Harald Koch <root@xxxxxxxxxxx> wrote:
> my task is to sign a message in C for SMIME exchange, which works as
> expected and openSSL is self-fulfilling with itself in successful
> verification (and unsuccessful in produced errors as expected). I've
> tested PKCS7 SMIME functions, as well as CMS ones, leading to the same
> result: the reference software endpoints (both written in Java; at
> least one uses BuncyCastle) are unable to verify the signature. See
> below the BASE64 blocks of a successful reference signature, and an
> unsuccessful openSSL variant of the same message, both signed with the
> same certificate and private key. The error message extracted from the
> Java implementations are:
I have exchanged CMS signed artifacts with Java implementations.
I have CC'ed the author of the Java code to understand if they use
BouncyCastle or are using an OpenSSL wrapper in Java code.
> - "Unable to verify content integrity: Missing data"
> - "The system is unable to find out the sign algorithm of the inbound message"
> I digged a bit deeper into the ASN1 data („cat signature.base64 | base64 -d | openssl asn1parse -inform DER" ), leading to my assumption that the algorithm provided for signature contained differs:
> - openSSL indicates „rsaEncryption"
> - Java indicates „sha512WithRSAEncryption"
The first error you got seems inconsistent with this problem.
Is is possible that one of you are sending CMS structures with out-of-band content?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr@xxxxxxxxxxxx http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature
