[openssl-users] PKCS7 and RSA_verify

ch ch at coderhacks.com
Wed Sep 27 22:02:17 UTC 2017


I am working on a tool for verifying SMIME-messages.
Because cms and smime is only able to verify base64 pkcs7-signatures I 
try to do it "manually" and I now have a problem with the signing-timestamp.

Lets do an example:

openssl smime -sign -md sha1  -in plain.txt  -inkey mykey -signer 
mycert  -noattr  -outform der | openssl asn1parse -inform der

If I put plain.txt and the 128 byte signature (from asn1parse out of the 
pkcs7) into RSA_verify it works perfectly.
Every call would produce the same signature-hexdump.

But if I remove the -noattr the signature-value will be different every 
second and then RSA_verify it not working anymore.

How can I handle this?



More information about the openssl-users mailing list