PKCS7_verify fails to return me original signed binary

Asked Jun 08 '15 at 15:08

Active Jun 15 '15 at 12:03

Viewed 108 times

I have an application signed twice using openssl smime. like shown below in a script:

SRC_FILE="my-app"

echo "signature XYZ..."

openssl smime -sign \
  -in ${SRC_FILE} -binary \
  -out ${SRC_FILE}.sig1 -nodetach \
  -signer ${SIGN_CERT} -inkey ${SIGN_KEY}

echo "NB signature..."

openssl smime -sign \
  -in ${SRC_FILE}.sig1 -binary \
  -out ${SRC_FILE}.sig2 -nodetach \
  -signer ${NB_SIGN_CERT} -inkey ${NB_SIGN_KEY}

I am trying to verify the signed application using :

openssl smime -verify -in ${SRC_FILE}.sig2 -CAfile ./Root_CA.crt -out ${SRC_FILE}.out

As an output of verify I am getting equivalent to ${SRC_FILE}.sig1 but my intention is to get original my-app.

If I am running verify command twice then eventually I am able to receive my-app.

I wanted to ask is there any flag which internally call recursively to produce original signed file.

edited Jun 15 '15 at 12:03

asked Jun 08 '15 at 15:08

Anand

What version of OpenSSL? There was a bug fix for the command line tools recently (within the last years or so), IIRC. See [Bug 3218: Typo in .../demos/cms_dec.c](https://rt.openssl.org/Ticket/Display.html?id=3218&user=guest&pass=guest) – jww Jun 15 '15 at 13:17
@jww I am using __openssl-1.0.2a__ version. – Anand Jun 16 '15 at 03:25

PKCS7_verify fails to return me original signed binary

0 Answers0