[openssl-users] help with timestamping
Alex Samad
alex at samad.com.au
Fri Apr 22 22:54:38 UTC 2016
Here is a dump.
I can see the CN - but I could see that before.
There is also a RSA - maybe a signature or maybe is the public key for the cert.
I would expect to see some signed data (sha + symantec cert + time)
and also the public cert ( and maybe the intermediaries..)
<30 82 03 AB>
0 939: SEQUENCE {
<30 03>
4 3: SEQUENCE {
<02 01>
6 1: INTEGER 0
: }
<30 82 03 A2>
9 930: SEQUENCE {
<06 09>
13 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
: (PKCS #7)
<A0 82 03 93>
24 915: [0] {
<30 82 03 8F>
28 911: SEQUENCE {
<02 01>
32 1: INTEGER 3
<31 0D>
35 13: SET {
<30 0B>
37 11: SEQUENCE {
<06 09>
39 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: (NIST Algorithm)
: }
: }
<30 82 01 1B>
50 283: SEQUENCE {
<06 0B>
54 11: OBJECT IDENTIFIER tSTInfo (1 2 840 113549 1 9 16 1 4)
: (S/MIME Content Types)
<A0 82 01 0A>
67 266: [0] {
<04 82 01 06>
71 262: OCTET STRING, encapsulates {
<30 82 01 02>
75 258: SEQUENCE {
<02 01>
79 1: INTEGER 1
<06 0B>
82 11: OBJECT IDENTIFIER '2 16 840 1 113733 1 7 23 3'
<30 31>
95 49: SEQUENCE {
<30 0D>
97 13: SEQUENCE {
<06 09>
99 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: (NIST Algorithm)
<05 00>
110 0: NULL
: }
<04 20>
112 32: OCTET STRING
: 8C 6D 95 5B E0 CD 8B C9 .m.[....
: DF 8C AB 57 45 C4 69 E6 ...WE.i.
: 7A B9 CE CB 14 8F 55 25 z.....U%
: 91 2E 57 37 3E 5C B8 D5
: }
<02 14>
146 20: INTEGER
: 57 0B 9C 3A 11 CA 31 8E W..:..1.
: 24 78 D3 68 0C 0F EF D9 $x.h....
: 23 8E 06 AB #...
<18 0F>
168 15: GeneralizedTime 19/04/2016 03:52:25 GMT
<30 03>
185 3: SEQUENCE {
<02 01>
187 1: INTEGER 30
: }
<02 08>
190 8: INTEGER 58 0E 59 D8 7F 39 6B 25
<A0 81 86>
200 134: [0] {
<A4 81 83>
203 131: [4] {
<30 81 80>
206 128: SEQUENCE {
<31 0B>
209 11: SET {
<30 09>
211 9: SEQUENCE {
<06 03>
213 3: OBJECT IDENTIFIER countryName (2 5 4 6)
: (X.520 DN component)
<13 02>
218 2: PrintableString 'US'
: }
: }
<31 1D>
222 29: SET {
<30 1B>
224 27: SEQUENCE {
<06 03>
226 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
: (X.520 DN component)
<13 14>
231 20: PrintableString 'Symantec Corporation'
: }
: }
<31 1F>
253 31: SET {
<30 1D>
255 29: SEQUENCE {
<06 03>
257 3: OBJECT IDENTIFIER
: organizationalUnitName (2 5 4 11)
: (X.520 DN component)
<13 16>
262 22: PrintableString 'Symantec Trust Network'
: }
: }
<31 31>
286 49: SET {
<30 2F>
288 47: SEQUENCE {
<06 03>
290 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 DN component)
<13 28>
295 40: PrintableString 'Symantec SHA256
TimeStamping Signer - G1'
: }
: }
: }
: }
: }
: }
: }
: }
: }
<31 82 02 5A>
337 602: SET {
<30 82 02 56>
341 598: SEQUENCE {
<02 01>
345 1: INTEGER 1
<30 81 8B>
348 139: SEQUENCE {
<30 77>
351 119: SEQUENCE {
