views:

13

answers:

0

I receive encrypted and signed smime message. Decrypting is ok, data seems to be correct.

openssl.exe smime -decrypt -in %1 -out %1_signed.txt -inkey myPrivate.pem

But on verifying signature stage I get error.

openssl.exe smime -verify -CAfile senderCACert.pem -certfile senderCert.pem -in %1 -out %1_plain

Verification failure
7600:error:21071065:PKCS7 routines:PKCS7_signatureVerify:digest failure:./crypto/pkcs7/pk7_doit.c:9
48:
7600:error:21075069:PKCS7 routines:PKCS7_verify:signature failure:./crypto/pkcs7/pk7_smime.c:312:

Sender both certificates (CA cert and client cert) should be ok.

I think that openssl can produce specific symbols during decrypting like new-line character or something else that doesn't exist in source message. Or it could process non-standard algorythm (at least as far as I know openssl has non-standard storage format of private keys)

I use openssl 0.9.8h. And smime message on other side is formed by "webMethods EDI version 6.5" software (it is AS2 server for processing EDI messages).

What is the reason of this error?

Could you advise another smime tool to try?