openssl verify question
Jakob Bohm
jb-openssl at wisemo.com
Thu Jun 17 14:15:39 UTC 2021
On 2021-06-17 15:49, Viktor Dukhovni wrote:
> On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
>
>> When I compare those, they are exactly the same. But that's the thing, I
>> think server.sig.decrypted should be prepended with a sha256 designator
>> 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is
>> missing. I do see this designator with working certificates. I suspect
>> this is the problem.
>>
>> Is that designator mandatory and likely the cause of my issue ?
> Yes, PKCS#1 signatures must have an algorithm OID prefix.
>
Please beware that a few years ago, I found that a particular Symantec
server signedlong term messages (timestamping countersignatures)
without that prefix, using animplied algorithm of SHA-1.
It may thus be necessary for CMS implementations to accept such
signatures for that special case until they naturally expire,
and maybe a few years past that.
Defining a sufficiently narrow exception is left as an exercise
for implementors.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list