Data verification with openssl smime fails

Question

I am using openssl smime to sign and verify data.

To sign text file using openssl I sue the following command:

openssl smime -sign -in sample.txt -out mail.msg -signer cert.pem -inkey key.pem

Then I proceed to verification:

openssl smime -verify -in mail.msg -CAfile allCA.pem

The verification succeed.

My problem is that I have an external tool that performs the verification using the following command:

openssl smime -verify -in mail.msg -inform DER -CAfile allCA.pem

How to sign my txt file so it can be verified with the previous command ?

What I've tried so far:

openssl smime -sign -in sample.txt -out mail.msg -outform DER -signer cert.pem -inkey key.pem

But I get an error when trying to verify my mail:

Verification failure
140204331579208:error:2107507A:PKCS7 routines:PKCS7_verify:no content:pk7_smime.c:291:

Marek Klein Marek Klein · Accepted Answer · 2017-01-22T21:48:53

The way you call sign operation creates detached signature so you would need to pass -content sample.txt to verify command. However, it is possible to create structure that encapsulates message together with signature (-nodetach parameter).

This is the sign command you are looking for:

openssl smime -sign -in data.dat -out mail.msg -signer cert.pem -inkey key.pem -outform DER -nodetach

Data verification with openssl smime fails

1 Answers