<31 0B>
353 11: SET {
<30 09>
355 9: SEQUENCE {
<06 03>
357 3: OBJECT IDENTIFIER countryName (2 5 4 6)
: (X.520 DN component)
<13 02>
362 2: PrintableString 'US'
: }
: }
<31 1D>
366 29: SET {
<30 1B>
368 27: SEQUENCE {
<06 03>
370 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
: (X.520 DN component)
<13 14>
375 20: PrintableString 'Symantec Corporation'
: }
: }
<31 1F>
397 31: SET {
<30 1D>
399 29: SEQUENCE {
<06 03>
401 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
: (X.520 DN component)
<13 16>
406 22: PrintableString 'Symantec Trust Network'
: }
: }
<31 28>
430 40: SET {
<30 26>
432 38: SEQUENCE {
<06 03>
434 3: OBJECT IDENTIFIER commonName (2 5 4 3)
: (X.520 DN component)
<13 1F>
439 31: PrintableString 'Symantec SHA256 TimeStamping CA'
: }
: }
: }
<02 10>
472 16: INTEGER 54 F3 7D A1 71 67 51 BC 6A 8D 0A D2 74
B2 8B 13
: }
<30 0B>
490 11: SEQUENCE {
<06 09>
492 9: OBJECT IDENTIFIER sha-256 (2 16 840 1 101 3 4 2 1)
: (NIST Algorithm)
: }
<A0 81 A4>
503 164: [0] {
<30 1A>
506 26: SEQUENCE {
<06 09>
508 9: OBJECT IDENTIFIER contentType (1 2 840 113549 1 9 3)
: (PKCS #9)
<31 0D>
519 13: SET {
<06 0B>
521 11: OBJECT IDENTIFIER tSTInfo (1 2 840 113549 1 9 16 1 4)
: (S/MIME Content Types)
: }
: }
<30 1C>
534 28: SEQUENCE {
<06 09>
536 9: OBJECT IDENTIFIER signingTime (1 2 840 113549 1 9 5)
: (PKCS #9)
<31 0F>
547 15: SET {
<17 0D>
549 13: UTCTime 19/04/2016 03:52:25 GMT
: }
: }
<30 2F>
564 47: SEQUENCE {
<06 09>
566 9: OBJECT IDENTIFIER messageDigest (1 2 840 113549 1 9 4)
: (PKCS #9)
<31 22>
577 34: SET {
<04 20>
579 32: OCTET STRING
: 98 1B CF E1 5D 96 79 D6 ....].y.
: 47 53 3E 27 A1 0C 57 4E GS>'..WN
: 62 48 8E 43 F8 B5 17 D4 bH.C....
: 1C 8F 9A 86 ED D7 A6 B4
: }
: }
<30 37>
613 55: SEQUENCE {
<06 0B>
615 11: OBJECT IDENTIFIER
: signingCertificateV2 (1 2 840 113549 1 9 16 2 47)
: (S/MIME Authenticated Attributes)
<31 28>
628 40: SET {
<30 26>
630 38: SEQUENCE {
<30 24>
632 36: SEQUENCE {
<30 22>
634 34: SEQUENCE {
<04 20>
636 32: OCTET STRING
: 82 D5 56 DB DB 5D AD 5F ..V..]._
: A0 7B B6 07 26 A6 D8 6E .{..&..n
: 73 0B 5B B7 29 88 5B B6 s.[.).[.
: DE 4F F2 75 29 02 2C FC
: }
: }
: }
: }
: }
: }
<30 0B>
670 11: SEQUENCE {
<06 09>
672 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
: (PKCS #1)
: }
<04 82 01 00>
683 256: OCTET STRING
: 77 60 BE 64 F1 4C 04 B9 w`.d.L..
: 4D 64 39 59 DC 53 27 02 Md9Y.S'.
: 06 1F 0C C7 31 EC 5B A2 ....1.[.
: 79 FB CA A3 07 DE D3 E6 y.......
: 88 CE 84 37 4C 20 EF DF ...7L ..
: 9B BB D4 0B 6F DC 42 05 ....o.B.
: DA 8D 22 EF 24 A8 46 68 ..".$.Fh
: 79 DA CB B5 A9 CD F6 7E y......~
: D5 B8 D4 DD B4 44 5F 40 .....D_@
: 0A A2 59 C8 3B 2C 52 6F ..Y.;,Ro
: BE 88 6C D3 A4 F6 3C B1 ..l...<.
: 52 27 25 E3 E9 6F 4A 2B R'%..oJ+
: C6 C4 CD EA 73 65 6C 04 ....sel.
