> From: owner-openssl-us...@openssl.org On Behalf Of dwipin > Sent: Thursday, 22 November, 2012 23:20
> I am trying to develop a java utility based on Bouncy Castle > that should be > able to sign and encrypt data which can later be decrypted > and verified on > the server side (openssl). > > Data encrypted by BC gets decrypted fine with Openssl > Data signed by BC gets verified fine with Openssl > > But when I sign and encrypt data with BC ... it decrypts fine. > However the output of this decryption when I try to verify, > it fails. I then opened the output of > decryption, removed the first 3 lines from it. These lines were the 2 > Headers and a blank line. After this the verification also > went thru fine. > > So I am not sure how to avoid these extra headers that gets > passed as input > to openssl verification. > > My decrypt and verify is something like this -> > openssl smime -decrypt -in $1 -recip $2 -inkey $3 | openssl > smime -verify > -CAfile $4 -out $5 > > These were the extra lines I deleted -> > Content-Type: application/octet-stream > Content-Transfer-Encoding: binary > A blank line > Those are standard MIME (part) headers and SMIME uses MIME headers, although c-type octet-stream isn't as informative as it could be. But if those headers are accurate for the related data you should need -inform der on the smime -verify. Even if those headers are inaccurate you should need -inform pem after stripping, because the default is -inform smime which *requires* the headers. Does your decryption output look like MIME+base64, MIME+binary, or what? Also, what openssl version are you using? I don't think the defaults have changed, but I might be mistaken. If you want plain CMS and not SMIME, BC may well have an option for that, but I don't have time at the moment to look for it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org