[openssl-users] help with timestamping
Alex Samad
alex at samad.com.au
Thu Apr 21 04:44:44 UTC 2016
Okay thats good. so I am on the right track
thanks
On 19 April 2016 at 14:29, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 19/04/2016 05:55, Alex Samad wrote:
>>
>> Hi
>>
>> I have a SHA.sha file
>>
>> /usr/bin/openssl ts -query -data SHA.sha -sha256 | /usr/bin/curl -s -H
>> Content-Type:application/timestamp-query --data-binary @-
>> http://sha256timestamp.ws.symantec.com/sha256/timestamp > SHA.sha.tsr
>>
>> /usr/bin/openssl ts -reply -in SHA.sha.tsr -text > SHA.sha.ts.txt
>>
>>
>> cat SHA.sha.ts.txt
>> Status info:
>> Status: Granted.
>> Status description: unspecified
>> Failure info: unspecified
>>
>> TST info:
>> Version: 1
>> Policy OID: 2.16.840.1.113733.1.7.23.3
>> Hash Algorithm: sha256
>> Message data:
>> 0000 - 8c 6d 95 5b e0 cd 8b c9-df 8c ab 57 45 c4 69 e6
>> .m.[.......WE.i.
>> 0010 - 7a b9 ce cb 14 8f 55 25-91 2e 57 37 3e 5c b8 d5
>> z.....U%..W7>\..
>> Serial number: 0x570B9C3A11CA318E2478D3680C0FEFD9238E06AB
>> Time stamp: Apr 19 03:52:25 2016 GMT
>> Accuracy: 0x1E seconds, unspecified millis, unspecified micros
>> Ordering: no
>> Nonce: 0x580E59D87F396B25
>> TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust
>> Network/CN=Symantec SHA256 TimeStamping Signer - G1
>> Extensions:
>>
>>
>> But when I go to verify it
>>
>> openssl ts -verify -data SHA.sha -in SHA.sha.tsr
>> Verification: FAILED
>> 140569777235784:error:2107C080:PKCS7
>> routines:PKCS7_get0_signers:signer certificate not
>> found:pk7_smime.c:476:
>>
>> is this because I didn't provide a cert to sign it with ?
>
> No, it is because it cannot find the certificate that Symantec
> used to sign the response, specifically the certificate with
> Subject name "/C=US/O=Symantec Corporation/OU=Symantec Trust
> Network/CN=Symantec SHA256 TimeStamping Signer - G1".
>
> I am kind of disappointed in how little detail is included in
> the output from ts -reply -text, I expected it to output all
> the fields, similar to what other openssl commands do when
> passed the -text option.
>
> So I guess the next step would be to dump SHA.sha.tsr using
> Peter Gutmann's dumpasn1.c program, something like
>
> openssl base64 -d -in SHA.sha.tsr -out SHA.sha.tsr.bin
> dumpasn1 -v SHA.sha.tsr.bin
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list