CMS_verify provides empty output

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

CMS_verify provides empty output

RudyAC
Hello,

when verifying  a signed email with CMS_verify() the verification failed.
That is not the main problem.
My problem is that the out data is empty. Using the library I got following
error:

OpenSSL Error code all:    <772382878d>
OpenSSL Error code lib:    <46d>
OpenSSL Error code func:   <154d>
OpenSSL Error code reason: <158d>
OpenSSL Error: error:2E09A09E:CMS
routines:CMS_SignerInfo_verify_content:verification failure

The mail body is base64 encoded.

When verifying the email on console with "openssl cms -verify" there is no
message output, only the error
message :

Verification failure
47883249174256:error:04091068:rsa routines:INT_RSA_VERIFY:bad
signature:rsa_sign.c:278:
47883249174256:error:2E09809E:CMS
routines:CMS_SignerInfo_verify:verification failure:cms_sd.c:775:

Any hints are welcome

Best regards
RudyAC




--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: CMS_verify provides empty output

OpenSSL - User mailing list
On 10/10/2018 13:55, RudyAC wrote:

> Hello,
>
> when verifying  a signed email with CMS_verify() the verification failed.
> That is not the main problem.
> My problem is that the out data is empty. Using the library I got following
> error:
>
> OpenSSL Error code all:    <772382878d>
> OpenSSL Error code lib:    <46d>
> OpenSSL Error code func:   <154d>
> OpenSSL Error code reason: <158d>
> OpenSSL Error: error:2E09A09E:CMS
> routines:CMS_SignerInfo_verify_content:verification failure
>
> The mail body is base64 encoded.
>
> When verifying the email on console with "openssl cms -verify" there is no
> message output, only the error
> message :
>
> Verification failure
> 47883249174256:error:04091068:rsa routines:INT_RSA_VERIFY:bad
> signature:rsa_sign.c:278:
> 47883249174256:error:2E09809E:CMS
> routines:CMS_SignerInfo_verify:verification failure:cms_sd.c:775:
>
> Any hints are welcome
The general assumption in OpenSSL is that if the signature is
invalid, the contents is probably fake,false or invalid, and
thus unwanted.

This is generally true in cryptography, but for actual e-mail
applications it may very well be desired to allow the user to
ignore signature verification failures.  If so, one could combine
allowing the mail software to access the MIME message normally (as
if the signature was some unknown MIME part) with a meaningful
(human readable) form of the actual error message from verification
(there is more than one way the verification can fail, and the
desired human response would often differ).

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users