[Cryptography] cms with multiple signatures
Dmitry Belyavsky
beldmit at gmail.com
Wed Jan 27 12:54:30 EST 2016
Dear Davy,
On Wed, Jan 27, 2016 at 9:24 AM, Davy Durham <ddurham at davyandbeth.com>
wrote:
> Question..
> Hopefully, this won't be terribly off topic, and maybe those playing
> with the standards have run into the same problem in the past... I have
> searched high and low for some open source tool (running on linux here)
> that can generate cms/smime/pkcs7 messages with multiple signatures, but
> without much success.
>
> 1) *OpenSSL*'s smime/cms documentation says it supports it, but the same
> page says it's not allowed (just search for "multiple" in the docs for
> either of the cms or smime commands). I have managed to get it to sign a
> file and the signature contains multiple certs (either by using -resign or
> -sign with two -signer args), but when I dump the signature data it seems
> to be missing some parts of either chain. Maybe that's fine, but openssl
> fails to validate the signed content with either cert used to sign it (It
> gives a 'self signed certificate' error (and the two certs I'm
> experimenting with are) even though I can sign and verify with either of
> the two certs when not trying to sign with both at the same time.. but I've
> seen other errors too when using a chain instead of a self-signed).
>
man cms:
-resign
resign a message: take an existing message and one or more new
signers.
smime has the same option.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160127/98022fa6/attachment.html>
More information about the cryptography
mailing list