SMIME signed message verification

Harald Koch root at c-works.net
Thu Oct 29 13:50:31 UTC 2020


Dear Michael,

> Am 29.10.2020 um 14:12 schrieb Michael Richardson <mcr at sandelman.ca>
>> - "Unable to verify content integrity: Missing data"
>> - "The system is unable to find out the sign algorithm of the inbound message"
> 
>> I digged a bit deeper into the ASN1 data („cat signature.base64 | base64 -d | openssl asn1parse -inform DER" ), leading to my assumption that the algorithm provided for signature contained differs:
>> - openSSL indicates „rsaEncryption"
>> - Java indicates „sha512WithRSAEncryption"
> 
> The first error you got seems inconsistent with this problem.
> Is is possible that one of you are sending CMS structures with out-of-band content?
Yes, the signed message is contained in a HTTP(S) multipart request with more payload and header information, sure. The only different part is the signed content, all other content has been manually checked, they are exactly the same. May it be possible that the CMS data which openSSL generates is much bigger due to unneeded certificate information, which makes the Java process stumble over the input? 

Regards,
Harald


More information about the openssl-users mailing list