On 01/03/2012 03:34 PM, Alejandro Exojo wrote: > Hi. > > First of all, sorry if this is not the right list for this question, but I'm > a > little bit desperate with this, and I don't know a better place for now... > > I'm using crypto.signText() to sign the contents of a textarea, and send that > to the server. There I have to use the signature to build an S/MIME message > with the original message and the signature (I'm using S/MIME because is the > only way I've found to verify the signature). > > My problem is that I'm only successful validating very simple messages, > without linebreaks. Each time I introduce a new line, the signature fails. I > don't know what I could be doing wrong, and I think that the problem is in > the > whitespace or the line break handling, but I can't find any other example on > the web about how to do this. > > I desperately need advice about how to properly handle the data that FireFox > generates, so any pointers about how to format the original message and the > S/MIME one for openssl to verify (or any other way to verify on the server > the > signature that signText() generates), are more than welcome. > > > I'm doing the following for creating the S/MIME message: > > fwrite($f, "Content-Type: multipart/signed;\r\n" . > " protocol=\"application/x-pkcs7-signature\";\r\n" . > " micalg=\"sha1\"; " . "boundary=\"Signed Boundary\"\r\n" . > "\r\n" . > "--Signed Boundary\r\n" . > "Content-type: text/plain; charset=\"us-ascii\"\r\n" . > "\r\n" . > $data . "\r\n" . > "--Signed Boundary\r\n" . > "Content-Type: application/x-pkcs7-signature; > name=\"smime.p7s\"\r\n" . > "Content-Transfer-Encoding: base64\r\n" . > "Content-Disposition: attachment; filename=\"smime.p7s\"\r\n" . > "Content-Description: S/MIME Cryptographic Signature\r\n" . > "\r\n" . > $signature . "\r\n" . > "\r\n" . > "--Signed Boundary--"); > fclose($f); > > > And then I'm doing the following for checking the signature: > > $ openssl smime -verify -in /tmp/message.smime -CAfile keys/demoCA/cacert.pem > \ > -content /tmp/message.txt > > Thanks a lot in advance. 2 questions:
1) what happens if you use the NSS smime verifier rather than the openssl one. 2) what happens if you drop the \r's from your message. bob >
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
