I'm experimenting with openssl/gnupg interoperability. It seems the
least common multiple is cms. I didn't find a way to produce output
with opengpg to work with 'openssl dgst' directly. Am I wrong, is
there a simpler way?
$ gpgsm --disable-crl-checks --verify somefile.sig somefile
gpgsm: Signature made 2017-05-15 14:44:36 using certificate ID 0x5F7C51D8
gpgsm: invalid signature: message digest attribute does not match computed one
COMPARING ASN1 output:
I parsed the signatures using asn1parse, then compared the outputs:
$ openssl asn1parse -in somefile.sig
> Hi list,
> I'm experimenting with openssl/gnupg interoperability. It seems the
> least common multiple is cms. I didn't find a way to produce output
> with opengpg to work with 'openssl dgst' directly. Am I wrong, is
> there a simpler way?
> The :messageDigest hash codes are the same for detached/non-detached
> but the :rsaEncryption differ (salt, timestamp?) The messageDigest
> does not match the output from sha256sum
> Repeating the some for the gpgsm genarated signatures, I can see that
> the messageDigest matches directly the output of sha256sum.
> So openssl cms/gpgsm compute the sha256sum differently in the detached case.
> Is there a hidden flag to make either tool behave like the other?
Look at the documentation of the openssl cms "-inform SMIME",
"-outform SMIME" and "-binary" options.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded