Re: verify a pdf document with a pkcs7 signature
On Sat, Feb 02, 2008 at 08:33:40PM +0100, Sebastian Patschorke wrote: > I don't know how to use openssl, that it verifies me a signature for a > pdf document. This is what I tried: > > openssl smime -verify -in RGF131361240.pdf -signer 799562928.crt -out > RGF131361240.pdf.pkcs7 Why "smime". A PDF document is not a mime message. Try "openssl dgst" instead, but you need a detached signature for that. If PDF files have a way of encapsulating signed content, you need specialized tools to verify those signatures. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: verify a pdf document with a pkcs7 signature
On Sat, Feb 02, 2008, Sebastian Patschorke wrote: > Hello! > > I don't know how to use openssl, that it verifies me a signature for a pdf > document. This is what I tried: > > openssl smime -verify -in RGF131361240.pdf -signer 799562928.crt -out > RGF131361240.pdf.pkcs7 > > RGF131361240.pdf is the original document, RGF131361240.pdf.pkcs7 the > signature and 799562928.crt contains the certificate. > > I got only this: > Error reading S/MIME message > 28968:error:2107A087:PKCS7 routines:SMIME_read_PKCS7:no content > type:pk7_mime.c:296 > > Can someone please help me? > Thanks > If the *.pkcs7 file is in binary format this would be a starting point: openssl smime -verify -in foo.pkcs7 -content foo.pdf -inform DER -binary that will probably complain about being unable to find the issuer certificate. For testing purposes you can include the -noverify option which will tell you it has otherwise checked the signature. If that works you need to trust the appropriate root CA(s) and pass them to it using the -CAfile or -CApath options. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
