[openssl-users] gpgsm/openssl cms detached signatures verification fails

Jakob Bohm jb-openssl at wisemo.com
Mon May 15 21:25:05 UTC 2017

On 15/05/2017 17:54, Andreas Fenkart wrote:
> Hi list,
> I'm experimenting with openssl/gnupg interoperability. It seems the
> least common multiple is cms. I didn't find a way to produce output
> with opengpg to work with 'openssl dgst' directly. Am I wrong, is
> there a simpler way?
> ...
> The :messageDigest hash codes are the same for detached/non-detached
> but the :rsaEncryption differ (salt, timestamp?) The messageDigest
> does not match the output from sha256sum
> Repeating the some for the gpgsm genarated signatures, I can see that
> the messageDigest matches directly the output of sha256sum.
> So openssl cms/gpgsm compute the sha256sum differently in the detached case.
> Is there a hidden flag to make either tool behave like the other?
Look at the documentation of the openssl cms "-inform SMIME",
"-outform SMIME" and "-binary" options.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list