Re: EVP Envelope PKI Confusion...

[Jean-Claude Repetto]

Usman Riaz wrote :


I want to use PKI to encrypt some data and send it to the 
customer to be decrypted. With my limitied knowledge about PKI, the data 
can be encrypted using private key and then lateron that 
encrypted data could be decrypted with the public key. 


No, you encrypt the data using the public key of the customer, and the 
customer will decrypt it using its private key.



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

PKCS7 signature verification fails

[Jean-Claude Repetto]

Hi,

I am trying to use openssl to sign documents and store detached
signatures in PKCS7 format.
First, I sign the document :
 openssl smime -sign -in document.txt -out document.txt.sign -signer
certs/jcr.crt -certfile certs/ca.crt -inkey private/jcr.key

When I check the signature, it is OK :
 openssl smime -verify -CAfile certs/ca.crt -in document.txt.sign
/dev/null
 Verification successful

Then I create a PKCS7 structure :
 openssl smime -pk7out -in document.txt.sign -out document.txt.pkcs7

But the verification fails :
 openssl smime -verify -CAfile certs/ca.crt -inform PEM -content
document.txt -in document.txt.pkcs7 /dev/null
Verification failure
30871:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:928:
30871:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:299:

Somebody has an idea of what is wrong ?

Thanks,
Jean-Claude
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]