[Cryptography] cms with multiple signatures
Davy Durham
ddurham at davyandbeth.com
Thu Jan 28 10:21:28 EST 2016
Update: So I had an assumption which was wrong when I was testing
OpenSSL. I can get openssl to add multiple signatures (however it
strangely includes the whole chain (with 3 elements in chain) for one
sig but leaves out the root in the second one ???), I was assuming that
when I did the verify that it should verify if any of the signatures
were valid, but it apparently checks that they are /all/ valid. That
is, when I verified I was only giving it the root of one of the
signatures and not both. When I gave it both root certs in the -CAfile
argument it passed.
So that raises the question: Is that correct? I checked RFC 5752
(around section 4.6 and following) but it wasn't clear to me exactly how
it should work. And it sounded like there might be a variety of
possibilities many of which openssl cms doesn't do. And in another
place it sound like it might ought to be application specific.
I was hoping that it was possible to sign in such a way that any of the
signatures being valid was considered successful (not nesting signatures
here, but signing independently, in parallel). If that's what I need
then I'm guessing I need to do multiple detached signatures and just
verify them as I need.
Thanks for the info.
As for -resign: Running "openssl cms -sign" once given two -signer and
-inkey args, and running "openssl cms -sign" followed by "openssl cms
-resign" both produce files which verify (only when given both roots),
they produce slightly different output. The only difference I can spot
in the asn1 (other than some reordering) is that the former has a single
signing time field. I guess that makes sense.
On 01/27/2016 11:54 AM, Dmitry Belyavsky wrote:
> Dear Davy,
>
> On Wed, Jan 27, 2016 at 9:24 AM, Davy Durham <ddurham at davyandbeth.com
> <mailto:ddurham at davyandbeth.com>> wrote:
>
> Question..
> Hopefully, this won't be terribly off topic, and maybe those
> playing with the standards have run into the same problem in the
> past... I have searched high and low for some open source tool
> (running on linux here) that can generate cms/smime/pkcs7 messages
> with multiple signatures, but without much success.
>
> 1) *OpenSSL*'s smime/cms documentation says it supports it, but
> the same page says it's not allowed (just search for "multiple" in
> the docs for either of the cms or smime commands). I have managed
> to get it to sign a file and the signature contains multiple certs
> (either by using -resign or -sign with two -signer args), but when
> I dump the signature data it seems to be missing some parts of
> either chain. Maybe that's fine, but openssl fails to validate
> the signed content with either cert used to sign it (It gives a
> 'self signed certificate' error (and the two certs I'm
> experimenting with are) even though I can sign and verify with
> either of the two certs when not trying to sign with both at the
> same time.. but I've seen other errors too when using a chain
> instead of a self-signed).
>
>
> man cms:
> -resign
> resign a message: take an existing message and one or more new
> signers.
>
> smime has the same option.
>
> --
> SY, Dmitry Belyavsky
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160128/d4f6ee36/attachment.html>
More information about the cryptography
mailing list