: 9A A4 79 4E A4 95 F4 F7 ..yN....
: 1C C6 2E E8 D3 4B 01 8F .....K..
: F2 0B 80 6C 28 67 3E 10 ...l(g>.
: D7 76 1E C5 4E BF 87 37 .v..N..7
: CB 99 51 81 74 5C 50 57 ..Q.t\PW
: 80 3F 5D 3E 84 76 12 0A .?]>.v..
: B0 A3 99 DF E5 3B A4 8F .....;..
: DE 04 50 A8 E6 D0 00 6D ..P....m
: 61 21 B1 A9 A9 D6 05 79 a!.....y
: 0A 00 FA D5 1D A6 D6 F8 ........
: 6A 22 07 E5 BC 01 C1 E0 j"......
: 10 09 BD 92 09 B5 B7 29 .......)
: 8B 6A 4D 28 C4 63 7A 4C .jM(.czL
: 8E 7A AF 87 5D BE A4 BD .z..]...
: C1 20 9A D0 82 57 03 21 . ...W.!
: F3 E2 6F F5 44 22 F9 27 ..o.D".'
: 41 9C 66 27 BB 52 39 E2 A.f'.R9.
: 4B C8 2B 82 58 AC 0E AF K.+.X...
: 8D AE A5 C7 A5 1A A3 5E
: }
: }
: }
: }
: }
: }
On 19 April 2016 at 14:29, Jakob Bohm <jb-openssl at wisemo.com> wrote:
> On 19/04/2016 05:55, Alex Samad wrote:
>>
>> Hi
>>
>> I have a SHA.sha file
>>
>> /usr/bin/openssl ts -query -data SHA.sha -sha256 | /usr/bin/curl -s -H
>> Content-Type:application/timestamp-query --data-binary @-
>> http://sha256timestamp.ws.symantec.com/sha256/timestamp > SHA.sha.tsr
>>
>> /usr/bin/openssl ts -reply -in SHA.sha.tsr -text > SHA.sha.ts.txt
>>
>>
>> cat SHA.sha.ts.txt
>> Status info:
>> Status: Granted.
>> Status description: unspecified
>> Failure info: unspecified
>>
>> TST info:
>> Version: 1
>> Policy OID: 2.16.840.1.113733.1.7.23.3
>> Hash Algorithm: sha256
>> Message data:
>> 0000 - 8c 6d 95 5b e0 cd 8b c9-df 8c ab 57 45 c4 69 e6
>> .m.[.......WE.i.
>> 0010 - 7a b9 ce cb 14 8f 55 25-91 2e 57 37 3e 5c b8 d5
>> z.....U%..W7>\..
>> Serial number: 0x570B9C3A11CA318E2478D3680C0FEFD9238E06AB
>> Time stamp: Apr 19 03:52:25 2016 GMT
>> Accuracy: 0x1E seconds, unspecified millis, unspecified micros
>> Ordering: no
>> Nonce: 0x580E59D87F396B25
>> TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust
>> Network/CN=Symantec SHA256 TimeStamping Signer - G1
>> Extensions:
>>
>>
>> But when I go to verify it
>>
>> openssl ts -verify -data SHA.sha -in SHA.sha.tsr
>> Verification: FAILED
>> 140569777235784:error:2107C080:PKCS7
>> routines:PKCS7_get0_signers:signer certificate not
>> found:pk7_smime.c:476:
>>
>> is this because I didn't provide a cert to sign it with ?
>
> No, it is because it cannot find the certificate that Symantec
> used to sign the response, specifically the certificate with
> Subject name "/C=US/O=Symantec Corporation/OU=Symantec Trust
> Network/CN=Symantec SHA256 TimeStamping Signer - G1".
>
> I am kind of disappointed in how little detail is included in
> the output from ts -reply -text, I expected it to output all
> the fields, similar to what other openssl commands do when
> passed the -text option.
>
> So I guess the next step would be to dump SHA.sha.tsr using
> Peter Gutmann's dumpasn1.c program, something like
>
> openssl base64 -d -in SHA.sha.tsr -out SHA.sha.tsr.bin
> dumpasn1 -v SHA.sha.tsr.bin
>
>
> Enjoy
>
> Jakob
> --
> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
> Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
> This public discussion message is non-binding and may contain errors.
> WiseMo - Remote Service Management for PCs, Phones and Embedded
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list