the -asn1parse option to rsautl instead of -hexdump on a correct signature. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org