Hi,
I am trying to use openssl to sign documents and store detached
signatures in PKCS7 format.
First, I sign the document :
openssl smime -sign -in document.txt -out document.txt.sign -signer
certs/jcr.crt -certfile certs/ca.crt -inkey private/jcr.key
When I check the signature, it is OK :
openssl smime -verify -CAfile certs/ca.crt -in document.txt.sign
/dev/null
Verification successful
Then I create a PKCS7 structure :
openssl smime -pk7out -in document.txt.sign -out document.txt.pkcs7
But the verification fails :
openssl smime -verify -CAfile certs/ca.crt -inform PEM -content
document.txt -in document.txt.pkcs7 /dev/null
Verification failure
30871:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:928:
30871:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:299:
Somebody has an idea of what is wrong ?
Thanks,
Jean-Claude
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]