Okay thats good. so I am on the right track thanks On 19 April 2016 at 14:29, Jakob Bohm <jb-openssl at wisemo.com> wrote: > On 19/04/2016 05:55, Alex Samad wrote: >> >> Hi >> >> I have a SHA.sha file >> >> /usr/bin/openssl ts -query -data SHA.sha -sha256 | /usr/bin/curl -s -H >> Content-Type:application/timestamp-query --data-binary @- >> http://sha256timestamp.ws.symantec.com/sha256/timestamp > SHA.sha.tsr >> >> /usr/bin/openssl ts -reply -in SHA.sha.tsr -text > SHA.sha.ts.txt >> >> >> cat SHA.sha.ts.txt >> Status info: >> Status: Granted. >> Status description: unspecified >> Failure info: unspecified >> >> TST info: >> Version: 1 >> Policy OID: 2.16.840.1.113733.1.7.23.3 >> Hash Algorithm: sha256 >> Message data: >> 0000 - 8c 6d 95 5b e0 cd 8b c9-df 8c ab 57 45 c4 69 e6 >> .m.[.......WE.i. >> 0010 - 7a b9 ce cb 14 8f 55 25-91 2e 57 37 3e 5c b8 d5 >> z.....U%..W7>\.. >> Serial number: 0x570B9C3A11CA318E2478D3680C0FEFD9238E06AB >> Time stamp: Apr 19 03:52:25 2016 GMT >> Accuracy: 0x1E seconds, unspecified millis, unspecified micros >> Ordering: no >> Nonce: 0x580E59D87F396B25 >> TSA: DirName:/C=US/O=Symantec Corporation/OU=Symantec Trust >> Network/CN=Symantec SHA256 TimeStamping Signer - G1 >> Extensions: >> >> >> But when I go to verify it >> >> openssl ts -verify -data SHA.sha -in SHA.sha.tsr >> Verification: FAILED >> 140569777235784:error:2107C080:PKCS7 >> routines:PKCS7_get0_signers:signer certificate not >> found:pk7_smime.c:476: >> >> is this because I didn't provide a cert to sign it with ? > > No, it is because it cannot find the certificate that Symantec > used to sign the response, specifically the certificate with > Subject name "/C=US/O=Symantec Corporation/OU=Symantec Trust > Network/CN=Symantec SHA256 TimeStamping Signer - G1". > > I am kind of disappointed in how little detail is included in > the output from ts -reply -text, I expected it to output all > the fields, similar to what other openssl commands do when > passed the -text option. > > So I guess the next step would be to dump SHA.sha.tsr using > Peter Gutmann's dumpasn1.c program, something like > > openssl base64 -d -in SHA.sha.tsr -out SHA.sha.tsr.bin > dumpasn1 -v SHA.sha.tsr.bin > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
