On 10/10/2018 13:55, RudyAC wrote:
Hello, when verifying a signed email with CMS_verify() the verification failed. That is not the main problem. My problem is that the out data is empty. Using the library I got following error: OpenSSL Error code all: <772382878d> OpenSSL Error code lib: <46d> OpenSSL Error code func: <154d> OpenSSL Error code reason: <158d> OpenSSL Error: error:2E09A09E:CMS routines:CMS_SignerInfo_verify_content:verification failure The mail body is base64 encoded. When verifying the email on console with "openssl cms -verify" there is no message output, only the error message : Verification failure 47883249174256:error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:278: 47883249174256:error:2E09809E:CMS routines:CMS_SignerInfo_verify:verification failure:cms_sd.c:775: Any hints are welcome
The general assumption in OpenSSL is that if the signature is invalid, the contents is probably fake,false or invalid, and thus unwanted. This is generally true in cryptography, but for actual e-mail applications it may very well be desired to allow the user to ignore signature verification failures. If so, one could combine allowing the mail software to access the MIME message normally (as if the signature was some unknown MIME part) with a meaningful (human readable) form of the actual error message from verification (there is more than one way the verification can fail, and the desired human response would often differ). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
