[openssl-users] Verify signature without certificate included in it

Dr. Stephen Henson steve at openssl.org
Sat Apr 23 03:33:09 UTC 2016

On Fri, Apr 22, 2016, c.holper at ades.at wrote:

> hi!
> I am using openssl-smime for signing outgoing messages and verifying
> incoming.
> My question is about verifying.
> If the partner signs a message where the certificate is included in
> the signature all is OK.
> If he signes only with issuer and serial included in the signature i
> get an error ("signer certificate not found").
> If I parse the signature with openssl-asn1parse I can see the
> content of the signature. So I see whats included.
> Do not know how to describe it in a better way. Is there a name for
> signatures with/without certificate-information?
> How can I get the signature get verifyed if there is no certificate
> included in it?

The certificate contains the public key used to verify the signature.
If the certificate isn't included in the message itself it can be supplied
separately either with the API or the command line.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list