Signature verification problem

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Signature verification problem

Peter BENKO,VSE IT Sluzby,+421-55-610-2045,+421-903-855532
I have problem with signature verification:

When I try to verify the SMIME signed message (hello.txt.p7m - see
attachment) with the command:
openssl smime -verify -in hello.txt.p7m -inform DER -CAfile ca-bundle.crt -out /dev/null

I obtain the following error message:
Verification failure
12491:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:326:

... but signer certificate is inside of the SMIME message (together with
the certificate of Certificate authority). It is possible to verify
with:

openssl smime -pk7out -in hello.txt.p7m -inform DER -out a.pem
openssl pkcs7 -in a.pem -print_certs
... and you'll see both certificates

So why it's not possible to verify the signature?

Peter Benko

hello.txt.p7m (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Signature verification problem

Dr. Stephen Henson
On Tue, Aug 09, 2005, Peter BENKO,VSE IT Sluzby,+421-55-610-2045,+421-903-855532 wrote:

> I have problem with signature verification:
>
> When I try to verify the SMIME signed message (hello.txt.p7m - see
> attachment) with the command:
> openssl smime -verify -in hello.txt.p7m -inform DER -CAfile ca-bundle.crt -out /dev/null
>
> I obtain the following error message:
> Verification failure
> 12491:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:326:
>
> ... but signer certificate is inside of the SMIME message (together with
> the certificate of Certificate authority). It is possible to verify
> with:
>
> openssl smime -pk7out -in hello.txt.p7m -inform DER -out a.pem
> openssl pkcs7 -in a.pem -print_certs
> ... and you'll see both certificates
>
> So why it's not possible to verify the signature?
>

Verifies fine here using OpenSSL. What version/platform are you using?

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Signature verification problem

Peter BENKO,VSE IT Sluzby,+421-55-610-2045,+421-903-855532
On Tue, Aug 09, 2005 at 08:54:44PM +0200, Dr. Stephen Henson wrote:

> On Tue, Aug 09, 2005, Peter BENKO,VSE IT Sluzby,+421-55-610-2045,+421-903-855532 wrote:
>
> > I have problem with signature verification:
> >
> > When I try to verify the SMIME signed message (hello.txt.p7m - see
> > attachment) with the command:
> > openssl smime -verify -in hello.txt.p7m -inform DER -CAfile ca-bundle.crt -out /dev/null
> >
> > I obtain the following error message:
> > Verification failure
> > 12491:error:2107C080:PKCS7 routines:PKCS7_get0_signers:signer certificate not found:pk7_smime.c:326:
> >
> > ... but signer certificate is inside of the SMIME message (together with
> > the certificate of Certificate authority). It is possible to verify
> > with:
> >
> > openssl smime -pk7out -in hello.txt.p7m -inform DER -out a.pem
> > openssl pkcs7 -in a.pem -print_certs
> > ... and you'll see both certificates
> >
> > So why it's not possible to verify the signature?
> >
>
> Verifies fine here using OpenSSL. What version/platform are you using?
Thank you very much. I realized that OpenSSL 0.9.7e is not able to
verify this signature and OpenSSL 0.9.7f is.

The reason was in wrong encoding (PRINTABLESTRING, UTF8STRING) of
certificates.

>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]