Reputation: 123
Openssl command line fails to verify detached smime signature created moments earlier
I'm using the command line interface of openssl 1.0.1b on OSX 10.6.
First I create a DSA key.
openssl dsaparam -noout -out privatekey.pem -genkey 1024
Next i create a self-signed certificate from that key.
openssl req -new -outform PEM -out certificate.pem -key privatekey.pem -keyform PEM -sha1 -x509 -days 1000
Next i use that certificate and key in order to create a detached smime signature of a file.
openssl smime -sign -in file.zip -out file.zip.signature -outform DER -inkey privatekey.pem -signer certificate.pem
Finally I immediately try to verify that same file/signature*
openssl smime -verify -in file.zip.signature -inform DER -content file.zip -noverify certificate.pem > /dev/null
But somehow I get a digest failure.
PKCS7 routines:PKCS7_signatureVerify:digest failure:pk7_doit.c:1097:
PKCS7 routines:PKCS7_verify:signature failure:pk7_smime.c:410
Nothing is changing the file, manual md5 hashes match before and after, yet somehow the signature digest is failing. Does anyone have any clue as to what i'm doing wrong?
Thanks.
`* Note that -noverify is used to tell openssl to not warn me about the certificate being self-signed
Upvotes: 4
Views: 5125
Answers (1)
Reputation: 123
I've figured out the issue.
Because I didn't use the -binary flag openssl was transforming \n in the input file to \r\n
Upvotes: 3
Related Questions
- How to verify a file and a p7s detached signature with openssl?
- openssl cms -verify doesn't work with external certificate
- Openssl refuses to verify signature
- OpenSSL: PKCS7, verification failure, checksum of payload in PEM?
- Cannot verify openssl smime verify over SSH
- Data verification with openssl smime fails
- openssl verify signature error, but command line tools is ok
- Extract public Certificate from SMIME Message (pkcs7-signature) with OpenSSL
- Why does verify smime signature fail?
- pkcs7-signature message