[openssl-users] cms sign/verify

kwhb k.bielke at web.de
Tue Jun 30 07:56:20 UTC 2015

I am using OpenSSL version 1.0.1f and got problems while signing and
verifying a file using these commands:

$ openssl cms -sign   -inkey Mozart.pem -signer Mozart.crt -binary -in
"$DOCUMENT"          -out "$DOCUMENT.p7m"
$ openssl cms -verify -CAfile CAcert.pem                               
-binary -in "$DOCUMENT.p7m" -out "$DOCUMENT.out"
$ cmp "$DOCUMENT" "$DOCUMENT.out"

If I omit the -binary option from both calls to openssl cms then the
verified document differs from the original document because of translations
LF to CR/LF.

If I include the -binary option the first call to openssl works fine but the
second call throws errors:
Verification failure
routines:CMS_SignerInfo_verify_content:verification failure:cms_sd.c:887:
3073672892:error:2E09D06D:CMS routines:CMS_verify:content verify

How do I use openssl cms -sign/verify correctly?

View this message in context: http://openssl.6102.n7.nabble.com/cms-sign-verify-tp58943.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list