[openssl-users] PKCS7 and RSA_verify

lists lists at rustichelli.net
Wed Oct 4 08:28:57 UTC 2017

On 10/01/2017 01:27 AM, Sam Roberts wrote:
> On Thu, Sep 28, 2017 at 2:28 AM, ch <ch at coderhacks.com> wrote:
>> Hi!
>> I thought the difference between PEM and DER is NOT ONLY a different
>> encoding of the string?
>> base64 vs. binary
>> So to understand that clear please let me ask:
>> If I convert a PEM-signature from base64 to binary then it is DER?
> Yes. Well, technically it could be BER as well, but the main point is
> PEM is just a wrapper to transport binary via email safe text, and you
> can unwrap it if you want. PEM also includes a header, so you know if
> the object is a cert, a key, an encrypted message, etc, meta-data
> which is not known if you just have the binary chunk.

Indeed, PEM for S/MIME looks like

-----BEGIN PKCS7-----
<base64 of DER SMIME>
-----END PKCS7-----

so you must add the header ("-----BEGIN PKCS7-----") and the trailer

>> Thanks
>> Chris
>> On 2017-09-28 11:23, Wouter Verhelst wrote:
>>> On 28-09-17 01:19, ch wrote> If the pkcs-signature is binary encoded it
>>> is not working for verifiying
>>>> a SMIME-message in my experience with
>>>> smime or cms-smime on the console. I tried to convert the binary ones to
>>>> base64 but that does not everytime the trick.
>>> What you call "base64" is commonly known as "PEM" :-)
>>> You can get it to parse binary, but to do so you need to specify
>>> "-inform der".
>> --
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list