CODEWITHSUNDEEP
openssldigital-signaturebouncycastlex509
Clint
Clint

Reputation: 43

OpenSSL signature verification and certificate usage

I am using Bouncy Castle java classes (1.5) to generate encrypted/signed CMS messages. These will be delivered as email attachments.
The recipients will verify the messages prior to decryption, using OpenSSL command line on Windows. I've run into an issue that surprises me. Bouncy Castle seems to not care at all about the "usage" settings on the signing certificate. The one I am testing with is a client and server authentication certificate which obviously isn't right. However, when verifying, OpenSSL is complaining that the certificate usage is improper (which seems strange (late) to get at verification-time, but never mind) I get the following message: Verification failure 24188:error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error:.\crypto\cms\cms_smime.c:304:Verify error:unsupported certificate purpose

If I include the " -no_signer_cert_verify" option, all works fine ( I don't need to include a CAfile in this case either). The OpenSSL docs seem to indicate that cert usage is not honored, unless you turn on "-purpose". So, I'm puzzled why the usage issue is arising, and don't want to drop path validation of the signing cert just to get around it. (The obvious solution of using certs with proper usage sounds great, but, trust me, in this case I may not always be able to force that since not all parties to these exchanges will be able to reliably do that). Any ideas out there?

Upvotes: 2

Views: 3450

Answers (1)

Konstantin Shemyak
Konstantin Shemyak

Reputation: 2527

However, when verifying, OpenSSL is complaining that the certificate usage is improper (which seems strange (late) to get at verification-time, but never mind) I get the following message: Verification failure 24188:error:2E099064:CMS routines:CMS_SIGNERINFO_VERIFY_CERT:certificate verify error:.\crypto\cms\cms_smime.c:304:Verify error:unsupported certificate purpose

That's because OpenSSL considers only certain combinations of X.509v3 extensions to be "valid" for verifying CMS structures:

  • If the Key Usage extension is present, then it must include the digitalSignature bit.
  • If the Extended Key Usage extension is present, then it must include email protection OID.

This is how OpenSSL treats the extensions; while meaningful, these rules are not mandated by any standard. They belong to certificate-related policies, and OpenSSL has selected this non-trivial policy as their default. Here is some background information and sample code. You might wish to check the policy to which the signing/verification must comply in your case.

Upvotes: 1

Related Questions