Hi
I am trying to use a rfc3161 timestamp service to record timestamps.
Basically I have a sha of some files and I would like to sign the file.
basically I am using something like this
# Generate Query and send
$OPENSSL ts -query -data "$FL" -sha256 | $CURL -s -H
"Content-Type:application/timestamp-query" --data-binary "@-" $TSA >
"${FL}.tsr"
$OPENSSL ts -reply -in "${FL}.tsr" -text > "${FL}.ts.txt"
where FL = is file.
What I want to be able to do is verify the .tsr file
testing that with
openssl ts -verify -data SHA.sha -in SHA.sha.tsr
where SHA.sha is the original FL
but I get
Verification: FAILED
140221656393544:error:2107C080:PKCS7
routines:PKCS7_get0_signers:signer certificate not
found:pk7_smime.c:476:
from the text output
cat *.txt
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified
TST info:
Version: 1
Policy OID: 2.16.840.1.113733.1.7.23.3
Hash Algorithm: sha256
Message data:
0000 - 8c 6d 95 5b e0 cd 8b c9-df 8c ab 57 45 c4 69 e6 .m.[.......WE.i.
0010 - 7a b9 ce cb 14 8f 55 25-91 2e 57 37 3e 5c b8 d5 z.....U%..W7>\..
Serial number: 0xBEAF663E1CD2F0D029C1A641AD2F9137A5F097C9
Time stamp: Apr 8 04:58:08 2016 GMT
Accuracy: 0x1E seconds, unspecified millis, unspecified micros
Ordering: no
Nonce: 0x8E67A9941BCB2570
TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust
Network/CN=Symantec SHA256 TimeStamping Signer - G1
Extensions:
I am guessing my problem is the above certificate is not in the ssl
path. and currently I am unable to find it on the symantec site.
Am I doing the right think ?
I have also looked at global sign and similar issue, find the cert
what am i missing
A
