Hello, Look here: https://cutt.us/CAdES There you have overview of CAdES variants. If I have binary data stored in a file named "binar", a private key in a file named "key", my certificate in a file named "cer", a file containing complete certificates and revocation links named "CerRevLink", and a file containing complete certificates and revocation data instead of just links named "CerRev", how can I create a CAdES signature of the "binar" file to generate a "CAdES-X Long" signature? I try this: openssl cms -sign -binary -nodetach -cades -in binar -out PLAIN.txt -inkey key -signer cer Enter pass phrase for key: openssl cms -verify -binary -cades -in PLAIN.txt -CAfile CerRev -out Binar CAdES Verification successful sha512sum binar = sha512sum Binar What exactly of this (CAdES-BES CAdES-EPES CAdES-T CAdES-C CAdES-X Long CAdES-X type1 CAdES-X type2 CAdES-A CAdES-LT CAdES-L CAdES-B CAdES-XL) is in file PLAIN.txt ? I think, there is CAdES-BES in file PLAIN.txt. I am right? If so, how to create CAdES-X Long ? While we are at it, could you please also write me what commands I need to create each type of signature from the following list? CAdES-EPES CAdES-T CAdES-C CAdES-X Long CAdES-X type1 CAdES-X type2 CAdES-A CAdES-LT CAdES-L CAdES-B CAdES-XL a great place for anyone from a beginner to uberhacker. Join the Happy Hacker Unix Mailing List. Thank you. Could I do it using three separate commands? First CAdES-T openssl cms -cades -sign -in binar -signer cer -inkey key -out Tsignature.txt -nodetach -binary -md sha256 -outform DER -tsa <tsa_url> -cades because we need to sign attributes ? -nodetach because we pipe the output to second command? -binary because of no problem with ^M as EOL. -md sha256 just possibility -outform DER because of binary data output -tsa <tsa_url> for getting timestamp Second CAdES-C openssl cms -cades -sign -in Tsignature.txt -signer cer -inkey key -out Csignature.txt -nodetach -binary -md sha256 -outform DER -certfile CerRevLink -noattr -crl_url "http://example.com/revocation-list.crl"; -ocsp_url "http://ocsp.example.com"; -cades use this or not ? -in Tsignature.txt Tsignature.txt is the output of above command -signer cer or -signer CerRevLink only key is necessary to sign so what file to put here after -signer -nodetach because we pipe the output to third command? -certfile CerRevLink this contains Issuer certificate, Root certificate and Revocation-URL: http://example.com/revocation-list.crl Revocation-URL: http://ocsp.example.com Is this the same (-cades -noattr)=(without -cades and without -noattr) -crl_url "http://example.com/revocation-list.crl"; -ocsp_url "http://ocsp.example.com"; as an alternative if this is not in CerRevLink Third CAdES-X Long openssl cms -cades -sign -in Csignature.txt -signer cer -inkey key -out XLongsignature.txt -binary -md sha256 -outform PEM -certfile CerRev -noattr -cades use this or not ? -signer cer or -signer CerRev ? -nodetach is missing we want detached signature -outform PEM or MIME ? -certfile CerRev file CerRev contains Issuer certificate, Root certificate and -----BEGIN X509 CRL----- base64 -----END X509 CRL----- -noattr see the question in second command above I have not experimented with this yet. Please tell me your opinion.
