openssl cms verification date

François Legal devel at thom.fr.eu.org
Thu Feb 8 10:37:47 UTC 2024


Hello,

I'm new to this list.

I'm using pkcs7 packages to embbed firmware, to procide authenticity verification before doing firmware upgrades.

I use the openssl cms command for verification purpose, but face the following problem :
when doing verify, openssl cms -verify does check whether the signing certificate is valid today, not whether or not it was still valid when the package got signed.

I saw the -attime option to specify the verification date, but found no easy way to fetch the signature date from the package for each signature.

So I was wondering if it was the intended function that the certificate validity verification was made at the verification date and not the signature date.

Thanks

François



More information about the openssl-users mailing list