Using OpenSSL to verify a FireFox signed form

Hello there,

I have a signature signed using FireFox browser and want to verify the
signature using OpenSSL.

The signature seems to be in PEM format (i.e. base 64 encoded).

I can see the certificates that were used in the signature using:

openssl pkcs7 -print_certs -noout -in signature.pk7

But if I try and verify the signature using (as described in the
OpenSSL command line manual):

openssl smime -verify -inform PEM -in signature.pk7 -signer
signer_pub.key -certfile certs.pem -content content

I get the message:

Verification failure
1319:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify
error:pk7_smime.c:222:Verify error:unable to get local issuer
certificate

I am sure I am nearly there, can anyone help me please ?

Chris...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

On 2005.05.24 at 11:14:08 +0100, Chris Covell wrote:

It asks for local (i.e. trusted) certificate of security authority,
who've issued (i.e. signed) signer's certificate.

Either provide path to the place where your trusted certificates are
stored using -CAfile or -CAdir argument, or specify -noverify to prevent
it from verifying certificate chain.

OpenSSL understands two forms of CA certificate storage

1. CAfile - file where PEM-formatted certificates are just concatenated
2. CAdir - directory where there are individual PEM certificate files
whose names are hashes obtained by openssl x509 -hash command.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Victor, many thanks, I have got a bit further !

> > I am sure I am nearly there, can anyone help me please ?
>
> It asks for local (i.e. trusted) certificate of security authority,
> who've issued (i.e. signed) signer's certificate.
>
> Either provide path to the place where your trusted certificates are
> stored using -CAfile or -CAdir argument, or specify -noverify to prevent
> it from verifying certificate chain.

I am now using this command:

$ openssl smime -verify -inform PEM -in signature.pk7 -CAfile
development_cm.pem  -content content.txt

And I get this output:

content
Verification failure
2788:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:804:
2788:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:265:

It looks like it is all working, just that it is failing verification.
But the content is so simple, that i can't believe that is the problem
! Is the problem CR/LF ? I am signing using FireFox on Windows to sign
but using OpenSSL on Linux to verify.

Any ideas ?

Chris...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

On 2005.05.24 at 14:33:29 +0100, Chris Covell wrote:

Yes, CR/LF can be a problem. Many MTA feel free to convert eol from
CR/LF to LF and vice versa.

Try to play with -text and -crlfeol options of openssl smime.

For us there was more problems with generation of S/MIME messages which pass
all the mail servers on the way to recipient.

Other problem may be with Content-Transfer-Encoding.
Typically S/MIME computes digest of message after applying content-
encoding (such as Quoted-Printable or Base64) and including some mail
headers. If you receive such a message it is better to verify it as
SMIME format message passing it to openssl with all mail headers.

If you've extracted content you might forget to extract those headers
which was included in digest computation.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Victor,

> > $ openssl smime -verify -inform PEM -in signature.pk7 -CAfile
> > development_cm.pem  -content content.txt

> Yes, CR/LF can be a problem. Many MTA feel free to convert eol from
> CR/LF to LF and vice versa.

Yeah, but I am not using an MTA, I am signing the data in FireFox
browser and storing the resultant base64 encoded data in a database.
 
> Try to play with -text and -crlfeol options of openssl smime.

Does not seem to make any difference.

> For us there was more problems with generation of S/MIME messages which pass
> all the mail servers on the way to recipient.

Yeah, I have seen that too.

I can't believe other people have not seen this problem before, i.e.
signing on the client browser and verifying on the server using
OpenSSL !

Chris...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

On Wed, May 25, 2005, Chris Covell wrote:

Have you tried the -binary option too?

I had no problems verifying signatures from the old signText function.

If you look at the PKCS#7 structure using:

openssl asn1parse -in p7.pem

and look for a line with 'messageDigest' and an OCTET STRING following it that
will give you the message digest value the content should be.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Are you exchanging messages between a windows client and a linux server? if
so have you considered the difference in linebreaks?  UNIX and WINDOWS
interpret the "enter to the next line" ascii code in a different way. You
might want to replace the  /\r\n|\r|\n/" sequence (in regex) with "\r\n".

cheers

Meint


----- Original Message -----
From: "Chris Covell" <[hidden email]>
To: <[hidden email]>
Sent: Wednesday, May 25, 2005 3:14 PM
Subject: Re: Using OpenSSL to verify a FireFox signed form


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Hello there, thanks for taking the time to help !

> Have you tried the -binary option too?

