From: owner-openssl-us...@openssl.org On Behalf Of dwipin
Sent: Thursday, 22 November, 2012 23:20
I am trying to develop a java utility based on Bouncy Castle
that should be
able to sign and encrypt data which can later be decrypted
and verified on
the server side (openssl).
Data encrypted by BC gets decrypted fine with Openssl
Data signed by BC gets verified fine with Openssl
But when I sign and encrypt data with BC ... it decrypts fine.
However the output of this decryption when I try to verify,
it fails. I then opened the output of
decryption, removed the first 3 lines from it. These lines were the 2
Headers and a blank line. After this the verification also
went thru fine.
So I am not sure how to avoid these extra headers that gets
passed as input
to openssl verification.
My decrypt and verify is something like this -
openssl smime -decrypt -in $1 -recip $2 -inkey $3 | openssl
smime -verify
-CAfile $4 -out $5
These were the extra lines I deleted -
Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
A blank line
Those are standard MIME (part) headers and SMIME uses MIME headers,
although c-type octet-stream isn't as informative as it could be.
But if those headers are accurate for the related data you should need
-inform der on the smime -verify. Even if those headers are inaccurate
you should need -inform pem after stripping, because the default is
-inform smime which *requires* the headers. Does your decryption output
look like MIME+base64, MIME+binary, or what?
Also, what openssl version are you using? I don't think the defaults have
changed, but I might be mistaken.
If you want plain CMS and not SMIME, BC may well have an option for that,
but I don't have time at the moment to look for it.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org