Yes I have tried using binary... to no avail !

I have now gone back to basics and writen a short web page that just
asks for a signature and then writes the signature (with -----BEGIN
PKCS7----- header and footer) to a file. The content of the signature
is very simple with no CR/LF.

I use FireFox on a Linux box to sign the form.

I then try to verify the signature using:

openssl smime -verify -binary -inform PEM -in /tmp/sig95552 -CAfile
development_cm.pem -content test_content.txt
 
and get the result:

[chris@internal sbs]$ openssl smime -verify -binary -inform PEM -in
/tmp/sig95552 -CAfile development_cm.pem -content test_content.txt
sign test
Verification failure
20036:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest
failure:pk7_doit.c:804:
20036:error:21075069:PKCS7 routines:PKCS7_verify:signature
failure:pk7_smime.c:265:

> I had no problems verifying signatures from the old signText function.

Did you use the same openssl command as above ?
 
> If you look at the PKCS#7 structure using:
>
> openssl asn1parse -in p7.pem

OK...

> and look for a line with 'messageDigest' and an OCTET STRING following it that
> will give you the message digest value the content should be.

[chris@internal sbs]$ openssl asn1parse -in /tmp/sig95552

---snip---

2916:d=7  hl=2 l=   9 prim: OBJECT            :signingTime
 2927:d=7  hl=2 l=  15 cons: SET
 2929:d=8  hl=2 l=  13 prim: UTCTIME           :050526085914Z
 2944:d=6  hl=2 l=  35 cons: SEQUENCE
 2946:d=7  hl=2 l=   9 prim: OBJECT            :messageDigest
 2957:d=7  hl=2 l=  22 cons: SET
 2959:d=8  hl=2 l=  20 prim: OCTET STRING
 2981:d=5  hl=2 l=  13 cons: SEQUENCE
 2983:d=6  hl=2 l=   9 prim: OBJECT            :rsaEncryption
 2994:d=6  hl=2 l=   0 prim: NULL
 2996:d=5  hl=3 l= 128 prim: OCTET STRING

These are the last few lines, I can see the messageDigest line, how
would I interpret the OCTET STRING ?

I am sure I am missing something here, I am sure this should be simple !

Thanks again for your help.

Chris...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

OK, I have sorted this out ! Thanks for those who have taken the time
to look at my problem. The issue in the end was that vi was putting a
"\n" at the end of my content file.

[chris@internal sbs]$ cat test_content.txt
sign test
[chris@internal sbs]$ hexdump -c test_content.txt
0000000   s   i   g   n       t   e   s   t  \n
000000a

So if I made sure that the content that was signed also had a "\n"
character it verified fine.

[chris@internal sbs]$ openssl smime -verify -inform PEM -in
/tmp/sig151839 -CAfile development_cm.pem -content test_content.txt
sign test
Verification successful

Many thanks

Chris...
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

 

I just sucesfully compiled library for ARM using evc4.0 compiler. Here
is what I had to do:

1. in C:\Program Files\Microsoft eMbedded C++ 4.0\EVC\wce420\bin I had
to change WCEARMV4.BAT so that set TARGETCPU=ARM instead of ARMV4

2. compiler reported internal error in
openssl-0.9.7d\crypto\rc2\rc2_skey.c
I had to add this line: ";ki = &c;" before "ki= &(key->data[63]);"
doesn't make sense but compiler was crashing in ki= &(key->data[63]);

3. rand\rand_win.c
#if defined(OPENSSL_SYS_WINCE) && (WCEPLATFORM!=MS_HPC_PRO) - error was
changed to
#if defined(OPENSSL_SYS_WINCE)
#if defined(WCEPLATFORM) && defined(MS_HPC_PRO)
#if (WCEPLATFORM!=MS_HPC_PRO)
with corespodning endifs

4. apps/apps.c had following code at 3 places
        if (stat(dbfile,&sb) < 0)
                {
                if (errno != ENOENT
#ifdef ENOTDIR
                        && errno != ENOTDIR)
#endif
                        goto err;
                }

 so if ENOTDIR was not defined ) was missing so it was changed to:
        if (stat(dbfile,&sb) < 0)
                {
                if (errno != ENOENT
#ifdef ENOTDIR
                        && errno != ENOTDIR
#endif
                        )         // PARENTHESIS is outside if def
                        goto err;
                }


regards
  Milan

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.322 / Virus Database: 266.11.17 - Release Date: 5/25/2005
 

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]